|Subject:||SynaMan FINRA Compliance|
|Creation date:||3/14/22 12:59 PM|
|Last modified on:||3/31/22 4:16 PM|
In response to growing concerns over cybersecurity, and in an effort to better assist regulatory committes, FINRA (Financial Industry Regulatory Authority) has created a set of rules and regulations for financial institutions to follow.
FINRA plays a critical role in ensuring the integrity of the U.S. financial system. It is supervised by the S.E.C. (Securities Exchange Commission) and is designed to write and enforce rules governing the ethical activities of all broker-dealer firms and registered brokers in the United States. Its goal is t protect the public against fraud and bad practices.
SynaMan is private-cloud remote file manager that helps businesses manage and share documents securely. The goal of SynaMan is to give users an easy way to manage documents and data, as well as share or request documents and data from non-users in a seemless manner. SynaMan can easily fit into any organization that needs to conform to government security requirements, including FINRA, HIPPA, NIST, and others. When it comes to FINRA requirements, SynaMan can be easily configured to accommodate any regulator requirements set by any regulatory authority.
|If electronic storage media is used by a member, broker, or dealer, it will comply with the following requirements:|
|(f) The records required to be maintained and preserved pursuant to §§240.17a-3 and 240.17a-4 may be immediately produced or reproduced on “micrographic media” (as defined in this section) or by means of “electronic storage media” (as defined in this section) that meet the conditions set forth in this paragraph and be maintained and preserved for the required time in that form.||SynaMan can store documents for access for as long as necessary, even beyond 2 years.|
|(i) The member, broker, or dealer must notify its examining authority designated pursuant to section 17(d) of the Act (15 U.S.C. 78q(d)) prior to employing electronic storage media. If employing any electronic storage media other than optical disk technology (including CD-ROM), the member, broker, or dealer must notify its designated examining authority at least 90 days prior to employing such storage media. In either case, the member, broker, or dealer must provide its own representation or one from the storage medium vendor or other third party with appropriate expertise that the selected storage media meets the conditions set forth in this paragraph (f)(2).||N/A|
|(ii) The electronic storage media must:|
|A) Preserve the records exclusively in a nonrewriteable, non-erasable format;||Only SynaMan users with authorized access can read, write, or delete files. SynaMan also has the ability to prevent write access.|
|(B) Verify automatically the quality and accuracy of the storage media recording process||SynaMan can integrate with 3rd-Party antivirus software utilizing ICAP capabilities.|
|(C) Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; and||SynaMan has complete audit trailing functionality for tracking any changes made to files.|
|(D) Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.||SynaMan has the capacity to immediately download any files stored on any designated media. Administrators can also grant regulatory organizations special user privileges that allow them to access any and all files.|
|(3) If a member, broker, or dealer uses micrographic media or electronic storage media, it shall:|
|(i) At all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images. (ii) Be ready at all times to provide, and immediately provide, any facsimile enlargement which the staffs of the Commission, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer may request.||SynaMan's web portal allows for data to be immediately available to any regulatory organizations or commissions. Administrators of the machin where SynaMan is installed will also have immediate access to the data stored on the SynaMan machine for audit access.|
|(ii) Be ready at all times to provide, and immediately provide, any facsimile enlargement which the staffs of the Commission, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer may request.|
|(iii) Store separately from the original, a duplicate copy of the record stored on any medium acceptable under §240.17a-4 for the time required.||System administrators can backup or duplicate all data in any manner they see fit.|
|(iv) Organize and index accurately all information maintained on both original and any duplicate storage media.||System administrators can organize SynaMan's virtual folders in any manner they see fit.|
|(A) At all times, a member, broker, or dealer must be able to have such indexes available for examination by the staffs of the Commission and the selfregulatory organizations of which the broker or dealer is a member.||SynaMan administrators, as well as certain users, can provide immediate access to any commission or organization. These organizations can also be given special logins to view the data themselves.|
|(B) Each index must be duplicated and the duplicate copies must be stored separately from the original copy of each index.||SynaMan's system administrators can backup and preserve data in any manner they choose, and store it for an unlimited time.|
|(C) Original and duplicate indexes must be preserved for the time required for the indexed records.|
|(v) The member, broker, or dealer must have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved pursuant to §§240.17a-3 and 240.17a-4 to electronic storage media and inputting of any changes made to every original and duplicate record maintained and preserved thereby.||SynaMan's audit logging funtionality captures any and all changes made to data as well as access to data.|
|(A) At all times, a member, broker, or dealer must be able to have the results of such audit system available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.||SynaMan allows administrators to provide immediate access to audit logs for any entity.|
|(B) The audit results must be preserved for the time required for the audited records.||All actions are logged with an audit trail including timestamps.|
|(vi) The member, broker, or dealer must maintain, keep current, and provide promptly upon request by the staffs of the Commission or the self-regulatory organizations of which the member, broker, or broker-dealer is a member all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes.||N/A|
|Electronic storage media, including any digital storage medium or system that meets the terms of this section. (2) General requirements. The investment company, or person that maintains and preserves records on its behalf, must:|
|(i) Arrange and index the records in a way that permits easy location, access, and retrieval of any particular record;||SynaMan stores files directly to the storage media in an easy-to-access manner.|
|(ii) Provide promptly (but in no case more than one business day after the request) any of the following that the Commission (by its examiners or other representatives) or the directors of the company may request:||SynaMan provides instantaneous access to data that a user has access to. Admins and other privileged users can provide immediate access to data via the Public Link feature. Administrators can promptly create user accounts with desired access privileges to any entity or commission that requires data access. SynaMan also has the ability to view or download data directly through its web-interface.|
|(A) A legible, true, and complete copy of the record (or the information necessary to generate the record) in the medium and format in which it is stored;|
|(B) A legible, true, and complete printout of the record; and|
|(C) Means to access, search, view, sort, and print the records; and|
|(iii) Separately store, for the time required for preservation of the original record, a duplicate copy of the record stored on the micrographic or electronic storage media or any medium allowed by this rule.||System Administrators can backup SynaMan and it's data entirely however they see fit and to accommodate any security policy.|
|(3) If a member, broker, or dealer uses micrographic media or electronic storage media, it shall:|
|(i) To maintain and preserve the records, so as to reasonably safeguard them from loss, alteration, or destruction;||SynaMan can integrate with 3rd-party AntiVirus software using ICAP capabilities. SynaMan can be easily backed up to accommodate any disaster recovery plans.|
|(ii) To limit access to the records to properly authorized personnel, the directors of the investment company, and the Commission (including its examiners and other representatives);||SynaMan uses privileged access to user accounts to control who has access to data. The access controls are vast and all-encompassing which allows administrators to fine-tune exactly which data user accounts have access to. Authorized users are required to log in with a username and password, which can be controlled by active directory. In addition to this, SynaMan has the ability to incorporate 2-Factor-Authentication into its login requirements as well as require strong passwords.|
|(iii) To reasonably ensure that any reproduction of a non-electronic original record on electronic storage media is complete, true, and legible when retrieved.||SynaMan has the ability to allow users to view data directly from the browser using the SynaMan data preview feature. System administrators can implement any backup and disaster recovery plans with SynaMan to allow for continuity of data should a disaster occur.|
Below you will find a link to additional referendum's set by FINRA and the S.E.C. that pertain to electronic recordkeeping. SynaMan itself does not need to be configured in a further manner, however, these additional referendum's will dictate how your system administrators should configure the machine that SynaMan is installed on when it comes to data management.
In this article we covered many of the FINRA compliance requirements that financial institutions and brokers must follow when it comes to electronic data. Although many of these can be adhered to outside of SynaMan, you can still configure SynaMan with a variety of features that help you stay within the guidelines. If you have any questions or concerns regarding the use of SynaMan in a FINRA Compliant organization, please reach out to us.
Do you have a helpful tip related to this document that you'd like to share with other users?