AdvisorVault Helps Small FINRA Firms Make the Cloud 17a-4 Compliant

AdvisorVault, the only D3P created specifically for small FINRA firms includes all the features to make the cloud 17a-4 compliant. By Allan Lonz, President of AdvisorVault.

AdvisorVault Helps Small FINRA Firms Make the Cloud 17a-4 Compliant
New York, NY, January 26, 2021 --( AdvisorVault, the only D3P created specifically for small FINRA firms includes all the features to make the cloud 17a-4 compliant.

“Since FINRA now allows members to use the cloud, small firms are rushing to take advantage of this,” said Allan Lonz, president of AdvisorVault. “And it makes sense, because if everything is moved to the cloud, there’s no more in-house technology to worry about: no more servers, USB drives, software licensing or IT support. Further, disaster recovery becomes a moot point since that’s now offloaded to the cloud,” Lonz added.

However, cloud providers will not act as the FINRA D3P because they can’t guarantee data stored there is retained for 7 yrs. as per rule 17a-4. In fact, any user can delete anything, anytime from the cloud – a big no-no if you are worried about data compliance, especially during the electronic records request; the test a regulator does during the audit to see if a firm can reproduce a sample set of data. “We constantly add features to our remote archiving software to ensure firms remain compliant when they decide to move to the cloud,” Lonz said.

AdvisorVault’s features that make the cloud compliant.

1. Direct Cloud Connector:
AdvisorVault’s remote archiving software connects directly into all popular cloud services such as Office 365, OneDrive, SharePoint, Dropbox, and the Google Suite. Furthermore, this connector will copy data seamlessly to our 17a-4 compliant systems, automatically each night. AdvisorVault does not need to use a sync tool to access the cloud. The sync tool is a problem because it adds an extra step to the cloud archiving process which may end up causing gaps.

Also, AdvisorVault instantly captures full data sets from the cloud. This means firms can restore everything including office docs in their native format, full Office 365 and Gmail accounts with contacts and calendars, as well as all data stored in SharePoint sites with access to records saved in personal or group/team drives.

2. Automatic Detection of New Cloud Data:
AdvisorVault’s software automatically detects new cloud data sets as they are created. For example, as a firm adds new users in Office 365, SharePoint, or OneDrive sites, its automatically added to our 17a-4 archive. This applies to G Suite as well where user accounts are frequently added including their personal or team drives. With our automatic detection, compliance officers don’t need to notify us every time new employees are added to the cloud.

3. Electronic Records Retention:
AdvisorVault applies a 7-year blanket retention rule to ALL customer data relating to their business. This simplifies the whole data archiving retention process because with this policy firms don’t need to separate different data types then try to apply a unique retention policy to each set, which is impossible to maintain, especially for a small firm without an IT dept.

4. Downloading Data:
At the end of the day, the reason AdvisorVault acts as the D3P for its customers is to help them maintain access to their archived electronic records or emails when needed.

AdvisorVault includes a secure web portal for customers to access their 17a-4 archive. What’s key here is we make customer’s data downloadable in a format regulators can read. Here are the guidelines we follow: emails are downloadable in pst format, office docs in their native format, and customer data bases should be exported in file formats that can be accessed such a csv or text. Finally, AdvisorVault allows these electronic records to be downloaded from the archive instantly and easily copied to a DVD so the regulator can take it back to their office for review.

Lastly, we retain cloud data for customers that have been removed and keep them in our 17a-4 archive for 7 yrs. This includes Office 365 mailboxes or G suite users that have been removed and OneDrive sites or Dropbox accounts that get deleted. Keeping electronic records from users that have been removed from the cloud will also help with compliance since old employee data is often requested during audits.

5. Security:
All AdvisorVault customers are given a unique login and password. Minimum password parameters exist for customer access to the web portal. Within the AdvisorVault portal, the customer has total control of the users within their respective organization and related permissions.

Specifically, the following controls are included:

• Managing and reviewing customer access to our portal
• Verifying that only authorized and professionally trained customer personnel are allowed access to the 17a-4 archive with the provided logins, including the mobile website and mobile applications, and the provided VPN; and access to the web portal is appropriately administered for example:

Passwords are changed periodically,
Passwords are kept confidential,
Security violations are monitored and followed up as necessary,
Provisioning of new customer users and granting of additional customer access permissions are properly authorized, and
Termination processes include timely notification and disabling of access rights.

6. Pricing:
Finally, AdvisorVault uses raw data pricing, not pricing per user license. Its important for small FINRA firms to use raw data only pricing because it will be cheaper to archive cloud data since products like Dropbox, G Suite and Office 365 are based on individual user accounts that can increase exponentially as the firm grows but contain little data. Having pricing based on raw data amounts will average out the cost across all cloud users no matter how many are added, therefore the price will only increase as data amounts increase. Thus, AdvisorVault gives firms more flexibility to control data archiving costs as they grow.

Since cloud providers are not 17a-4 compliant, FINRA firms need to outsource to a designated third party (D3P) that can make the cloud compliant before storing electronic records and emails there. AdvisorVault includes everything needed as a D3P to ensure no gaps appear in the data archiving process, that electronic records can be accessed during an audit, and costs are kept low as possible.

About AdvisorVault:
AdvisorVault is the only D3P that has designed their software to help small FINRA firms archive cloud data to meet 17a-4 - focusing on solving this unique problem, our consolidated solution gives firms one vendor to help them satisfy today's demands surrounding data archiving and supervision. We have created a centralized archiving option that captures data and emails no matter where they are stored - in-house or in the cloud: total peace of mind - out of the box.

AdvisorVault Contact:
Allan Lonz, President
Direct: 416-985-0310
Toll-free: 1-866-732-1407 ex 1
Allan Lonz
Toll Free: 1-866-732-1407