Off-site Backup Meets FINRA Compliance Requirements
What Every RIA and Financial Planner Should Know
If you are a Registered Investment Advisor (RIA) or financial planner, you know that FINRA compliance rules have been created to ensure that crucial and sensitive client data stays safe and secure. These rules were also designed to protect investors from misrepresentation and fraud during electronic communications and transactions with their advisor.
With a majority of RIAs using a computer to conduct business, FINRA and the SEC have outlined specific rules on how to store business information and retain sensitive client data. The degree to which an RIA will meet compliance is based on:
- How frequently data is being backed up
- How secure the local and offsite storage method is
- How quickly the data can be recovered in case of an audit or disaster
Summary of FINRA (SEC) Rule 204-2/Books and Records
What type of records need to be regulated?
All communications and records regarding the investment advisor’s business.
How long do records need to be kept?
Books and records shall be maintained and preserved in an easily accessible place for a period of not less than five years, the first two years in an appropriate office of the investment advisor.
If I cease operations, how long do the records need to be stored?
After ceasing to conduct business, the investment advisor shall arrange for and be responsible for the preservation of the books and records for the remainder of the period specified in the rule (no less than five years).
Can I scan paper documents for electronic storage?
Yes, paper records required to be maintained and preserved may be immediately produced or reproduced on magnetic disk, tape or other computer storage medium, and be maintained and preserved for the required time in that form.
If records are produced or reproduced on computer storage medium, the investment advisor shall:
1. Arrange the records and index the computer storage medium so as to permit the immediate location of any particular record.
2. Be ready at all times to produce a copy of the computer storage medium requested by the Commission.
3. Store separately from the original one other copy of the computer storage medium for the time required.
4. For records stored on computer storage medium, maintain procedures for maintenance and preservation of, and access to, records so as to reasonably safeguard records from loss, alteration, or destruction.
Using Automated Cloud Backup Solutions
While many RIAs may consider storing their business data on unreliable storage devices (magnetic tape, CDs, USB drives) or using unsecured methods of backup (storage devices that aren’t encrypted or are handled by employees), using an affordable cloud backup provider who understands the FINRA requirements is the best way to avoid a costly mistake.
Cloud backup services like Sterling Data Storage offer encrypted data transfer and storage, controlled access that limits who has permission to view the files, and the ability to reconnect and resume, even after a connection failure. Data backup occurs automatically, and the advisor will receive an email alert after it successfully completes.
Knowing offsite storage and data backup is occurring automatically, in the safest and most secure conditions, allows the advisor to clearly define their records management process to the regulatory Commission. From a reputation and safe business practice standpoint, risk of theft and total data loss are also greatly reduced.
Selecting A Secure Cloud Backup Provider
Not all cloud backup providers are created equal. Here are a few questions to ask when shopping for a FINRA compliant solution:
- Does the cloud backup system provide file level backup or is disaster recovery (database and operating system recovery) also available?
- Does the backup occur automatically when the local computer is connected to the internet or is the backup process manually triggered?
- What is the speed of uploading and restoring files? Are there any restrictions on how much data can be stored or recovered at one time?
- Where is the data center of the backup provider located? What measures are in place to ensure uptime, security and redundancy?
- Does the provider support multiple device types (laptops, servers, desktops) and multiple operating systems (Mac, Windows, Linux)?
- Can the provider’s software recover automatically if interrupted during a backup?
About Sterling Data Storage
Sterling Data Storage is an international data storage company providing secure cloud backup services to RIAs, financial planners and financial institutions for FINRA compliance, continuity and disaster recovery purposes. From data centers in the United States, Sterling Data Storage maintains client information in off-site areas to ensure the records remain thoroughly encrypted and impenetrable to hackers, viruses and other malicious entities that might try to gain access. Redundant backup servers protect crucial information from getting deleted in the event of a natural disaster or technological failure.
Sterling’s FINRA and SEC compliant solutions:
- Are easily implemented and running within hours on laptops, desktops and servers.
- Don’t require the purchase of new hardware or long-term licensing contracts. The advisor pays monthly based on the amount of data being stored.
- Are updated and maintained to continuously meet changes in laws, regulatory requirements and technology.
The Financial Industry Regulatory Authority (FINRA) supports public trust in investment markets by protecting investors. FINRA is a non-governmental regulatory authority approved by Congress to oversee registered investment advisors (RIAs), investment brokers and financial advisors.
To achieve their goal of investment market oversight, FINRA has established thorough rules that govern investment professionals.
These FINRA rules are designed to guarantee that highly confidential information related to the market, investment clients and the transactions they make, stays private, secure and confidential. To ensure that this information stays private and doesn’t get accidentally destroyed or deleted, it is necessary for RIAs and other industry professionals to store it via computer backup. When properly encrypted and secured, off-site data storage allows investment advisors to meet FINRA compliance requirements.