What are you looking for ?
Advertise with us
Advertise with us

AdvisorVault and Compliant Workspace: Path To 17a-4 Compliance on Microsoft 365

Approach to data compliance by partnering with Compliant Workspace helping small FINRA firms meet 17a-4 on Microsoft 365

Despite the confusion FINRA created last year with their new audit trail option, AdvisorVault takes an approach to data compliance by partnering with Compliant Workspace helping small FINRA firms meet 17a-4 on Microsoft 365.

Advisorvault Compliant Workspace Intro

The recent change FINRA made to 17a-4 allowing firms to use an audit trail to meet the long-term retention demands of the rule doesn’t make sense; firms still need a Designated Third Party (D3P) to archive data offsite, retaining it for 7 years, and to meet FINRA’s new cybersecurity demands. Also, since the D3P is archiving records in 17a-4 WORM format already, an audit trail is a moot point. In reality, the solution for firms today – especially small ones wanting to meet 17a-4 is getting on Microsoft 365 properly.

“These days, when a firm calls me (often in desperation) needing to meet 17a-4, I immediately ask: Where is the firm’s data stored? Where is email hosted? What’s used for teleconferencing/messaging? How many 17a-4 D3Ps are there? With this information, I can immediately find gaps in their 17a-4 electronic records archive,” said Allan Lonz, president. “I tell firms the best way to close gaps in their data compliance is getting on Microsoft 365 properly.”

For FINRA firms, getting on Microsoft 365 properly means 3 things: (1) a clear path fully migrating everything off in-house systems to 365, (2) an add-on application to secure and monitor activity on the cloud, especially registered reps, and finally (3) a plugin to archive and retain data off Microsoft 365 to meet the FINRA 17a-4 electronic records retention demands. That’s why we chose Compliant Workspace to help get customers 17a-4 compliant on the Microsoft Cloud.

Advisorvault Compliant Workspace2

Compliant Workspace: clear path to 17a-4 With Microsoft 365
Compliant Workspace, unlike Microsoft or other generic cloud providers who sell companies the basic subscription only, has a complete package getting FINRA firms on the cloud compliantly with their 365 Migration Service they help rid customers of in-house systems. This means, moving all users’ data off personal PCs to individual OneDrive accounts; migrating in-house data stored on servers to company SharePoint sites; email accounts fully migrated to Exchange Online; private/group chats on Teams configured – ready to be archived centrally for 17a-4.

Also, with Compliant Workspace firms get a ‘FINRA approved cybersecurity add-on’ direct into the Microsoft Cloud, including 24/7 email alerts, detections in security policies changes, sign-in from unusual locations, unknown devices or IPs, suspicious mailbox activities, administrator abuse threat protection. Direct to compliance officers, also with deployment of best practice security options. In addition, always-on audit logs monitoring files, emails and chat activity with MFA enable for admin/all users and set inbound/outbound spam notifications. All the features needed to make Microsoft 365 fully compliant with the new FINRA cybersecurity demands, out-of-the-box.

AdvisorVault’s cloud archiving plugin For FINRA records retention
After full migration to Microsoft 365, firms need to take an extra step to be fully 17a-4 compliant. For instance, they’ll need to add a Cloud Archiving Plugin. Since by default Microsoft does not protect customers data on their cloud; its surely not retained as per 17a-4, (In fact, Microsoft will not provide the 2 3rd-party attestation letters FINRA will need) therefore, an additional step is needed to get 17a-4 compliant on the Microsoft Cloud.

That’s why AdvisorVault adds a 17a-4 Cloud Archiving Plugin to the cloud specifically meeting the long-term archiving and retention demands of 17a-4 and includes: archive/retention of emails, data stored on OneDrive and SharePoint including Teams chats, in addition, firm’s 17a-4 Cloud Plugin for Microsoft 365 does granular protection with the ability to restore individual emails, files, contacts, calendar items and Teams chats – critical for audits when the firm needs to reproduce electronic records. Finally, 17a-4 Plugin automatically detects, and archives data on the cloud as users create it, ensuring records are always transferred to a separate system, giving further protection against ransomware attacks.

Resource:
Blog:
Unlocking the Full Potential of Microsoft 365: Why You Need a CSP on Your Side

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E