Messaging Solutions LLC

Rules and Regulations

Compliance - Regulatory Overviews

Businesses and Governmental Agencies today must be up-to-date and compliant with a wide range of state, federal, and international regulations.   Below we have listed a number of these and for some of the more complex, have linked to the appropriate agency web site where you can gather further information.
 

• Basel II

• California Privacy Law SB1386

• FDIC Advisory: Information Technology Risk Mgmt Program

• Gramm-Leach Bliley Act

• IDA (The Investment Dealers Association of Canada)

• Investment Advisors Act

• NASD 2210

• NASD 2711

• NASD 3010

• NASD 3012

• NASD 3013

• NASD 3110

• OCC Advisory: Electronic record Keeping

• Sarbanes-Oxley

• SEC 17a (3,4)

• Texas Public Information Act

Basel II
Banks must create internal processes to control, supervise and enforce risk management practices, including those involving internal communications.

California Privacy Law SB1386
Businesses are required to notify California residents if personal information stored on computer systems has been breached. This regulation applies to any organization that conducts business with California residents. A company is exempt from the notification requirement of California SB 1386 if the personal information is stored in encrypted format.

FDIC Advisory: Information Technology Risk Mgmt Program
Requires encryption of electronic customer information while in transit or in storage.

Gramm-Leach Bliley Act
Financial institutions must ensure the security of non-public personal information; as such, they are required to maintain and store these communications in compliance with the SEC's Rule 240.17a-4 and NASD's rules 3010 and 3110 (all emails be preserved for a period of not less than six years, with the first two years in an easily accessible place.)

IDA 29.7 (The Investment Dealers Association of Canada)
All client correspondence and related documents, including emails, must be retained for five years from the date of creation. In addition, all sales literature and related documents must be retained for two years from the date of creation. Archived sales literature and correspondence must be readily available for inspection by the Association at all times.

Investment Advisors Act
Investment advisers shall make and keep records in accordance with the Securities Exchange Act of 1934 as well as allow the Commission to examine such records as the Commission deems necessary or appropriate in the public interest or for the protection of investors. Investment advisers are also required to maintain and preserve books and records in an easily accessible location for at least five years from the end of the fiscal year during which the last entry was made, the first two years in an appropriate office of the investment advisers.

NASD 2210
All sales literature and correspondence made available to customers or the public (including email) must be a maintained for three years from the date of each use including the name of the person who prepared the literature and/or approved their use. Any communications (including email) that deal with the performance of past recommendations or actual transactions and completed worksheets should be stored at a place easily accessible to the sales office for the accounts or customers involved.

NASD 2711
All research reports, including any written or electronic communication that includes an analysis of equity securities of individual companies or industries, and that provides information reasonably sufficient upon which to base an investment decision, must be retained for three years following its publication.

NASD 3010
A system should be established and maintained to supervise activities of all registered representatives, including the use of e-mail and websites. Written procedures must be developed for the review of any written and electronic correspondence with the public relating to investment banking or securities business. If an electronic or manual pre-use review is not done, then appropriate supervisory procedures should be developed, as well as monitoring and testing the procedures, educating employees on the procedures and documenting the education of the employees. All correspondence relating to investment banking or securities business should be retained along with the names of the persons who prepared and reviewed the correspondence, and the retained records should be readily available to NASD. An annual review of a broker/dealer’s business activities, supervisory system, customer accounts and office inspections is required. Click here for additional information on NASD 3010, 3012 and 3013.

NASD 3012
Member firms must (i) have supervisory control procedures that test and verify that the members’ supervisory procedures are reasonably designed to achieve compliance with applicable securities laws and regulations and NASD rules, and (ii) where necessary, amend or create additional supervisory procedures. Click here for additional information on NASD 3010, 3012 and 3013.

NASD 3013
The CEO of each member firm must certify that they have a process to adopt compliance policies and supervisory procedures reasonably designed to achieve compliance with applicable securities laws and regulations and NASD rules. Click here for additional information on NASD 3010, 3012 and 3013.

NASD 3110
All books, accounts, records, memoranda and correspondence should be retained in the same format as stated in SEC Rule 17a-4 (i.e. non-rewriteable, non-erasable, and time-stamped). All e-mails and Internet communications which relate to the broker/dealer’s business must be retained for at least three years, the first two years in an easily accessible place.

OCC Advisory: Electronic record Keeping
Banks should implement an electronic record retention system to allow litigation, audits, bank supervision, and compliance with laws & regulations. Systems should also prevent external access by third parties, and provide back-up, internal controls, record destruction, and record retention.

Sarbanes-Oxley Act
Requires public companies save all business records, including electronic records and messages, for no less than five years. All relevant audit-related documentation (including email records) must be retained for seven years. Section 404 also requires companies to report on the effectiveness of internal controls over financial reporting. Since internal control decisions and data are discussed, transported and stored in corporate email systems, ensuring that email data cannot be accessed or tampered with is considered critical to the reliability of financial reporting.

SEC 17a(3,4)
A broker or dealer must preserve documents and records for three to six years, the first two years of which, they must be in an accessible place. All documents and records must be time-stamped, stored in a non-rewriteable/non-erasable format, organized and indexed, with a duplicate copy stored separately from the original. The indexes should be also duplicated and stored separately from the original, and they should be available for examination and preserved as long as the documents and records.

Texas Public Information Act

The Texas Public Information Act (TPIA or the Act) gives the public the right to request access to government information.  The Public Information Act applies to information of every "governmental body."