Staying SEC-compliant with Microsoft’s email archiving

April 26th, 2021
Staying SEC-compliant with Microsoft’s email archiving

SEC compliance is a critical aspect of any RIA practice in the United States. Failing to adhere to these rules can result in fines or other harsher penalties, so it’s important for financial services companies to make sure their information system is capable of meeting such stringent requirements.

One area of strict SEC scrutiny is email archiving. Financial advisors use emails to communicate with clients and colleagues regarding sensitive information such as bank details, investment strategies, and more. To support proper preservation of electronic records, some RIAs use third-party email archiving solutions, as manual monitoring and archiving can be very time-consuming, not to mention error-prone. With specialized software, RIA practices can simply set compliance rules that they would like to follow and the system will automatically do the grunt work.

Related article: Email archiving at your RIA is about more than just compliance

Microsoft and SEC Rule 17a-4(f)

Financial services are among the most regulated industries in the world, so Microsoft strives to provide industry-specific tools that facilitate companies’ compliance efforts. For instance, SEC Rule 17a-4(f) mandates RIAs to retain books and records on tamper-proof electronic media, with no ability to modify or erase within a specified retention period. To help RIAs adhere to SEC Rule 17a-4(f), Microsoft has provided Immutable Blob Storage on Microsoft Azure and Preservation Lock on Microsoft Office and Microsoft 365.

On Azure, RIAs can save information in Write Once, Read Many (WORM) format, making that data non-erasable and non-rewritable until the set retention period expires and any associated legal bonds have been released. On Office and Microsoft 365, Preservation Lock’s retention and archiving features can be used to preserve a wide range of data for a defined period of time.

With these features, RIAs will be able to immutably store the following types of data:

  • Azure Blobs
  • Emails
  • Voicemails
  • Shared documents
  • Instant messages
  • Third-party data

Other SEC-compliant archiving services

There are many SEC-compliant data management systems available, each with its own merits. Two of the more popular ones are Smarsh and Global Relay.

  • Smarsh
    Smarsh is a financial services-specific email archiving and compliance system that utilizes TLS encryption technology to protect email data from interception. Smarsh has decryption features that allow outgoing emails to be read on non-Smarsh web portal platforms such as Microsoft Outlook. It can also encrypt responses from Outlook back to the Smarsh system as long as certain encryption policies are triggered. For instance, if the email from Outlook contains a calendar invite, an attachment, and/or sensitive information in the email body, encryption will be automatically activated.
  • Global Relay
    Global Relay is a secure, closed-network communications system. It is designed to comply with FINRA and SEC regulations regarding sensitive information transmitted via email, chat, and more. It is best known for its automated retention rules, which you can set and forget. However, a common complaint about Global Relay is that it can be cost-prohibitive for small- and mid-sized businesses.

Related article: IM archiving and compliance tips for RIAs

The benefits of archiving with Microsoft

Microsoft’s email archiving is on par with established industry standards. What sets it apart is its unparalleled integration with other Microsoft products and services, such as Business Central. And if your RIA practice already uses Office, Microsoft 365, or Azure, you no longer need to install a third-party email archiving solution, as these platforms already have their own record retention features.

On a fully Microsoft-powered system, you can be assured that all business data is robustly protected from cyberthreats. What’s more, security features are frequently updated to comply with any changes in regulatory requirements, making compliance convenient and effective for your RIAs.

Elevate your compliance profile with Microsoft’s Immutable Blob Storage and Preservation Lock features on Microsoft Azure, Office, and Microsoft 365. Contact us today to learn more about these Microsoft products.