Red Oak Software Features
New features are added regularly to make your life easier.
Red Oak Compliance Software was originally introduced to the market as “AdMaster” with the original plan to extend AdMaster over time with other capabilities. We envisioned a set of future “Master” products (which we now realize would have been corny branding). Fortunately for us, our clients were already using their “AdMaster” software to help solve a whole host of books and records workflow needs. In addition to advertising review, they were using it for forms, complaints, training material, attestations, regulatory and branch exams, ADV 2Bs, events, gifts, political contributions and so much more, as we continued to add functionality to support even more usages.
When some of our clients asked us if the word “AdMaster” could be removed from our product’s header bar it occurred to us our original vision has been realized — even though our marketing was just beginning to catch up.
Today we call our software what our clients have been calling it — Red Oak Software, or simply Red Oak.
Red Oak’s software is continually improving with new features being added on a regular basis. This document contains a partial list of features you can expect to benefit from as part of your subscription. Features are grouped by Usability, Compliance, and Risk Reduction. Increased usability directly leads to improved efficiency, reduced time to approval, and direct cost savings.
A key feature is the ability to configure workflows to fit your business rather than changing the way your business works to fit the software. Easily configure as many workflows as you want with different workflows asking different user defined questions; having different steps; and/or going to different groups of users, or having different statuses.
Red Oak works with you to create the workflows you need, either creating them for you, or guiding your administrators as they use the same user interface that Red Oak uses to setup and modify your configuration.
Red Oak’s implementation and support team is always available to help and has the experience of helping many other firms like yours configure their system to best suit their needs.
User Defined Questions and Answers
Create user defined questions and answers that are placed on any activity (step) on any workflow to collect the information you want. Questions can be dates, radio, checkbox, dropdown, text, text area, and numeric types. All user defined questions/answers are searchable and can be updated immediately.
Email notifications are sent to appropriate users based on their individual notification preferences. Notifications include a clickable link to go directly to the submission the notification is for, and include the most recent comment made and any user defined questions/answers configured to be included in notifications. Notifications practically eliminate the need to manually send emails regarding submissions.
CC Other Users
You can easily “CC” (copy) users on a submission so they are aware of it. CC’ing people is exactly the same as when you CC someone when you send an email. CC’ing will send the CC’d users an email notification with a link to the submission that includes a comment you enter. CC’ing users also “involves” them in the submission so they get other notifications regarding the submission.
Verifier Parallel Reviews
If you ever want multiple subject matter experts to comment on a submission and give their “thumbs-up” in parallel, you can add them to a submission as “Verifiers”. Verifiers get a notification email with a link to the submission. Each comment made by each verifier of the submission is sent in an email notification to the other verifiers as well as the current owner of the submission. Verification is a great way to collaborate in parallel, collecting feedback on a submission without having to follow a prescribed workflow. Adding Verifiers is done ad-hoc and is a real world way of dealing with “I’d like our attorney and product manager to look at this one”. Verifier functionality helps get material to market faster and ensures you have all the approvals you need.
Dashboard for Transparency
Each user has a Dashboard listing all of the in-progress submissions that they are allowed to see. Submission visibility is controlled by defining visibility profiles and assigning them to each user, thus ensuring users can see the submissions they need to, and none they should not see.
Each user can easily filter their Dashboard list by submission status, or any other text, allowing them to focus on the submissions they are most interested in. They can modify which columns are displayed including user defined questions, making it very easy to see important information at a glance. It is common to display a “priority” question/answer for instance.
The Dashboard greatly reduces the amount of time needed to determine the status of someone’s submission. It also frees up time and helps ensure all submissions are being processed in a timely manner.
On-line PDF, Video and Audio Annotation
With PDF, Video and Audio file types you have the ability to make annotations on-line without having to first download the piece to your local storage (video and audio are securely streamed). Annotations track who made them and when they were made. All other file formats can be annotated/edited in whatever software is necessary for that file type. For instance, if the file type is Microsoft Word you would need to have software that can view and edit Word files.
Documents for Review and Supporting Material
Each submission can include material to review as well as any supporting material. Supporting material can include regulatory approval letters, data sheets, or anything else you want to keep with the material that is being reviewed. Each uploaded document can be any file type and up to 5GB in size (adequate upload bandwidth is required).
As submissions move back and forth through your workflows, multiple versions/revisions will be collected. All versions are kept with the date/time they were uploaded and who uploaded them. Material for review and FINRA letters are included in regulatory exports.
Each submission can have many documents and each document can have many revisions.
Your team can populate a fully searchable library with pre-approved material enabling your users to easily find and download material they are allowed to use. Library material is “tagged” with permissible uses and an expiration date ensuring users will only find material they are allowed to use that has not yet expired.
Behind the scenes the text from each document is indexed providing your users with a very fast “Google-like” search experience.
Global users are supported with features such as local time zones; screens in their preferred languages; workflows that can be configured to stay within, or span, countries and regions; 24-hour support; and 99.99% or better application availability.
Response times are typically under one second making the user experience enjoyable for all users, no matter what country they are in.
Searching allows a user to find submissions based on almost any criteria including all meta-data, user defined fields and document text. For instance, if you have added questions such as target audience, then you can find submissions that are targeting a specific audience. Users can only find submissions they are allowed to see.
Managers can export search results to Excel for reporting, graphing or other analysis. The search includes all submission meta-data and all user defined questions and answers as columns in the spreadsheet. Documents and a manifest can also be exported in a “Submission Package” with a clickable link for each document in the spreadsheet. This is great for regulatory exams.
Searches can be saved and shared. All information is immediately available no matter how long ago it was entered.
Reports are designed to help you manage and improve efficiency. Here is the current list of reports:
- Submission Efficiency Analysis- Shows where time is spent for each of your different submission types.
- Submissions Pending by Status- Shows currently pending submissions by status which are pending longer than the number of days you select.
- Submission Volume by Submission Type- Shows the year-to-date number of submissions created by month.
- Submissions Touch Volume by User/Year-to-Date- Shows the year-to-date number of submissions “touched” listed by user.
- Submissions by Selected Status- Shows a list of submissions for the selected statuses and date range grouped by status.
- Submission Efficiency by User and Team- Shows an efficiency ratio for each user in the selected group. An efficiency of 100% means a user touched each submission only once. 50% means they touched submissions an average of twice.
- Service Level Agreement Exceptions Report- Shows a listing of submissions which exceed the specified service level agreement (in business days) for a selected submission status.
There are many ways to Integrate AdMaster as a component of your enterprise solutions saving time and improving data consistency. AdMaster users have used the API to integrate with their marketing system to programmatically create and interact with submissions, to interact with their primary user store to provision and maintain users, and to feed their data warehouses.
SEC Rule 17(a)-4 Compliance
SEC Rule 17(a)-4 is more than just WORM compliance and the Red Oak software was designed to fully satisfy all aspects of 17(a)-4 from the very beginning — there is no way to configure the system to violate 17(a)-4 which means Broker-Dealers and Registered Investment Advisers can rely on Red Oak for their official electronic books and records without the regulatory risk of other systems that have to be configured to, and only support part of, 17(a)-4. Red Oak supplies the required third party attestations (letters of undertaking) for your regulators as part of your subscription.
Part of being 17(a)-4 compliant includes the inability to delete (you “withdraw” or make “inactive” instead); a robust audit trail; duplicate storage; and the ability to produce a human readable copy even if the software is not operational.
MiFID II and GDPR Compliance
Red Oak’s software is used globally and satisfies MiFID II and GDPR.
Limit Submission Visibility
It is common within financial services firms for regulatory requirements to mandate limiting the ability of one user to see a limited subset of other users’ submissions or just their own. For instance, Broker-Dealers must restrict each OSJ to see submissions only from the registered representatives they are the designated supervisory Principal for; research departments must obey “Chinese Wall” restrictions; and multi-company firms have complex visibility requirements with some shared resources often spanning more than one company but not necessarily all companies.
Configurable visibility profiles assigned to each user make it easy to restrict visibility as needed.
You can accurately and quickly respond to future regulatory inquiries by knowing the facts as they existed at the time the submission was created. Each time a submission is created a “snapshot” is stored with the facts surrounding the submission — including the workflow, questions and the answers provided. Snapshotting is critical if you are to be able to respond to regulatory inquiries with “We approved the submission four years ago based on what we knew then” as opposed to “We wouldn’t have approved that with what we collect today”.
Another benefit of the “snapshotting” is the freedom to update your configuration as needed knowing your regulatory records are preserved. With Red Oak’s software, you will never need to put “*** DO NOT USE ***” beside any of your answers or questions.
Regulatory Reports and Extracts
Managers can export a “Submission Package” from search results which can then be copied to a thumb drive and given to regulators. Each Submission Package contains an Excel spreadsheet listing all of the submissions that met their search criteria along with sub-folders containing the corresponding documents. Each row of the spreadsheet has a clickable link to each document making it quick and easy to respond to regulators.
The spreadsheet includes many columns of data including a column for each of your user configured questions with answers. For regulatory audit responses it is best practice to remove columns of unnecessary data from the spreadsheet to provide only the information that was requested. Internal auditors can be given read-only access should you choose.
Cloning creates a quick link to the parent submission it was cloned from and parent lists all of the children that have been cloned from it, making it very easy for compliance to see what was done last time, or to find all of the material based on any specific template. Cloning saves time for the submitter by automatically answering as many questions as possible and is commonly used for recurring material or for material created from templates.
Cloning can also be used to quickly create multiple similar submissions.
As part of being SEC Rule 17(a)-4 compliant, there is a robust audit trail for each submission and what happens with it
The “Activity Log” is a more detailed list of every time a submission is touched or viewed and what was done.
Administrators can easily display the audit trail for any of the administrative settings.
Record and report on approvals with the date, time, status and approver. Workflows are easily configured to allow as many “approved” statuses as you need. For instance, it is common for some or all of the following to mean “approved for use”: Approved, Approved with Changes, Approved Pending FINRA, Approved pending Final Copy, and anything else you wish.
Expiration Dates, Notifications and Attestations
Assign expiration dates to material to automatically generate expiring submission notifications. This helps ensure material is not used past its permissible date or is resubmitted for review and extension. Default expiration settings can be set by workflow and users can be asked to “attest” to whatever statement you want in order to turn off an expiration notification. This provides another layer of regulatory risk mitigation — especially with field submitters.
Full Text Search
The full text of all uploaded documents is indexed making it easy to find disclosure language or any other text within documents. This ability is frequently used to quickly and easily find documents containing phrases such as “$4.3 Trillion AUM” or “Ranked #3 by Barons”, et cetera so your marketing team can update them as needed.
Comment Templates (“Disclosures”)
Maintain a database of reusable disclosures and other standard or frequently used text (“Comment Templates”) that can quickly and easily be inserted as part of document feedback or a submission comment. Each workflow can be configured to enable the use of comment templates including at which steps they can be inserted from.
Comment Templates are assigned and filtered by workflow so only appropriate choices are presented to users.
Comment templates reduce turn-around time, save effort, and improve accuracy by eliminating the need for a separate disclosure source.
Lexicon to Flag Potential Issues
The system scans the text of uploaded documents for words and phrases you have previously identified as requiring attention and displays the reason why. Explaining why to both the submitter and compliance reviewer provides training that results in better quality reviews and fewer deficiencies saving time and reducing risk.
When material is uploaded it is automatically run against your lexicon and any potential issues are identified. This is configurable by submission type and can be turned off if desired.
Red Oak takes full advantage of the latest capabilities of FINRA’s electronic AREF interface for bi-directional communication. Easily submit attached material to FINRA and the system will automatically capture the response letters at the time FINRA publishes them and attach them tot the submission as supporting material. Email notifications, with a click-able link to the submission, are sent to the appropriate people.
Users no longer have to continually log in and check the status of a FINRA filing in AREF and manually upload the FINRA response. Email notifications regarding the receipt of response letters are sent out in real time, saving time and ensuring material is approved for use as fast as possible.
You data is always encrypted at-rest and in-flight. Red Oak’s software meets the Payment Card Industry Data Security Standards (PCI DSS) and is scanned monthly for vulnerabilities and by a respected third party (TrustWave). Red Oak never uses client data for testing, demonstrations or any other purpose. Your data is never at-rest outside of the production data centers unless you extract a copy for your own purposes.
Data Center – SSAE 16, ISO 27001 Certified, Safe Harbor
The production environment is hosted by Amazon Web Services in their Northern Virginia regional data center. Multiple, completely redundant, isolated, hot fail-over environments are also hosted in Northern Virginia in physically separate locations and will transparently take over in the unlikely event that one environment becomes unavailable.
Amazon Web Services is the #1 cloud hosting provider in the world and is fully SSAE 16, SOC-1, SOC-2, SOC-3, and ISO 27001 Certified. Red Oak leverages the Amazon Web Services’ tools for performance monitoring, firewalls, load-balancing and intrusion detection.
Uploaded documents/media files are stored redundantly within Amazon’s S3 environment in multiple geographic regions. Every piece of data is encrypted at rest as well as in transit. This redundancy virtually eliminates any risk of downtime or data loss from any single point of failure.
Your Administrators can update your configuration at any time using the same user interface Red Oak uses to configure and maintain your instance. Submission “snap-shotting” functionality allows unlimited changes to be made while ensuring the regulatory record is intact.
You can always contact Red Oak for assistance however having the ability to modify your own configuration, without scheduling time and budget with your IT group. Being able to quickly and easily update your configuration helps protect against business and regulatory changes and saves you money.
Your Data in Your Possession
Fines for not producing electronic books and records have been substantial. Many firms mistakenly think that if they use a “large” vendor for their books and records they have less risk and it is not adequate protection for any regulated firm. “Backups” are only usable if the vendor’s software is up and can read the backup. Backups alone are not adequate protection and do not satisfy SEC Rule 17(a)-4.
The only way to fully mitigate the risk of not being able to produce your electronic books and records is to have a human readable copy in your possession. Red Oak eliminates this risk by providing a data extraction application programming interface (API) that allows your team to extract your data in both a human and machine readable form as often as you want. You can also export your data as a “Submission Package” containing a spreadsheet and documents. Your team can visually inspect the extracted data as part of a business continuity plan or audit procedures.
The majority of what a user can do and which submissions they can see are controlled through group membership and their assigned visibility profile. In addition to groups and visibility profiles, “roles” can be assigned that enable additional functionality. For instance, anyone assigned a “Manager” role can edit the name of submissions at any point in the workflow, reopen terminal submissions to their last pending status, and such. “Admins” and “sub-admins” have access to assigned administration functions allowing them to immediately update all or portions of your configuration should your business needs change. Administrative “domains” restrict admins to specific business areas and/or regions helping protect your configuration from inadvertent changes.
Configurable Business Rules
The vast majority of business rules can be modeled and enforced with the configurable behavior settings currently available, however there may be some situations that are unique to your business. When unique situations arise, Configurable Rules are the answer since they enable complex logic to be applied using user defined questions/answers and other submission attributes to modify behavior. Rules can prevent a submission from transitioning to a step in the workflow; display a warning; or send notifications if certain conditions are met. A simple example of a rule would be to verify a presentation date is after the requested approval date, and if not, present a warning. Another example would be a rule that forces an “Options Review” if the user selected a product type of “Options”. Rules are very powerful and can decrease risk.
Single sign-on is the ability for users to be automatically logged in to Red Oak’s software when they are authenticated with your enterprise system. This eliminates the need to maintain a separate login and password and ensures your corporate password policies are adhered to. Simplicity reduces risk and improves the user experience.
The Usability, Compliance and Risk Reduction features are some of the reasons Red Oak’s software is so highly regarded by clients. It is Red Oak’s passion for delivering maximum return on investment through expert implementation, support, and ongoing improvements by listening to clients that will ensure it stays that way.
1 Integration API is priced as an optional upgrade.
2 Bi-Direction FINRA integration is priced as an optional upgrade.
3 Single Sign On is priced as an optional upgrade.