Red Oak’s software was originally introduced to the market as “AdMaster,” with the original plan to extend AdMaster over time with other capabilities. We envisioned a set of future “Master” products (which we now realize would have been corny branding). Fortunately for us, our clients were already using their “AdMaster” software to help solve a whole host of books and records workflow needs. In addition to advertising review, they were using it for forms, complaints, training material, attestations, regulatory and branch exams, ADV 2Bs, events, gifts, political contributions, and so much more, as we continued to add functionality to support even more usages.
When some of our clients asked us if the word “AdMaster” could be removed from our product’s header bar, it occurred to us our original vision had been realized — even though our marketing was just beginning to catch up.
Today we call our software what our clients have been calling it — Red Oak Software, or simply Red Oak.
Red Oak’s software is continually improving, with new features regularly added. This document contains a partial list of features you can expect to benefit from as part of your subscription. Features are grouped by Usability, Compliance, and Risk Reduction. Increased usability directly leads to improved efficiency, reduced time to approval, and direct cost savings.
A key feature is the ability to configure (and reconfigure) workflows to fit your business rather than changing how your business works to fit the software. Easily configure as many workflows as you want with different workflows asking different user-defined questions, having different steps, different behavior settings, and/or going to different groups of users or having different statuses.
Red Oak works with you to create the workflows you need, either creating them for you or guiding your administrators as they use the same user interface that Red Oak uses to set up and modify your configuration. Red Oak’s implementation and support team is always available to help and has the experience of helping many other firms like yours configure their system to best suit their needs.
Workflows can be updated by line of business administrators at any time — without needing additional budget, without waiting for a vendor or internal IT; and without any risk of violating books and records compliance.
User-Defined Questions and Answers
Create user-defined questions and answers on any workflow activity (step) to collect the information you want and where you want. Questions can be dates, radio, checkbox, list box, dropdown, multi-down, text, text area, and numeric types. All user-defined questions/answers are searchable, can be included in the body of notifications, pinned as a sortable column in submission grids, and can be updated immediately through the administration interface (or programmatically with the optional Submission API, which is ideal for maintaining large lists of products).
Email notifications are sent to appropriate users based on their individual notification preferences. Notifications contain a clickable link to go directly to the respective submission and include the most recent comment made and any user-defined questions/answers configured to be included in notifications.
A standard set of notifications are built into the software, and additional notifications/escalations can be created using “Notification Rules.” Rules help enforce your policies and procedures and can be as simple as “Send a reminder notification if (fill in the blank with your requirement), or much more complex as needed.
Notifications practically eliminate the need to send emails regarding submissions manually.
CC Other Users
You can easily “CC” (copy) users on a submission, so they are aware of it. CC-ing people is exactly the same as when you send an email. CC-ing will send those users an email notification with a link to the submission that includes any comment you enter. It also allows them to receive notifications regarding those submissions.
Verifier Parallel Reviews
Suppose you ever want multiple subject matter experts to comment on a submission, annotate or reply to others’ annotations on a document revision, and give their “thumbs-up” in parallel. In that case, you can add them to a submission as “Verifiers.” Verifiers get a notification email with a link to the submission. Verification is a great way to collaborate in parallel, collecting submission feedback without following a prescribed workflow. Adding Verifiers is done ad-hoc and is a real-world way of dealing with “I’d like our attorney and product manager to look at this one.”
Verifier functionality helps get material to market faster with less back-and-forth and ensures you have all the necessary approvals.
Online PDF, Video, and Audio Annotations
With PDF, video, and audio file types, users can make and view annotations online without having to first download the piece. Annotations on documents track who made the annotations, when they were made, and any replies. Annotations can be collaborative by adding “Verifiers” to a submission where the current submission owner acts as an arbitrator in the event of competing ideas.
Annotations are at the document revision level, saving time and helping material get approved faster with less effort. “Enhanced Annotations” (optional upgrade) can be made on a broad range of additional file types, including Microsoft Word, Excel, PowerPoint, and Publisher.
Documents for Review and Supporting Material
Each submission can include material for review as well as any supporting material. Supporting material can consist of regulatory approval letters, datasheets, or anything else you want to keep with the material that is being reviewed. Each uploaded document and revision can be any file type, including video and audio, and up to 5GB in size each (adequate upload bandwidth is required).
As submissions move back and forth through your workflows, multiple versions/revisions will be collected. All versions are kept with the date/time they were uploaded and who uploaded them. Material for review and FINRA letters are included in regulatory exports. Each submission can have many documents, and each document can have many revisions.
Your team can populate a fully searchable library with pre-approved material enabling your users to easily find and download material they are allowed to use. Library material is “tagged” with permissible uses and an expiration date, ensuring users will only find the material they are allowed to use that has not yet expired. Behind the scenes, the text from each document is indexed, providing your users with a high-speed-like” search experience.
Global users are supported with features such as local time zones; screens in their preferred languages, workflows that can be configured to stay within or span countries and regions; 24-hour support; and 99.99% or better application availability.
Response times are typically under one second, making the user experience enjoyable for all users, no matter their country.
Searching allows a user and submissions based on almost any criteria, including all meta-data, user-defined fields, and document text. For instance, if you have added questions such as target audience, you can find submissions targeting a specific audience. Users can only find submissions they are allowed to see.
Managers can export search results to Excel for reporting, graphing or other analysis. The search includes all submission meta-data and all user-defined questions and answers as columns in the spreadsheet. Documents and a manifest can also be exported in a “Submission Package” with a clickable link for each document in the spreadsheet. This is great for regulatory exams. Searches can be saved and shared. All information is immediately available no matter how long ago it was entered.
Reports are designed to help you manage and improve efficiency. Here is the current list of reports:
- Submission Efficiency Analysis- Shows where time is spent for each of your different submission types.
- Submissions Pending by Status- Shows currently pending submissions by status which are pending longer than a certain number of business days.
- Submission Volume by Submission Type/Year-to-Date- Shows the year-to-date number of submissions created by month – listed by submission type.
- Submissions Touch Volume by User/Year-to-Date- Shows the year-to-date number of submissions “touched” by the listed user by month.
- Submissions by Selected Status- Shows a list of submissions for the selected statuses and date range grouped by status.
- Submission Efficiency by User- Shows an efficiency ratio for each user in the selected group. An efficiency of 100% means a user touched each submission only once. 50% means they touched submissions an average of twice.
- Service Level Agreement Exceptions Report- Shows a listing of submissions identifying those users who exceeded the specified service level agreement (in business days) for a selected submission status.
There are many ways to integrate with your enterprise solutions and other products saving time and improving data consistency. The API has been used to integrate with marketing systems to create and interact with submissions programmatically; to interact with a primary user store to provision and maintain users; to feed data warehouses; and to provide a system of record information to pull documents from distribution systems when they are expiring automatically, and to update the expiration (also considered “date of last use” for record retention) when a document is retired in a distribution system.
SEC Rule 17(a)-4 Compliance
SEC Rule 17(a)-4 is more than just WORM compliance. Red Oak’s software was designed to fully satisfy all aspects of 17(a)-4 from the very beginning. There is no way to configure the system to violate the rule, which means Broker-Dealers and Registered Investment Advisers can rely on Red Oak for their official electronic books and records without the regulatory risk of other systems that have to be configured to, and only support part of, 17(a)-4. Red Oak supplies the required third-party attestations (aka “Letters of Undertaking”) for your regulators as part of your subscription.
Part of being 17(a)-4 compliant includes the inability to delete (you “withdraw” or make “inactive” instead); a robust audit trail; duplicate storage; and the ability to produce a human-readable copy even if the software is not operational.
MiFID II and GDPR Compliance
Red Oak’s software is used globally and satisfies MiFID II and GDPR.
Limit Submission Visibility
It is common within financial services firms for regulatory requirements to mandate limiting the ability of one user to see a limited subset of other users’ submissions or just their own. For instance, Broker-Dealers must restrict each OSJ to see submissions only from the registered representatives they are the designated supervisory Principal for; research departments must obey “Chinese Wall” restrictions, and multi-company firms have complex visibility requirements with some shared resources often spanning more than one company but not necessarily all companies.
Configurable visibility profiles are assigned to each user, making it easy to restrict visibility as needed.
You can accurately and quickly respond to future regulatory inquiries by knowing the facts as they existed when the submission was created. Each time a submission is created, a “snapshot” is stored with the facts surrounding the submission — including the workflow, questions, and the answers provided. Snapshotting is critical if you can respond to regulatory inquiries with “We approved the submission four years ago based on what we knew then” as opposed to “We wouldn’t have approved that with what we collect today.”
Another benefit of the “snapshotting” is the freedom to update your configuration as needed knowing your regulatory records are preserved. With Red Oak’s software, you will never need to put “*** DO NOT USE ***” beside any of your answers or questions.
Regulatory Reports and Extracts
Managers can export a “Submission Package” from search results which can then be copied to a thumb drive and given to regulators. Each Submission Package contains an Excel spreadsheet listing submissions that met their search criteria and sub-folders containing the corresponding documents. Each row of the spreadsheet has a clickable link to each document making it quick and easy to respond to regulators.
The spreadsheet includes many columns of data, including a column for each of your user configured questions with answers. For regulatory audit responses, it is best practice to remove columns of unnecessary data from the spreadsheet to provide only the requested information. Internal auditors can be given read-only access should you choose.
Cloning creates a quick link to the parent submission it was cloned from, and the parent lists all of the children that have been cloned from it, making it very easy for compliance to see what was done last time or to find all of the material based on any specific template. Cloning saves time for the submitter by automatically answering as many questions as possible and is commonly used for recurring material or material created from templates.
Cloning can also be used to create multiple similar submissions quickly.
As part of being SEC Rule 17(a)-4 compliant, there is a robust audit trail for each submission and what happens with it.
Users can see a submission’s “Status History,” listing all the statuses a submission has been in, including the date and time it entered the status and who transitioned the submission to that status.
The “Activity Log” is a more detailed list of every time a submission is touched or viewed and what was done.
Administrators can easily display the audit trail for any of the administrative settings.
Record and report on approvals with the date, time, status and approver. Workflows are easily configured to allow as many “approved” statuses as needed. For instance, it is common for some or all of the following to mean “approved for use”: Approved, Approved with Changes, Approved Pending FINRA, Approved pending Final Copy, and anything else you wish. Approvals can be configured to occur anywhere in a workflow and do not need to be at the end of a workflow, allowing for post-approval processing or auditing.
In addition to approvals, all other status changes are also recorded, allowing detailed turn-around analysis, status reports, and more.
Expiration Dates, Notifications, and Attestations
Assign expiration dates to the material to automatically generate expiring submission notifications and to be used as the date-of-last-use for record retention requirements. This helps ensure material is not used past its permissible date or is resubmitted for review and extension. Default expiration settings can be set by workflow or be automated based on answers to user-defined questions.
Submitters will receive expiring submission notifications and can be asked to “attest” to whatever statement you want to turn off an expiration notification. This provides another layer of regulatory risk mitigation — especially with field submitters.
The full text of all uploaded documents is indexed, making it easy to find disclosure language or any other text within documents. This ability is frequently used to quickly and easily find documents containing phrases such as “$4.3 Trillion AUM” or “Ranked #3 by Barons”, et cetera, so your marketing team can update them as needed.
Comment Templates (“Disclosures”)
Maintain a database of reusable disclosures and other standard or frequently used text (“Comment Templates”) that can quickly and easily be inserted as part of document feedback or a submission comment. Each workflow can be configured to enable the use of comment templates, including at which steps they can be inserted from.
Comment Templates are assigned and filtered by workflow, so only appropriate choices are presented to users.
Comment templates reduce turn-around time, save effort, and improve accuracy by eliminating the need for a separate disclosure source.
Lexicon to Flag Potential Issues
The system scans the text of uploaded documents for words and phrases you have previously identified as requiring attention. It displays the reason why—explaining why to both the submitter and compliance reviewer provides training that results in better quality reviews and fewer deficiencies, saving time and reducing risk.
When material is uploaded, it is automatically run against your lexicon, identifying any potential issues. This is configurable by submission type and can be turned off if desired.
Smart ReviewSM Disclosure Intelligence Tool
Disclosures are a major pain point for both compliance and marketing teams. Using machine intelligence, Smart ReviewSM reduces the pain points marketers experience during the review process by flagging potential missing, outdated, or unneeded disclosures on the material. It is designed to streamline efforts for both teams and increase their efficiency in getting materials to market.
Smart ReviewSM also allows compliance professionals to effectively build and maintain a single source repository of disclosures, including an audit trail for disclosure updates and changes. This disclosure library allows firms to streamline their advertising review process, increasing accuracy and confidence in disclosure management while reducing the risk of disclosure errors and omissions.
Red Oak takes full advantage of the latest capabilities of FINRA’s electronic AREF interface for bi-directional communication. Easily submit the attached material to FINRA, and the system will automatically capture the response letters at the time FINRA publishes them and attach them to the submission as supporting material. Email notifications are sent to the appropriate people with a clickable link to the submission.
Users no longer have to continually log in, check the status of a FINRA filing in AREF, and manually upload the FINRA response. Email notifications regarding the receipt of response letters are sent out in real-time, saving time and ensuring material is approved for use as fast as possible.
Data is always encrypted at rest and in-flight. Red Oak’s software meets the Payment Card Industry Data Security Standards (PCI DSS). It is scanned monthly for vulnerabilities by a respected third party (TrustWave), and third-party penetration tests are performed at least annually.
Red Oak never uses client data for testing, demonstrations, or other purposes. Your data is never at-rest outside of the production data centers unless you extract a copy for your purposes.
Data Center – SSAE 16, ISO 27001 Certified, Safe Harbor
Amazon Web Services is the #1 cloud hosting provider in the world and complies with SOC-1, SOC-2, SOC-3, ISO 27001, ISO 27001, ISO 27018, PCI DSS Level 1, CSA, and many more regional programs. Red Oak leverages Amazon Web Services’ tools for performance monitoring, firewalls, load-balancing, and intrusion detection.
Uploaded documents/media files are stored redundantly within Amazon’s S3 environment in multiple geographic regions. Every piece of data is encrypted at rest as well as in transit. This redundancy virtually eliminates
any risk of downtime or data loss from any single point of failure.
Your Administrators can update your configuration at any time using the same user interface Red Oak uses to configure and maintain your instance. Submission “snapshotting” functionality allows unlimited changes to be made while ensuring the regulatory record is intact.
You can always contact Red Oak for assistance. However, having the ability to modify your configuration without scheduling time and budget with a Vendor or your IT group helps ensure your system continues to fit your business over time. Being able to quickly and easily update your configuration helps protect against business and regulatory changes and saves you money.
Your Data in Your Possession
Fines for not producing electronic books and records have been substantial. Many firms mistakenly think that they have less risk if they use a “large” vendor for their books and records. However, relying on a vendor does not transfer your compliance responsibilities. Regulators will not accept “our vendor failed us” as an excuse.
Another mistaken assumption is, “We have backups and should be good.” Not true. Backups are only usable if the vendor’s software is up and can read the backup. Backups alone are not adequate protection and do not satisfy SEC Rule 17(a)-4. The only way to fully mitigate the risk of not being able to produce your electronic books and records is to have a human-readable copy in your possession. Red Oak eliminates this risk by providing a data extraction application programming interface (API) that allows your team to extract your data in both a human and machine-readable form as often as you want. You can also export your data as a “Submission Package” containing a spreadsheet and documents. Your team can visually inspect the extracted data as part of a business continuity plan or audit procedures.
The majority of what users can do and which submissions they can see are controlled through group membership and their assigned visibility profile. In addition to groups and visibility profiles, “roles” can be assigned that enable additional functionality. For instance, anyone assigned a “Manager” role can edit the name of submissions at any point in the workflow, reopen terminal submissions to their last pending status, and such. “Admins” and “sub-admins” have access to assigned administrative functions allowing them to update all or portions of your configuration immediately should your business needs change. Administrative “domains” restrict admins to specific business areas and/or regions, helping protect your configuration from inadvertent changes.
Configurable Business Rules
The vast majority of business rules can be modeled and enforced with the configurable behavior settings currently available. However, there may be some situations that are unique to your business. When unique situations arise, Configurable Rules are the answer since they enable complex logic to be applied using user-defined questions/answers, user attributes, and other submission details to modify behavior. Rules can prevent a submission from transitioning to a step in the workflow, display a warning, auto-assign submissions, set expiration dates, or send notifications if certain conditions are met. A simple example of a rule would be to verify a presentation date is after the requested approval date, and if not, present a warning. Another example would be a rule that forces an “Options Review” if the user selected a product type of “Options.” Configurable rules are very powerful and can decrease risk.
Single sign-on is the ability for users to be automatically logged in to Red Oak’s software when they are authenticated with your enterprise system. This eliminates the need to maintain a separate login and password and ensures your corporate password policies are adhered to.
Simplicity reduces risk and improves the user experience.
The Usability, Compliance, and Risk Reduction features are some reasons clients highly regard Red Oak’s software. It is Red Oak’s passion for delivering maximum return on investment through expert implementation, support, and ongoing improvements by listening to clients that will ensure it stays that way.
1 Integration API is priced as an optional upgrade.
2 Bi-Direction FINRA integration is priced as an optional upgrade.
3 Single Sign-On is priced as an optional upgrade.