Employing network storage solutions, including security features offered by third-party cloud-storage providers, to safeguard customer records and information has increasingly become a part of many broker-dealer and investment adviser business operations. When designing, implementing, and/or reviewing a firm’s compliance policies and procedures, a firm should verify their policies and procedures are customized to effectively implement oversight of the network storage solution. During recent examinations of firms, the Office of Compliance Inspections and Examinations (OCIE) has identified multiple security risks associated with the storage of electronic customer records and information when using network storage solutions.
In a recent risk alert, the OCIE staff provided a brief summary of their observations and noted a few compliance concerns stemming from the observations. The specific concerns they outline are misconfigured network storage solutions, inadequate oversight of vendor-provided network storage solutions, and insufficient data classification policies and procedures.
The OCIE staff indicated that firms having effective storage practices customized their policies and procedures to address the implementation of the network storage solutions, including security features offered by third-party cloud-storage providers. In addition, firms implemented customized guidelines and security controls to ensure the system was configured correctly. In addition, many of the firms had a process to periodically review vendor management policies and procedures.
To see the Risk Alert, click here
By: Scotty Franks, Red Oak Senior Compliance Consultant
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is a leading provider of intelligent compliance software, offering a range of AI-powered solutions designed to help firms of all sizes successfully navigate the increasingly complex regulatory landscape. Our suite of 17(a)-4/WORM compliant features offer risk minimization, cost reduction, and process optimization capabilities with features that are designed to evolve with our client’s needs. Our flagship advertising review software enables firms to deliver compliant content to the market with confidence, faster. Our Disclosure Management and Intelligence solution simplifies the management of disclosures, while our Registration Management solution automates and streamlines the licensing and registration process, further enhancing your internal processes.