Employing network storage solutions, including security features offered by third-party cloud-storage providers, to safeguard customer records and information has increasingly become a part of many broker-dealer and investment adviser business operations. When designing, implementing, and/or reviewing a firm’s compliance policies and procedures, a firm should verify their policies and procedures are customized to effectively implement oversight of the network storage solution. During recent examinations of firms, the Office of Compliance Inspections and Examinations (OCIE) has identified multiple security risks associated with the storage of electronic customer records and information when using network storage solutions.
In a recent risk alert, the OCIE staff provided a brief summary of their observations and noted a few compliance concerns stemming from the observations. The specific concerns they outline are misconfigured network storage solutions, inadequate oversight of vendor-provided network storage solutions, and insufficient data classification policies and procedures.
The OCIE staff indicated that firms having effective storage practices customized their policies and procedures to address the implementation of the network storage solutions, including security features offered by third-party cloud-storage providers. In addition, firms implemented customized guidelines and security controls to ensure the system was configured correctly. In addition, many of the firms had a process to periodically review vendor management policies and procedures.
To see the Risk Alert, click here
By: Scotty Franks, Red Oak Senior Compliance Consultant
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is the global advertising review software of choice in the financial services industry. It is a comprehensive suite of SEC 17A-4 compliant features that are 100% books and records compliant and provides clients with 35% faster approvals and 70% fewer touches or better. We also offer Smart Review(SM), which solves for the storage and maintenance of disclosures, helping firms reduce risk, decrease review times, and increase the speed of distribution of marketing materials. Smart Registration(SM) automates the licensing and registration management process to help reduce regulatory risk and time spent on manual processes. Overall, Red Oak allows firms to minimize risk, reduce costs, and increase compliance review process effectiveness and efficiencies.