Source: Iron Mountain and Orchestria
Despite the highly regulated nature of e-mail within the financial services industry, a recent survey of more than 500 securities companies found that 64% of respondents do not have a way to prevent e-mails that are in violation of their corporate standards or policies.
Given this lack of control, it is not surprising that meeting regulatory pressures was the top concern for majority of respondents (67%) when asked about challenges for 2007.
For securities firms, e-mail is a highly regulated form of business communication and e-mail archives are often checked by regulators including the SEC, NYSE and NASD for regulatory offences. And despite regulatory requirements for archiving email, nearly 12% of respondents admitted they have no formal system for doing so.
In addition, a fifth (20%) of respondents were not confident they could meet the deadlines for responding to regulatory subpoenas or requests for electronic records despite the fact that 95% of the respondents had received requests for electronic records from regulators or internal HR/legal representatives within the past year. One of the reasons that these firms have difficulty responding to regulatory requests for e-records could be that 62% do not have a way to efficiently identify and search for different types of e-mail within their archives.
"In as heavily a regulated industry as financial services, these findings are surprising," said Bo Manning, chief executive officer of Orchestria. "Maintaining regulatory controls that satisfy corporate standards and practices is critical. E-mail is the most widely-used business application today and is inherently open to abuse. Yet it has few, if any, controls. This creates enormous risk for every enterprise - especially those as highly regulated as securities firms."
"Clearly, these firms understand the importance of e-mail archiving and supervision compliance," said John Clancy, executive vice president of Iron Mountain's technology business unit. "But a surprisingly large number of firms have yet to adopt systems that enforce compliance. In reality, this type of investment can help reduce both the risks and costs associated with compliance."
The survey was conducted in late July 2006 and commissioned by technology partners Iron Mountain, a leader in outsourced e-mail archiving services and Orchestria, a global leader in software that helps organizations ensure their employees comply with all critical regulatory and company policies associated with electronic communication. The survey asked respondents about their e-mail management and archiving practices and plans.
Iron Mountain and Orchestria offer a joint solution that provides securities firms and other organizations a cost-effective way to meet corporate and regulatory compliance for e-mail archiving and supervision. The solution combines Orchestria's real-time active policy management software with Iron Mountain's Digital Archives, an outsourced electronic records management service for secure, legally compliant and cost-effective archiving of electronic records such as e-mail and instant messages.
Orchestria's solution analyzes employee e-mails, instant message conversations, Web activity and blog entries for evidence of non-compliance with regulatory and company policy. It can prevent both internal and external messages in breach of policy by alerting the user before the message is sent in real-time, and, if configured to do so, can also send a copy of any suspicious message to the organization's compliance department or human resources department for further review.