Regulations Governing the Retention and Oversight of Electronic Communications

Providing solutions designed to help your organization meet its regulatory obligations

Read the Guide: The Global Regulatory Communications Compliance Guide for Financial Services

We understand the regulations impacting your business.

Smarsh has over 20 years of experience in helping businesses overcome their most pressing compliance challenges. Our team has a deep understanding of the constantly shifting global regulatory landscape. We provide our clients with the technology they need to meet these regulatory pressures, both present and future.

regulations on business

Recordkeeping

Regulations

FINRA 2210

Details recordkeeping requirements for retail and institutional communications that incorporate the recordkeeping format, medium and retention period requirements of SEC Rule 17a-4(b).

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

FINRA 4511

Defines recordkeeping requirements for brokerage operations. Firms are required to preserve records for a period of at least six years.

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

SEC 204(2)

Requires books and records to be maintained and preserved in an easily accessible place for a period of not less than five years, the first two years in an appropriate office of the investment advisor.

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

IIROC 29.7 (Canada)

Specifies firms must retain records of their business activities, financial affairs, client transactions and communication.

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

FCA – Chapter 9 (UK)

Requires that firms maintain orderly records to monitor the firm’s regulatory compliance for a period of at least five years.

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

MiFID II – Article 16 (EU)

Specified recordkeeping, supervision, and storage requirements for all EU financial services firms, requiring that firms capture all communications that lead to a financial transaction.

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

FINRA Notice 10-06 (social media)

Notes that every firm that intends to communicate (or permit its associated persons to communicate) through social media sites must first ensure that it can retain records of those communications.

Smarsh Solution

Our capture and archiving capabilities work across the leading social media platforms and mobile operating systems. This ensuring that companies can carry out their business compliantly on social media.

FINRA Notice 11-39 (social media)

Details requirements for broker-dealers when using social media and personal devices for business communications.

Smarsh Solution

Our capture and archiving capabilities work across the leading social media platforms and mobile operating systems. This ensuring that companies can carry out their business compliantly on social media.

FINRA Notice 17-18 (text messaging)

Documents that firms that communicate (or allow advisors to communicate) through text messaging or chat services for business purposes must retain records of those communications, in compliance with SEC and FINRA rules.

Smarsh Solution

Our unique, direct-from-source mobile capture capabilities ensure that employee text communications are captured, preserved and accessible for supervisory review.

Regulations

Freedom of Information Act (FOIA)

A federal law that requires the full or partial disclosure of previously unreleased information and documents controlled by the United States government upon request. The Act also defines agency records subject to disclosure and outlines mandatory disclosure procedures. A majority of U.S. states have public records laws that mirror FOIA.

Smarsh Solution

Our Enterprise Archive enables firms to meet their recordkeeping requirements through granular retention policy definition and management. Tamper-proof, WORM-compliant storage and multi-layered data protection also ensure that firms’ records are stored in an immutable, original format.

Regulations

HIPAA (security, privacy & breach)

The HIPAA Security rule requires a six-year retention period for electronic records. The HIPAA Breach Notification Rule requires reporting of incidents within 60 days. The HIPAA Privacy Rule establishes national standards to protect individuals’ personal health information and applies to health care providers that conduct health care transactions electronically. Specific requirements of the Privacy rule are regulated at the state level.

Smarsh Solution

Granular retention policy definition and management enables organizations to address HIPAA security, privacy, and breach notification rules while meeting their recordkeeping requirements.

Regulations

FDA CFR Part 11

Defines the rules for individual document retention requirements for specific processes, such as research and development, protection of intellectual property, drug trials, new drug approval, drug labelling, etc.

Smarsh Solution

Granular policy definition and management ensures that firms can address FDA rules applicable to specific processes while meeting their recordkeeping requirements.

FDA social media guidance

Provides guidance on the use of social media to present risk information of prescription drugs, correcting third-party misinformation, and responding to off-label prescription drug information.

Smarsh Solution

Our capture and archiving capabilities work across leading social media platforms. This ensures that using social media to conduct company business can be done compliantly

Regulations

FERC Orders 760 & 717

Requires five-year record retention and reporting (760) and ethical walls (717), with fines of $1 million per day for reporting violations.

Smarsh Solution

Granular retention policy definition and management allow firms to easily manage their retention requirements. Advanced Capture features enable firms to enforce ethical wall requirements on specific communications networks.

Find out more about how our technology can help
you overcome your recordkeeping challenges.

Storage

Regulations

SEC 17a-4

Outlines requirements to retain and archive all business communications and supervisory actions in tamper-proof, WORM-compliant storage.

Smarsh Solution

Our Enterprise Archive provides tamper-proof, WORM-compliant storage and multi-layered data protection. Our solutions ensure that firms can meet secure content storage requirements that satisfy all provisions of SEC 17a-4, including attestation by a third party.

Department of Energy

Requires the retention of records across all channels in WORM storage for three years.

Smarsh Solution

The Enterprise Archive provides secure, tamper-proof storage and multi-layered data protection to meet Department of Energy Records Management requirements for email, social media and other electronic media.

Find out more about how our technology can help
you ensure your data storage is compliant.

Supervision

Regulations

FINRA 3110

Defines recordkeeping and supervisory requirements for registered broker-dealers.

Smarsh Solution

Our Enterprise Archive provides robust supervisory review capabilities that allow firms to comply with their written supervisory procedures, in accordance with regulatory requirements.

SEC 206(7)

Defines recordkeeping and supervisory requirements for investment advisors.

Smarsh Solution

Our Enterprise Archive provides robust supervisory review capabilities that allow firms to comply with their written supervisory procedures, in accordance with regulatory requirements.

IIROC NI 31-103

Defines recordkeeping and supervisory requirements for Canadian investment dealers.

Smarsh Solution

Our Enterprise Archive provides robust supervisory review capabilities that allow firms to comply with their written supervisory procedures, in accordance with regulatory requirements.

CFTC

Governs communications, supervisory procedures for email, websites and social media in communicating with the public.

Smarsh Solution

Our Enterprise Archive provides robust review capabilities for more than 100 electronic communications channels. This enables CFTC-regulated firms to comply with written-for procedures in accordance with CFTC supervisory rules.

Find out more about how our supervision technology can help
you overcome your regulatory challenges.

Data privacy

Regulations

GDPR

The EU General Data Protection Regulation requires that firms protect the data of EU citizens, offering rights of inquiry, rights to be forgotten, and rights to restrict processing, amongst other things.

Smarsh Solution

Our Enterprise Archive provides data privacy capabilities by design and defaults to allow firms to respond to specific requirements. This includes rights of access requests, rights of restricted processing, and rights of erasure.

CPPA

Provides rights to residents of California to access and request deletion of personal data if lacking consent to capture or used inappropriately.

Smarsh Solution

Our Enterprise Archive provides data privacy capabilities, enabling organizations to respond to specific requirements. This includes rights of access requests, rights of restricted processing, and rights of erasure.

Find out more about how our technology can help
you meet your data privacy requirements.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.