17a-4 Best Practices: The Regulatory Compliance Risk of Fileshares

Share Article

In most institutions, there is more content in fileshares than there is email. Though most of us find this statement hard to believe, survey after survey confirms it and finds that even regulated departments like compliance and legal use fileshares as their main repository for content.


Compliance Software & Services

...the next phase of unstructured content management, fileshares, is just beginning and represents unique challenges for regulated users and archive vendors.

Financial institutions, largely due to regulatory pressure and fines, have, by and large, resolved their email compliance issues. Over the past decade, approximately 10 email archival vendors have emerged that provide very effective products and services for ingesting, indexing, searching, holding and disposing of email content. However, the next phase of unstructured content management, fileshares, is just beginning and represents unique challenges for regulated users and archive vendors. Leading research reports reveal as much as 40% of corporate data resides in fileshares.

First, whether producing electronic records as part of an e-Discovery production or retaining records in accordance with SEC Rule 17a-4 or 204-2, there is no real distinction between an email or fileshare record. Both need to be retained, incorporated into legal holds and produced if required. Many financial firms believe that Rule 17a-4 only applies to email records. In fact, it applies to all electronic records retained exclusively in an electronic format.

Second, recent regulatory examinations have shown that regulators are now asking about non-email regulated records. These may include employee trading, advertising, performance data and representations, outside business activities, research reports, etc.

But what are the challenges of fileshare content? Though metadata is attached to the information, it is often very difficult to find the true owner. Whereas an email record shows the owners, records on a fileshare may be owned by several users, a department or no one at all. Also, how does one know if a content is a regulatory record? Certainly going through TBs of content trying to make this determination is a job that no one wants. Can you simply implement a policy that says, ‘If it hasn’t been accessed in 5 years, delete it?’

The first question an institution should answer is: How will we manage unstructured user content in the future? The best practice is to phase out fileshares and substitute either Microsoft’s SharePoint, OpenText or other content management system. Once these systems have been implemented and regulatory content transferred, then the fileshare documents can be disposed of over time.

If the institution is going to continue to use fileshares for document retention, then best practice is to incorporate into an institutional email archive which will allow such features as, retention in accordance with Rule 17a-4 and other regulatory requirements, centralized searching and e-Discovery production, stubbing of fileshare content and, in accordance with policy disposition. Many of the archival vendors now provide for fileshare management and can greatly assist in this phase of unstructured records management.

For more information on bringing fileshares into compliance, please visit http://www.17a-4.com or call (212) 949-1724.

About 17a-4 llc:

17a-4 is a compliance services and software company with a focus on e-messaging and software solutions to meet regulatory and e-Discovery needs of institutional clients. Clients that are required to adhere to SEC, FINRA and CFTC regulations leverage 17a-4’s expertise to ensure their information infrastructure is in compliance. 17a-4’s architecture provides for a single-point in which all e-messaging content may be managed for retention, legal and regulatory holds and e-Discovery productions.

About Law Department Desktop, llc:

The DeskTop is a suite of SharePoint workproduct templates and workflows which allow collaboration and communication between corporate law departments and outside counsel. Law firms are able to build highly-customized sites which allows for cost-effective, efficient resource allocation, libraries and task lists. The most popular ‘DeskTops’ are: Litigation, Insurance, Leasing, Employment and SEC Compliance.

All product and company names herein may be trademarks of their registered owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kate Hayes
17a-4 llc
+1 (212) 949-1724
Email >
Visit website