No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

4 Ways to Lessen the Burden of a FINRA Audit

by Johanny Olmedo
April 10, 2018
in Featured, Internal Audit
woman holding card reading “be prepared”

Take These Steps Now to Minimize Risk Later

When it comes time for a FINRA audit, financial organizations can spend a significant amount of resources gathering and producing the necessary data. It can be a challenge to do this without damaging the metadata or overlooking privileged items while also ensuring you meet all regulations and compliance rules. Rather than waiting to receive a request or inquiry from FINRA before getting your data in order, invest the time now in effective data management.  

Each year, Financial Industry Regulatory Authority (FINRA) sends notices for its annual audits to approximately 1,500 to 2,500 financial institutions nationwide.

During these audits, FINRA examines an organization’s “identified risks and controls and determine[s] whether firms are in compliance with federal securities laws, rules and regulations.”

Throughout the examination process, FINRA will make requests to view documents and emails from specific timeframes. Gathering and producing the necessary data without damaging the metadata or overlooking privileged items can be a burden for many financial organizations, as it requires significant time and resources to do properly.

Getting your data in shape now will lessen the burden and risk associated with collecting data for an audit later. Here are a few tips:

Map Your Data

Company data can exist on desktops, laptops, tablets, back-up tapes and repositories, cell phones, networks, servers and other drives. And as technology advances, the amount of data we produce and store continues to grow. The first step in managing that data is knowing what data you have and where it’s located. For example, are there email archive systems, online CRM systems, text message archives or other such systems that may contain potentially relevant information? The goal is to make sure that, when you need to collect that data, you’re not first spinning your wheels, wasting time and money, trying to figure out where that data exists or who to ask.

Mapping your data isn’t always a simple task, but doing so will allow you to improve the efficiency and management of your content, and it will save you significant time, effort and money overall. With a firm understanding of your data, you’ll be able to find and collect important, relevant data during an audit more easily and with less hassle.

Establish a Data Preservation Policy

Once you gain a better knowledge of what data you have and where it is stored, you can develop a preservation policy for managing corporate data. This policy should include guidelines for what information to preserve, whether it be for compliance or a legal hold or simply because your firm has determined – via some set of qualifications – it needs to be archived and saved versus destroyed.

To start, first take stock of your data resources from the first step and consult the laws and compliance rules that apply to the financial industry to ensure you’re meeting all regulations. Focus on preserving only the relevant and related information while correlating with your data map to track data that exists within the organization.

A solid data preservation policy can mean the difference between being prepared for a smooth audit process and last minute scrambling, desperate searching and even potentially finding out too late that the data needed simply wasn’t preserved.

Create a Defensible Deletion Policy

While preserving certain data is required for regulatory, compliance and legal reasons, storing all your data is unnecessary and expensive. So, once you’ve determined the data you need to keep, you can establish defensible deletion policies that define what data you can delete – and when.

After a designated amount of time, documents and emails that are no longer required for regulatory, compliance or ongoing business purposes can be destroyed. Deleting unnecessary files frees up your organization’s storage, lessens the amount of information you’ll need to sort through during an audit collection and reduces a variety of other data and security risks that accompany the unnecessary storage of such legacy data.

As long as you have a well-defined, proper policy in place that covers both the retention of data and when such data can be deleted – and it is executed consistently – the deletion itself will be defensible.

Establish an Information Governance Plan

An information governance (IG) plan dictates how you handle your company’s electronically stored information (ESI). It encompasses your data map, data preservation policy and defensible deletion policy as well as data security and management policies. An IG plan should also include audit and enforcement mechanisms to ensure the program can be measured, controlled and improved. By conducting your own internal audits from time to time, you can determine whether your IG plan is well-maintained and effective. It also allows you to make changes and updates to ensure you’re in compliance with all financial regulations so that when you receive a FINRA audit notification, you’re ready.

Because it forces you to organize your data on the front end, an IG plan reduces the lost productivity that results from searching for data in a disorganized system.

Effective information management requires planning – so don’t wait to receive a request or inquiry from FINRA before getting your data in order. Establish a structured process to proactively manage your data now and save your company time, money and headaches down the road.

When the time comes for your FINRA audit or exam, consider working with an outside vendor to help with collection. End-to-end e-discovery providers can help collect data in a secure and targeted manner, ensure metadata isn’t changed, search the documents for relevance and review it for privilege – all while saving your firm significant resources.


Tags: Data Governancee-DiscoveryFINRA
Previous Post

The Impact of RPA on GDPR

Next Post

Communicating Critical Enterprise Risks to the Board

Johanny Olmedo

Johanny Olmedo

Johanny Olmedo is a National Account Director for BIA, a leading e-discovery services firm that helps corporations and law firms properly collect, filter, review and process data for audits, litigation and investigation.

Related Posts

banks information sharing_f

Sharing Is Caring? Lessons From Dutch Banks’ Data-Sharing Program

by Sukirt Singh
March 22, 2023

With federal investigations pending, the autopsy of Silicon Valley Bank and resulting cascade of bank failures is only just beginning....

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

Next Post
meter with indicator pointing to “critical”

Communicating Critical Enterprise Risks to the Board

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT