60-minute webinar presented by Core Compliance & Legal Services and sponsored by LiveOffice. View this third and final crash course in email compliance, and find out how to conduct a mock audit to ensure you are prepared when the auditor knocks. You’ll learn: - What is required in your policies and procedures - What you should focus on during compliance reviews - What is required to properly store your messages and more

1. Email Compliance 301 –
Are You Audit Ready?
Sponsored by LiveOffice AdvisorMail
June 17, 2009

2. Electronic Communication
Top Ten Mock Audit Checklist
Presented by
Michelle Jacko & Marsha Harmon
Core Compliance & Legal Services, Inc.
June 17, 2009 2

3. Introduction
• Today’s Regulatory Environment
• Conducting a Mock Audit
• Best Practices Tips
3
2

4. 1. Take An Inventory
• What Do You Have and How Is It Utilized?
– Walk around
• What is going on in your organization?
• What methods of communication are utilized?
– Consider the use of personal devices
– Note changes in business model, products & services
– Be aware of new technology introduced into the
marketplace
4

5. 2. What is Permissible or Prohibited
• Create a List based on your inventory
– Every permitted method of electronic communication,
internal and with the public for business purposes,
must be reviewed and supervised
– If you can’t supervise it, receive it, and retain it-- block
it or prohibit it!
– Must be specified in policies and procedures
5

6. 3. Capture And Archive
• Obligation to Audit and Store
– Call the experts!!
– Verify how data is captured, archived and stored
• Must be stored in original form
• Must be easily retrievable
• Must be time and date stamped
• Must be tamperproof, non-rewriteable media
• Must be stored in duplicate in separate location
6

7. 4. Back-up Offsite
• Security
– Redundancy site away from central office grid
– Non-rewriteable, non-erasable format
– Verify reliability and security of third party provider
7

8. 5. Back-up Often - Test Frequently
• Internal Control Tests
– Easily retrievable data
– Accurate and reliable
– Tested annually
– More frequent reviews are a best practice
– CCO is responsible
8

9. 6. Review & Supervise Communications
• Suggested Focus during Review
– Risk-based principles are permissible
– Check surveillance system for effectiveness
– Verify confidential lexicon list is useful and protected
– “Flag” all customer complaints
– Review communication in all languages in which your
firm conducts business
9

10. 7. Educate And Train
• Role of the Chief Compliance Officer
– The CCO’s responsibility is to ensure all Employees,
including Registered Representatives and
Supervisors understand firm’s policy
– Spell-out consequences of failure to comply
– Exceptions to the policy should be in writing.
10

11. 8. Documentation
• Prevention of Infractions and Violations
– Must document review
– Must provide evidence that regular reviews of electronic
communications are conducted
– Infractions must be documented and corrective action
taken
– Did you fix the problem
11

12. 9. Policies & Procedures
• Update
– Current with regulatory requirements
– Reviewed and tested at least annually
– Updated as new technology is introduced
– How can I make things better?
12

13. 10. Bottom Line
• Can you:
– Supervise it, receive it, and retain it?
– If not…better to block it or prohibit it!
13

14. The Top Ten
1. Take an Inventory. What do you have and how is it utilized?
2. Decide what devices are permissible or prohibited. Create a list based on your inventory.
3. Capture And Archive all EC communication. Is data stored in original format and easily retrievable?
4. Back-up Offsite. Store duplicate data in secure location away from main office power grid.
5. Back-up Often, Test Frequently. Is redundant site, or third party provider system efficient and secure?
6. Review and Supervise Communications. Verify integrity of surveillance system.
7. Educate and Train. Ensure supervised persons understand the firm’s policy & procedures, and
consequences of failure to comply.
8. Document Violations. Infractions must be in noted in writing. Did you correct the problem?
9. Policies and Procedures. Do they reflect your business, and are they current with regulatory
requirements?
10. Can you Supervise It, Receive It, and Retain It? If not…better block it or prohibit it!
14

15. Questions?
• Please contact us if you have any additional
questions
Marsha Harmon
Tel: (619) 278-0020
Email: marsha.harmon@corecls.com
Website: www.corecls.com
15

16. About LiveOffice
The leading provider of email compliance solutions
Who We Are What We Do Who We Serve
 Founded in 1998  Archiving  Financial focused
 Experienced team  Compliance  20K successful audits
 150+ employees  Discovery  99% client retention
 Summit Partners  Continuity  Fortune 100 clients
 Profitable  Hosting  8,500 clients
16

17. LiveOffice AdvisorMail Difference
• Automatically captures all sent and received messages
Archive • Offers unlimited storage & retention (on WORM)
• Protects messages in geographically diverse data centers
• Scans all messages for keywords & phrases
• Provides random sampling of messages for rapid review
Review • Comprehensive reporting features to satisfy
requirements
• Complies with state & federal requirements
(SEC/FINRA/SRO)
Comply • End-to-end audit support and compliance services baked
in
• Provides peace of mind having passed 20K+ audits
www.liveoffice.com Slide 17

18. Thank You!
Meet
Trust Guaranteed
Requirements
R. Anthony Seyboth
Director, Compliance & Litigation Services
800.374.2032 X 117
anthony.seyboth@liveoffice.com
www.liveoffice.com Slide 18