RIA Compliance and Practice Management Blog

RIA Archiving Compliance: Five Rules to Avoid Common Archiving Mistakes

Posted by RIA in a Box

May 19, 2021 4:29:36 PM

RIA social media archivingData is the backbone of many businesses. Every piece of communication your registered investment adviser ("RIA") firm sends including but not limited to social media posts, advertisements, and client facing documents need to be filed and archived appropriately. All this can be overwhelming if RIAs do not have a proper archiving system in place. While there are many ways to archive, here are some tips to help you avoid common pitfalls while setting up the right system for your firm.

View our Best Practices for Email Surveillance Checklist

    1. Automate Your Archiving System: One of the most common misconceptions for archiving is thinking that one person, or one team can handle this alone. Compliance is everyone’s job first and foremost. Secondly, due to the substantial amount of data required to remain archived to meet your RIA firms compliance requirements, even the best teams can fall short without a proper system in place. Creating a manual process for archiving is the number one mistake you can make while putting this system in place. Having an automated solution that archives items based on time limits set by you, as well as backing up data consistently, will save time, avoid costly errors, and help protect against regulatory issues.

     2. Back It Up: The second most common mistake is not having the proper backup process in place for your system to run smoothly. An archive should have a secure data backup process and it should occur frequently enough to be available for timely reviews by the RIA firm's Chief Compliance Officer ("CCO").

It is a good idea to set parameters around what types of data are collected, such as emails, websites, and social media content when determining software to help with the archiving process. Having a retention policy for data is just as important as storing it in the first place. Revisit the digital compliance and archive policies  required for the specific data and start there before deciding the right type of system.  

     3. Test the System: You’ve done all the hard work, put a system in place, purchased the right archiving solution for your firm, and have your backup process ready to go. Although the new system generally allows you to “set it and forget it”, make sure to schedule time to test the success of your system, perhaps on a monthly or quarterly basis. During these tests, you will assess whether your archiving activities are being executed consistently with what is outlined in your policies and procedures. Specifically, you will confirm that the right data is being captured and the frequency of data collection is occurring as stated.

It is also important to set aside time to reevaluate the keywords in place that automatically flag any potential risks or wrongdoing. Are any of your current keywords causing an influx of acceptable emails to be flagged? Are there any new key words you should consider due to recent events or any newly popular terms or acronyms to add to your list?

     4. Keep It Current: This rule applies to a few areas. As mentioned earlier, make sure your policies for archiving are reviewed frequently, especially during your annual review process. Update policies with any new rules for compliance, and revisit any specific policies created by your firm to improve the system. Additionally, if you are updating equipment of any kind, make sure that your current system and technology works with your backup solutions. Outdated backup drives can cause many issues if they are not compatible with all your systems.

     5. Keep It Secure: Out of sight and out of mind should not be the way that you think about archived data. It is just as important to protect and secure the backup data locations, as it is to have security with the current data files. Do not skimp on your privacy and data security for your backup locations. Simple steps should be taken like changing passwords (especially when individuals leave your company). Additionally, take in consideration who has access and make specific policies to limit and be discretionary with access.

Download Our Free RIA Cybersecurity Compliance ChecklistBy taking these simple steps, you and your team will be well on your way to archiving success! Simply put, don’t leave your RIA firm's archiving and compliance to chance. Selecting the right solution for your RIA can save you time, possible errors, and potential risks that would cost greatly to remedy.

 

Topics: RIA Operations, RIA Compliance, RIA Technology

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.

RIA Compliance & Practice Management

Stay up to date on the latest RIA compliance, operations, and technology topics.

Hear from industry experts as they keep you up to date on the latest regulatory developments and practice management topics.

Subscribe to Email Updates

Recent Posts

POSTS BY TOPIC

cta-ria-compliance

cta-ria-operations

cta-ria-technology