Slashdot Mirror
Brokerage Instant Messages Must Be Saved
DrEnter writes "According to an AP story on Yahoo!, the National Association of Securities Dealers (NASD) has told its members that they must keep a copy of all instant messages sent or received by employees for at least three years. This is similar to their requirements on keeping e-mail, although technically not nearly as easy. The NASD is a self-regulatory organization, and U.S. federal law requires almost all of the 5,300 U.S.-based securities firms and brokerages to be a member of it. There's a news release from the NASD concerning the requirement - it looks like the daunting technical issues have already resulted in some firms banning the use of IM completely."
From the facetime.com website;
"Since 1999, FaceTime has been delivering instant messaging (IM) solutions for the security, management and control of IM in the enterprise.
Our integrated enterprise IM management suite of products address the challenges of:
* Network and Information Security
* Regulatory and Corporate Compliance
* Call Center Customer Service
IM Auditor has been chosen by 32 of the largest 100 financial institutions and 7 of the 8 largest U.S. banks including Bank of America and Wachovia Securities to satisfy regulatory compliance requirements."
The one thing that wouldn't be addressed is encrypted clients suched as the recently discussed Nullsoft "Waste" IM client. However, with businesses increasingly becoming addicted to IM clients and Blackberry devices, this would be a far more palatable solution than banning IM completely.
No its not. If they use AIM, then they can use the AOL gateway. The AOL gateway product can do also do their own authentication and force AIM clients (based on AIM handle) to use the gateway. The gateway can do all the needed logging. A strict IT policy to be followed by employees makes this task trivial.
Actually at my firm, we do log all calls made from our traders' phones for a 3 year period, it's more a protection against illegally/incorrect executed market orders, and liability mitigation and it is not an SEC requirement.
If you think this is bad, we need to have full data backups for files, fax, and e-mail transmissions for a 7 year retention. That eats up a lot of tape...
Most banks already log phone calls, what is being added is the requirements to archive email and IM messaging.
Do a quick search for "Basel 2" or "Basel ii" for more details on this. One very interesting quote I found is;
"The Institute of International Finance has projected a total investment of US$2.25 trillion over 5 years for the 30,000 banks that will be affected, on top of systemsâ(TM) budgets, implementation costs and training. With such a huge increase in costs, this may precipitate another round of banking consolidation, especially in Asia. Basel 2 will certainly reward banks with sophisticated management and systems â" they should be able to generate higher returns on equity, and have less capital required by the market and regulators."
You're looking at it from the wrong side. The biggest issue is brokers is having clients ring up or whatever give instructions and then take issue later (when the trades goes bad, presumably) or the client saying the the broker told them X and it caused them a loss.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
The Slashdot summary says otherwise, but the press released linked to is pretty clear.
It may not be an SEC requirement, but isn't it an NASD requirement? I've been working at brokerages for the last ten years, and it would have been unthinkable for us not to have our conversations recorded.
It wasn't just the traders and the salesmen, but the analysts as well. Maybe it wasn't a regulatory requirement, but it's definitely part of doing business in securities, because so much is done over the phone. It was actually surprising how little we used those recordings after they were made, but maybe we were just fortunate. Mostly it was to check trades, but the threat was always there that if you gave out inside information, you could be nailed.
Interestingly we were allowed to use mobiles on the trading floor, but I can imagine that people are much more cautious in the US. Post-Spitzer, they are all running very scared. Most US investment bankers that I talk to now, virtually have to append a disclaimer to everything that they say. Must make for some interesting pillow talk.
rules:
All emails are kept (Archived, not by us)
No external email accounts (it's a big offense if you use hotmail, etc, from work)
Internal instant messaging (logged, of course)
No external instant messaging (you crazy? Hell no -- you can't just install random software from the web on a trader's desktop
All phone calls are recorded (not sure how)
Cell phones are banned on the trading floors (I see them sometimes (and carry mine), but I think it's not cool).
There might be cameras, but I don't know.
All of this promotes accountability & transparency... and is good for clients and the market in general...
It's not like they look/read everything, but it has to be on file in case of a lawsuit, etc.
re: the guy talking about remote desktop, etc...
That might work at some firms, but I'd imagine most of the bigger firms are really, really locked down.
there is no thing
what else could you want?
Its much eaiser to implement a corperate version of an IM server, that most IM networks now provide, then firewall off the other IM servers, forcing the clients to use the corperate version, or proxy all IM client request to std IM servers to the corperate one, provides central logging point, and peace of mind for the security personel.
On the other hand.. IM is not secure by any means, anyone stupid enough to use it in a financial industry for anything other then talking to friends and bullshitting around, should be shot.
I came, I conquered, I coredumped
I struggle to see the value in this.
No offense, but you struggle because you're a slashbot and don't know what you're talking about. All communication in and out of a dealing room is recorded. This is so a customer can call up and do a trade on the phone, and then can't "DK" - deny later making the trade. Also, it means that traders can't pass on information they shouldn't to outside.
Traders want everything to be recorded. Those tapes can keep you out of jail.
they could still use their mobile phone or some other mechanism.
Mobile phones are blocked inside dealing rooms. And even if they weren't, even being seen using one would get you in trouble. Sure you can pop down to Starbucks and make a call from there - in the 10 minutes it took you to walk down there, the market's moved, any information you might be sneaking out is probably obsolete.
Doesn't there come a point where you have to acknowledge that not all communication that takes place at a place of work is 'owned' (in a responsibility-for sense) by the employer?
Like I say, you don't know what you're talking about. Sure a dealer can make a personal phone call, if he gets time, the bank don't care, they just think he's schmoozing a customer. The only time the tapes are listened to is if something comes to court. This protects everyone involved, the customer, the dealer and the bank.