Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brokerage Instant Messages Must Be Saved

Posted by simoniker on from the casual-bathroom-conversations-also dept.

DrEnter writes "According to an AP story on Yahoo!, the National Association of Securities Dealers (NASD) has told its members that they must keep a copy of all instant messages sent or received by employees for at least three years. This is similar to their requirements on keeping e-mail, although technically not nearly as easy. The NASD is a self-regulatory organization, and U.S. federal law requires almost all of the 5,300 U.S.-based securities firms and brokerages to be a member of it. There's a news release from the NASD concerning the requirement - it looks like the daunting technical issues have already resulted in some firms banning the use of IM completely."

9 of 265 comments (clear)

  1. daunting technical issues? by Surak · · Score: 4, Insightful

    What daunting technical issues? Nearly every instant messaging client has the ability to always log conversations. Simply standardize the clients that can be used, make sure that conversations are logged, and lock down the configs so that brokers can't change them. I see no daunting technical issues here.

    --
    My journal has hot /. gossip.
    1. Re:daunting technical issues? by muffen · · Score: 4, Insightful

      As you said, they have the ability to log it on a client level. Imagine a company with 500 000 machines. Are you going to collect logs from each and every one every single day?? Even if you saved the logs on a network drive, do you want 500 000 different files per day?

      The difficulty is logging the traffic on a server level. The reasons are many. I think this article describes them fairly well.

      Basically, IM traffic tries to hide itself, generally as HTTP traffic. Yahoo for example prepends a HTTP header to all packets, thereby being disguised as a HTTP GET request. AOL/ICQ/MSN has the ability to use HTTP Proxy servers, and AOL provides www.proxy.aol.com for free (port 80, no pass). MSN will auto-configure itself to use a proxy server if direct access is blocked.

      Here's the result of logging IM traffic on a client level.

    2. Re:daunting technical issues? by arkanes · · Score: 4, Insightful
      Missing the point - in this case, all the logging is done on client machines, outside the direct control of the support staff. That'd be a disaster if, say, someones hard drive failed and the log was lost, and then they were sued. Email is easy because you just mirror it on a server. You'd need some sort of complicated transparent proxy to log normal IMs, and that wouldn't work with encrypted conversations.

      In other words - yes, it can be done. No, it's not trivial.

    3. Re:daunting technical issues? by bmongar · · Score: 4, Insightful
      Nearly every instant messaging client has the ability to always log conversations

      Client side logging is not sufficient. An employee can turn that off or delete the logs. The logging would have to be done server side. That would require a corporate IM solution which would log. I work for a company effected by this law. They don't allow any external or web based e-mail access for the same reason, they can't log it unless you go through their server.

      --
      As x approaches total apathy I couldn't care less.
  2. What's the value? by monkey_tennis · · Score: 5, Insightful

    I struggle to see the value in this. If a broker wants to have an 'off the record' conversation they could still use their mobile phone or some other mechanism. Doesn't there come a point where you have to acknowledge that not all communication that takes place at a place of work is 'owned' (in a responsibility-for sense) by the employer?

    1. Re:What's the value? by sagneta · · Score: 4, Insightful

      It's not the employer that is making this requirement. The SEC has regulated such communication since its inception in 1934 in accordance with the Securities ACT of 1933 and the Securties and Exchange ACT of 1934. This is the law. Period.

      Insider trading and information dissemination is strictly regulated to prevent classic insider stock manipulation gambits. To get some idea of how that worked you can read "Reminiscence of a Stock Operator " first publised in 1924.

      Sam Waksel who was found guilty of violation of several securities laws and could have been hung up on obstruction of justice to boot is now spending 7 years in prison. He could have gotton 40.

      The laws have become stricter more recently. Just before the bubble burst Congress enacted more legislation that prevented companies from providing non-public information to traders, analysists and the like. They mean it. Siebel executives during a dinner recently that off the cuff mentioned some data to an analysist are now having to explain themselves to the SEC. SEC is in a bad mood these days.

      The point that is lost outside the industry is that the witch hunt is on. This happens after every debacle. It is not a technical issue. The IM infrastructure *must* meet SEC and NASD ( 1938 ACT ) rules and regulations otherwise the companies face prosecution and the individuals lose Series 7.

      I am actually astonished NASD waited this long. Brokerage firms are all ready rushing to comply in 2003 because it has been assumed this would happen.

      FYI

  3. This is understandable by Millbuddah · · Score: 4, Insightful

    Considering the recent media frenzy over Martha Stewart's case regarding insider trading, this really shouldn't come as much of a surprise. They're only trying to cover their own ass by having records for evidence if any insider trading information is being passed along with these instant messaging programs.

  4. Makes sense to me by jamie(really) · · Score: 5, Insightful

    Brokerage firms make deals minute to minute, and conversations with a broker are legally binding. There isnt time to fax a contract back and forth. If you phone anyone at a brokerage firm, you will be recorded. Something to remember before you phone your mate and tell them about your weekend in ibiza. I totally understand why banks would view instant messages as the 21st century equivalent of a phone converstaion. Get over it!

  5. Most firms have done this for a long time. by michael7 · · Score: 4, Insightful

    I work at one of the large investment banks and instant messaging has become a large part of how traders do business. They communicate with people from other firms, quote prices, and even make trades. All of this is much more efficient and effective than email or even the phone. The recording of these communications is mostly there to settle disputes. If I quote a price to you over IM and you accept the trade is done, and if later you come back and dispute the price, there needs to be some way to settle it. This is the main reason phone calls and emails are all recorded and saved. It is a good deal for the banks, along for the SEC when investigations come up.