Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brokerage Instant Messages Must Be Saved

Posted by simoniker on from the casual-bathroom-conversations-also dept.

DrEnter writes "According to an AP story on Yahoo!, the National Association of Securities Dealers (NASD) has told its members that they must keep a copy of all instant messages sent or received by employees for at least three years. This is similar to their requirements on keeping e-mail, although technically not nearly as easy. The NASD is a self-regulatory organization, and U.S. federal law requires almost all of the 5,300 U.S.-based securities firms and brokerages to be a member of it. There's a news release from the NASD concerning the requirement - it looks like the daunting technical issues have already resulted in some firms banning the use of IM completely."

12 of 265 comments (clear)

  1. That should be easy by Daath · · Score: 3, Interesting

    Just build a custom Jabber server that saves everything serverside!

    Call it Corporate Jabber or something... Users should, however, be warned of the logging!

    Recently, here in Denmark, an employee of a company was dragged in court, because she was sending private mails from work (through an online dating site). The court ruled that it was ok, and that the company should stay out of the employees private life - even if she had some [private life] at work. Go Denmark ;)

    Anyway, there are lots of things to think about when logging...

    --
    Any technology distinguishable from magic, is insufficiently advanced.
  2. Re:daunting technical issues? by Max+Romantschuk · · Score: 4, Interesting

    What daunting technical issues? Nearly every instant messaging client has the ability to always log conversations.

    Would you trust your IM to log messages? What if the logging fails? Will your boss listen to you, or would you rather not take the risk at all?

    --
    .: Max Romantschuk :: http://max.romantschuk.fi/
  3. This is ridiculous... by brucmack · · Score: 2, Interesting

    What's next? Are they going to make it a requirement to keep audio tapes of all conversations, phone or otherwise, for 3 years? Surely they must stop sometime when the cost of implementation greatly outweigh any benefits.

    1. Re:This is ridiculous... by anjrober · · Score: 2, Interesting

      I use to work at a brokerage firm, a big one, and they do exactly that. Record each and every call that comes in. All of them. And the real kicker is they use the recorded calls all the time. They have to go back to the calls to find out exactly what was said and when.

  4. Re:daunting technical issues? by Surak · · Score: 3, Interesting

    That's what IT staff are for. That's why you use standardized builds of client PCs. The IT staff does the integration work to ensure that things like logging occur. The standardized configs make sure that everything works and that users can't change it.

    --
    My journal has hot /. gossip.
  5. Daunting? by kikta · · Score: 2, Interesting

    I don't see why they couldn't standardize on something like ICQ, Trillian, a Jabber client or anything else that logs everything. Then all they have to do is set the log to be saved on a network drive, rather than thier own. Is that really so daunting?

    Shit, I have logs for the last two years on this system. If you look at my laptop, it has logs from 1999 back to like 3 months after ICQ was first released. I was "daunted", but I overcame! ;-)

  6. Re:daunting technical issues? by Anonymous Coward · · Score: 2, Interesting

    I work for a very large Chicago-based financial institution that has banned IM entirely for their brokerage staff and disallowed Internet-capable IM for the rest of the company and I can safely say that a combination of FUD and CYA prompted this decision.

    Basically, the bank's Infosec team was told to log everything and to ensure that no unauthorized external IM communication between the investment brokers and the outside world occurs, so instead of trying to overengineer a solution to ensure that only authorized IM occurs, they simply blocked outbound IM altogether and disallowed the brokers to have any IM client installed at all. Elegant? No. Effective? Yes.

    Perhaps at some time they'll go back and address the situation more granularly, but for now, it fits the requirements and protects the bank from being targeted by the SEC. Staying off their radar these days is a "Good Thing" [TM].

  7. Re:daunting technical issues? by shaitand · · Score: 3, Interesting

    umm ok, last I checked it takes less than 5mins to write a shell script that uploads these logs in the background to an ftp. Pop it in a cron job and bam, all set.

  8. Not a problem... by httpamphibio.us · · Score: 2, Interesting

    Every other client logs except AIM... DeadAIM, AIM+, MyIM

    Problem solved.

    --
    sig.
  9. Not Mentioned by endofoctober · · Score: 2, Interesting

    One aspect of this that wasn't mentioned in the article - is the NASD worried about chat sent to SMS-enabled phones they issue to brokers/workers? They seem to be pretty strong on desktop chat clients, but brokers looking for a way to chat without logging could always encourage clients to go mobile to get around it.

    --
    - Jack
  10. Solutions Exist by gioan · · Score: 2, Interesting
    I've been doing security/messaging work in the banking/brokerage area for about ten years, and here's the summary, since it's clear few replying are looking at it from the industry perspective.

    There are no "daunting technical issues" to this, but rather cost concerns (and some functionality and implementation ignorance). It is relatively easy to satisfy the NASD/SEC requirements. Logging this locally (at whatever number of clients you have) is not practical (to put it tactfully). You need to log centrally, archive and ship offsite. Storage media varies, but the SEC/NASD still likes WORM due to its durability. There are offsite storage companies (like IronMountain) offering commercial storage options for this. The regulatory guidance until this memo has been fairly foggy, but essentially it's treated the same as other electronic client communications (specifically, email).

    There are a number of solutions to this, including products from Facetime (AOL's corporate product is based on it), IMLogic, and Iconix. None of these is freeware/open-source, and never will be. The goals are stability, easy access to often-nontechnical legal and compliance divisions, and most of all, accuracy and the ability to retrieve content when needed. And believe me, none of this is a laughing matter or religious open-source-versus-Microsoft debate when facing a multi-million-dollar dispute over trading executions.

  11. Reuters just implemented reliable logging for IM by dmir · · Score: 2, Interesting

    Reuters just launched "IM for financial community"
    One of the fetures: - Optional message logging features to meet industry compliance requirements
    News Release - Reuters to Expand Instant Messaging Community within the Financial Services Industry
    Reuters Products - Reuters Messaging