Six things to consider when choosing a remote backup provider.

Contributed by Allan Lonz, Advisor Vault

Meeting today’s demanding requirements.

With their continuing advancements in technology, remote backup providers are now being used by small broker-dealer firms and registered investment advisors (RIA’s) to achieve today’s demanding data compliance requirements. Such as the rules outlined in SEC 17a-3, 17a-4 and the business continuity and electronic records supervision regulations contained in 3510 and 3010 from FINRA. By using these third party providers to remotely store their critical records, these companies now have a ready-made option to quickly and inexpensively transfer data from all systems across the entire operation to a remote location.

However, not all remote backup providers are created equal and small firms need to be careful in selecting the right provider to help them achieve today’s stringent data compliance regulation. They should look for the following features when choosing a provider to outsource their remote storage.

What to look for in a remote backup provider

1. Comprehensive
Rule 17a-3 stipulates that a FINRA and SEC registered companies must protect and keep available the books and records relating to its business. This often covers a wide range of electronic records and it is vital that a remote backup provider is selected that can protect these various data formats. This must include data such email residing on internal servers and on individual PCs such as PST files saved on users hard drives. Other documents that hold client information created with Microsoft Office Word, Excel, PDF reports and customer data imputed into databases should easily be supported. The software should be configured to initially capture a full backup of this data and then be set to run every night and backup the daily incremental changes from then on.

In addition to regular protection of this user data, a provider should have the built in ability to perform full-system state backups of critical systems to enable “bare metal” restored to alternate hardware. This will allow the quick recover of servers and their associated operating systems and programs in the case of complete failure.

2. Licensing free software
In choosing a remote backup provider, small-broker dealers and RIAs should select a provider that does not charge software licensing.  A cost based only on the amount of data stored eases administration and allows branch offices, remote and home users to be added easily to the data compliance process.

3. Completely self managed
Small firms can’t spend valuable time managing backups. They should choose a provider who will completely administer the backup process and offer the ability to remotely connect to their software and immediately addresses problems when they arise.  This should be included as part of the provider’s service to ensure missed backups do not leave gaps in a broker-dealers data compliance strategy.

4. Built-in Archiving
SEC rule 17a-4 poses particular challenges for registered firms because of the specific technology required to achieve the long-term retention requirements of this mandate. In choosing a remote backup provider, it is critical that a firm understand the difference between backup and archiving. By default, to keep cost low, remote backup providers only store customer’s data on a limited retention basis using quick access hard disk. This will be set within their software to overwrite files that change frequently and keep only 10 to 30 versions of changes.

Unfortunately, this is not compliant and data that changes frequent will be overwritten. Therefore, older copies of files may not be available during an audit or in the event of a disaster.  An additional archiving process must be added in this case to perform regular full “snap-shots” of data at least monthly and moved to non-rewriteable optical disks. This will then be stored securely for at least 6 years. Non-rewriteable DVDs are a perfect technology for this because of their capacity, durability and low cost.

5. Reporting
A provider’s backup software should have the ability to send automatic email reports to compliance officers for review. This will be part of the firm’s supervisory duties and a key component of their regular compliance reporting and auditing procedures.

6. Ease of recovery
In the event of a disaster it should be easy for broker-dealers and RIA’s to restore data back to its original location or to alternate systems. Also, during SEC audits companies may be requested to reproduce current or archived data on separate media such as USB drives, CDs or DVDs so it can easily be reviewed by auditors. Ensuring a provider can easily restore this data to common file formats on alternate media will ease the audit review process. In addition, providers should be able to integrate seamlessly with FINRA’s Small Firm Emergency Partner Program and allow data to be immediately restored to a pre-designated partner firm at a geographically separate location.

Firms must identify critical vulnerabilities in their data compliance strategy. Due to their lack of internal staff or budgets they must look to third party provides to help them build data compliant systems. Remote backup providers are now well suited as an option for these companies to achieve today’s complex data compliance requirement.

These six things to consider in a remote backup provider has been presented to help small broker-dealer and RIA firms to successfully choose between the many providers that exist today.  In following the above guidelines they will have more success in choosing the correct provider. Essentially the goal is to ensure SEC audit success and quick recovery of critical records in the event of a disaster.

AdvisorVault is the only remote backup provider specifically designed to help small firms achieve today’s stringent data compliance requirements. With our designated third party status (D3P) we help small firms achieve all the required data compliance rules defined in 17a-3, 17a-4, 3510 and 3010. Our fully managed solution includes all the hardware and software and instantly plugs into the office network to remotely protect emails and all documents relating to Books and Records. Remote, home and travelling employees are instantly added to the solution at no addition cost. The turn-key product is priced to fit the budget of small firms and provides remote backup, long-term archiving and disaster recovery in accordance with all current SEC and FINRA rules. Experience total data compliance – Out of the Box with AdvisorVault. For more information please visit:

Tags: , , , ,

Category: Articles