Regulatory Compliance per i Servizi Finanziari

Eagle Networks aiuta a proteggere la vostra azienda.
Proteggiamo i tuoi dati come fossero i nostri.

Regolamentazione per i Servizi Finanziari

Controlli di sicurezza e privacy in grado di affrontare una vasta gamma di regolamentazione legate ai servizi finanziari.

Le tabelle che seguono descrivono come alcuni servizi, (prevalentemente legati a EagleMercury) per posta elettronica, crittografia, scambio sicuro di file e archiviazione possono essere adottati per soddisfare queste normative.

NormaConformità richiestail nostro intervento
FINRA
Books and records (Rule 3110)
Correspondence must be maintained in compliance with applicable FINRA rules and Securities Exchange Act of 1934 Rules 17a-3 & 17a-4.
Also specifies supervisory procedures for the review of correspondence between individual representatives and the public
– Secure, low-cost & long-term storage.
– The storage platform supports and indexes relevant data types and formats.
– Role-based permissions for accessing archive.
SEC
Rule 17a-4 & NASD 3010
Most members of a national securities exchange, as well as brokers and dealers, must keep current a variety of books and records that relate to their business.– 24/7 offline data access and search with role-based permissions for accessing archive.
SEC
Rule 17a-4 & NASD 3010
Securities dealers must implement specific, enforceable retention procedures, which include the following:
– Messages must be stored in duplicate.
– Data must be verified automatically for quality and accuracy.
– Messages must be date/time-stamped and serialized.
– A searchable index of all data must be maintained.
– Messages and indexes must be easily retrievable.
– Stored data is backed up and stored on fully redundant platform with 99.999% uptime SLA.
– Full-text indexing and search capability.
– All stored files and corresponding file activity are time-stamped, and auditable via Audit Log and Admin File Management.
– Configurable retention policies.
SEC
Investment Advisers Act of 1940
Hedge fund managers with assets in excess of $100M have to register with the SEC under the Investment Advisers Act of 1940, which includes provisions for securing electronic communication, including email and instant messages (same requirements as SEC 17a-4).– Archive and index of all relevant file types.
– Secure, permission-based sharing.
– Data is encrypted in transit and at rest.
– Versioning and full audit trail of all sharing and file management activity.
SEC
Rule 31a-2 of the Investment Company Act of 1940 and Rule 204-2 of the Investment Advisers Act of 1940
Funds and advisers can maintain all of their records in an electronic format as long as procedures are put in place to protect records from “loss, alteration, or destruction”; that access to these records is limited to certain parties; and that “any reproduction of a nonelectronic original record on electronic storage media is complete, true, and legible.”– Resilient storage platform with 99.999% uptime SLA.
– Role-based permissions for accessing archive.
– File access is logged and auditable.
SEC
Rule 17a-4
Records, including email messages, must be preserved at least 6 years, the first 2 in “an easily accessible place”.– Configurable retention and data loss prevention policies enable file retention for 6 years or longer.
– All files are easily accessible 24/7/365.
NormaConformità richiestail nostro intervento
NASD
Rule 2860 (b)(17)
Members shall maintain and keep current a separate central log, index or other file for all options-related complaints, through which these complaints can easily be identified and retrieved. Background and financial information of customers shall be maintained at specific locations, including the principal supervisory office (or elsewhere, as long as the documents are “readily accessible and promptly retrievable”)– Full-text indexing & search.
– Archived data access from any web browser, desktop, and mobile device.
NormaConformità richiestail nostro intervento
GRAMM-LEACH-BILLEY ACT
The Financial Privacy Rule
Financial institutions must provide each consumer with a privacy notice, explaining where the info is shared, how it is used and how it is protected, at the time the consumer relationship is established and annually thereafter.– World-class datacenter infrastructure with annual SOC 2 Type II audits.
– AES-256 bit encryption.
GRAMM-LEACH-BILLEY ACT
TheSafeguards Rule
Financial institutions must design, implement, and maintain an information security plan to protect customer information; it also applies to credit reporting agencies, appraisers and mortgage brokers receiving info from financial institutions.– Data encryption in transit and at rest (AES- 256 bit).
– Complies with PCI-DSS standards.
– Data encrypted at all times (in transit & at rest).
– 100% file capture and backup.
Consumer Finance Protection BureauFinancial institutions must design, implement, and maintain an information security plan to protect customer information; it also applies to credit reporting agencies, appraisers and mortgage brokers receiving info from financial institutions.– Data encryption in transit and at rest (AES- 256 bit).
– Complies with PCI-DSS standards.
– Data encrypted at all times (in transit & at rest).
– 100% file capture and backup.
Federal Deposit Insurance CorporationProvides guidance on security and management of Instant Messaging. Social Media communications need to be supervised, reviewed, and retained.– Archive and index over 500 different file types in a central repository.
USA Patriot ActRequires records retention for suspicious communications associated with money transfer and laundering.– Files are backed up, indexed, and searchable.
– Full audit trail of all sharing and file management activity.
NormaConformità richiestail nostro intervento
SARBANES-OXLEY
Protection of Security Technology
Make security-related technology resistant to tampering, and do not disclose security documentation unnecessarily.– Data encryption in transit and at rest (AES- 256 bit).
– Secure key storage and distribution.
– Role-based permissions for accessing archive.
SARBANES-OXLEY
Security Requirements for Data Management
Define and implement policies and procedures to identify and apply security requirements applicable to the receipt, processing, storage and output of data to meet business objectives, organizational security policy, and regulatory requirements.– Annual SOC 2 Type II audits.
– Independent, company-wide audit of all 5 SOC 2 Trust Service Principles (security, availability, processing integrity, confidentiality and privacy).
SARBANES-OXLEY
Cryptographic Key Management
Determine that policies and procedures are in place to ensure the protection of cryptographic keys against modification and unauthorized disclosure.– Data encryption in transit and at rest (AES- 256 bit).
– Annual SOC 2 Type II audits.
– Independent, company-wide audit of all 5 SOC 2 Trust Service Principles (security, availability, processing integrity, confidentiality and privacy).
SARBANES-OXLEY
Exchange of Sensitive Data
Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, proof of receipt, and non-repudiation of origin.– Standards-based technologies such as Public Key Infrastructure (PKI), S/MIME and X.509 certificates are used to establish confidentiality, message integrity and user authentication.