"We have broker-dealer firms approaching us saying - we aren't confident LaserFiche is backing up our data properly" said Allan Lonz, founder and CEO of AdvisorVault http://www.advisorvault.org, a FINRA and SEC compliant remote backup provider. "And they're right. The built in tools LaserFiche offers its customers is far from compliant. They aren't meeting the D3P requirements, nor would they be able to recover from a disaster,” Lonz added.
Laserfiche and Designated Third Party:
Financial firms who are members of FINRA regulated under the SEC have a special obligation regarding the protection of their data. And records associated with Laserfiche are no exception. Essentially they must ensure:
- Data is backed up and kept separate from the originals
- It can be quickly recovered in the event of a disaster (within 48 hrs)
- An independent third party is assigned who can download records to an acceptable medium for the SEC’s review (the D3P Requirement)
- Two letters are created and submitted to FINRA which designate a third party who can download current and historical LaserFiche data
How can a broker-dealer backup LaserFiche and achieve the requirements of SEC 17a-4 and the D3P regulation? Basically, Laserfiche has two components. The Microsoft SQL database which contains the configuration of the program and the file repository folder which contains the raw files that are scanned in and accessed by the database. A provider must be chosen who can properly backup these two components and be able to restore this data during a disaster or for regular audit reviews.
Backing up the SQL component of LaserFiche can cause problems because it is constantly running and a provider must be chosen who can attach to this database and protect it while it is live. Shutting down the database to back it up or doing the built-in database dump is not optimal. Additionally, the files in the repository which are simply a folder on the computer running the SQL data base must be backed up at the same time.
Other Considerations when backing up LaserFiche:
Because LaserFiche does not perform compliance backups of its database and the relating data, broker-dealer firms must take several extra steps to ensure compliance. To accomplish the Business Continuity requirements and disaster recovery of this data, the records must be kept separate from the original. By using a remote backup provider with software which is compatible with LaserFiche data broker-dealer firms will have a simple method to ensure this data can be recovered if there is a disaster at head office.
Secondly, Broker-dealers must concern themselves with data retrieval and review for audits. During regular supervision and SEC audits, historical data contained in LaserFiche may need to be reproduced in a format which can easily be downloaded and accessed by auditors. Firms need to be sure the provider they choose has the ability to retrieve current and historical data associated with LaserFiche. Then they need to copy it to non-rewriteable media which can be easily read by auditors.
LaserFiche does not have a compliant backup process for broker-dealers. Rule 17a-4 and the D3P mandate require these firms to look for a third party who can completely backup the application while it is running, can store the data in a remote location and make it quickly available during a disaster or for regular SEC audits.
A provider who can perform all these tasks will be able to act as the Designated Third Party and will greatly reduce the cost and complexity of keeping the Laserfiche data compliant.
AdvisorVault, http://www.advisorvault.org, is the only remote backup provider specifically designed to help small broker-dealer firms achieve today’s stringent data compliance requirements. With our designated third party status (D3P) we help small firms achieve all the required data compliance rules defined in 17a-3 & 17a-4, as well as the supervisory and disaster recovery demands contained in FINRA rules 3510 and 3010.
The fully managed solution includes all the hardware and software and instantly plugs into the office network to remotely protect emails and all documents relating to Books and Records. Remote, home and travelling employees are instantly added to the solution at no additional cost. The turn-key product is priced to fit the budget of small firms and provides remote backup, long-term archiving and disaster recovery in accordance with all current SEC and FINRA rules. Experience total data compliance – Out of the Box with AdvisorVault
Allan Lonz, President
Toll Free: 1-866-925-1941
# # #
AdvisorVault - A FINRA designated storage provider that helps small broker-dealer firms achieve the requirements of 17a-3 & 17a-4, simply and inexpensively. The TURNKEY solution includes secure remote backup, long-term archiving and disaster recovery.