Goldstein on Gelt Radio Interview with Allan Lonz of AdvisorVault

Nov. 23, 2011 - PRLog -- Goldstein on Gelt Radio Interview with Allan Lonz of AdvisorVault

Doug: We are talking with Allan Lonz, president of AdvisorVault, a remote backup provider that works specifically with small financial firms to help them bridge the gap between technology and compliance. Allan, can you tell me what it means to bridge the gap between technology and compliance?

Allan: Hi Doug, thanks for having me on the show! AdvisorVault was created because financial firms have a huge challenge with compliance, and it is getting harder every day to meet SEC and FINRA requirements.

Doug: What kinds of compliance issue are we talking about?

Allan: We’re taking specifically about the proper backup and archiving of data - this can include emails, books and records, and other files. Essentially, this means the critical data that a firm needs to protect, not just in the event of an audit, but also in case of a disaster.

Doug: A lot of companies simply scan their documents and send the physical copies offsite, they then make copies of this data on CD’s and DVD’s, isn’t that enough?

Allan: They can definitely do this, and small firms are doing just that. They scan in their original electronic document, store them on DVD and CDs and lock them away. But you have to understand the true meaning of FINRA rule 17a-4, and specifically the stipulation called the Designated Third Party Provider or D3P. This rule says that firms must hire a third party to take possession of their data, to essentially get a copy of their data. Now if firms are copying data to DVDs themselves, they will have to take an extra step and ship these disks out every day to someone, and if they need to recover this data, they will have to get them back from this company; this is a nightmare during the audit review process.

Doug: Doesn’t this third party rule pose a security risk for the clients to have their information sent an outside company that they don’t necessarily know?

Allan: Yes, traditionally it has been a problem because if a company simply copies data to a CD or DVD and hands it to someone, that data is not encrypted, and if that CD is lost, anyone can take it, put it in their computer, and open it up. So if a company hires a 3rd party to pick up those CDs and they falls off the back of the truck this is very insecure.

Doug: And how does AdvisorVault deal with this problem?

Allan: Well, as usual, technology came to the rescue. Firms have been achieving the D3P requirement like this for many years; but remote backup came to the rescue: essentially instead of coping data to CD, DVD’s or tape, you now use a remote backup provider, like AdvisorVault who installs a piece of software on your systems and transfers the data every day to their remote data centers automatically.

Doug: So if all goes over the internet, isn’t there a limit to how much protection remote backup can offer, I mean some people compare sending data over the internet like sending a post card?

Allan: When people say “data being sent over the internet is like sending a post card”, they are talking specifically about emails. And they are right: when you send an email it is completely unencrypted and anyone can capture it and read it. But the AdvisorVault remote backup software isn’t sending the data using email, the software encrypts the data before sending it.

Doug: So AdvisorVault work specifically with investment companies which have requirements from FINRA - the oversight body of the brokerage industry - to ensure member firms protect customer data. But other than helping the brokerage firms who are required to protect customer’s data, what does this all mean for the client at the end of the day, how does it make a difference to the client’s of the brokerage firms that are using AdvisorVault?

Allan: This make a big difference to customers, because the firms we work with are audited on a regular basis, so if they are given a fail because they don’t properly protect customers data, their customers can easily become aware of this.

Doug: So financial firms have a higher level of confidence knowing AdvisorVault is protecting their customer’s records?

Allan: Most definitely, but it not just the confidence factor, our customer will pass their audits easier; this means regulators don’t have to spend so much time examining our customers, they come in and see immediately that AdvisorVault is doing what it’s supposed to do and they are out the door quicker.

Doug: When you say compliant, what are some of the issues the brokerage firms have to really concern themselves with, what does the term mean in respect to compliant backups?

Allan: For our customers it means making sure they are retaining electronic record and communications for the required amount of time and making then readily available during audits or in the event of a disaster.  If there is hurricane, for example and the main office is destroyed, critical data needs to be recovered so customers can continue doing their trades, so they can access their data. This is what data compliance mean for our customers.

Doug: What about the oversight of email that is required by brokerage firms?

Allan: Actually the compliance rules surrounding email are really very simple. So they automatically forward a copy of all incoming and outgoing email to a service, like AdvisorVault. Then these emails are retained for 7 years, we also provide the compliance officer with a web interface where they can search these emails.  So if an auditor comes in and wants to see someone's email from two years ago, it can be retrieved in seconds.

Doug: So there is no way for your clients to change their emails once they have been forwarded to you?

Allan: No, once we have a copy of our customers email, they get save on what’s called Worm Disk, which is a non-rewriteable disk where data cannot be deleted. But on the corporate email system, employees can login and delete all messages. But we take a copy of the email before it reaches the corporate email system. But the biggest problem firms are having now is that his whole process that I just describe for email now has to be applied to social media. This now has to be applied to advisors and reps who want to communicate with customers via Facebook, LinkedIn and Twitter.

Doug: Does AdvisorVault have an interface with Facebook where any data the Advisor Posts on Facebook is saved by your system?

Allan: Yes, we have an interface to help our firms supervise social media. So now when employees create anything on these social media sites it gets pulled into this database and the compliance officer can do a search and see what’s going on based on keywords. This way they will know if reps have been promoting a deal of Facebook and if they are doing it compliantly.

Doug: And to see if the Advisor is going something wrong, if he has being saying the wrong things?

Allan:  Well yes, this will be important if an audit is being done and if a firms wants to prove or disapprove a certain reps activities about a deal, so this allows firms to cover all bases, to protect themselves.

=================================================================
About Doug Goldstein:
Doug is the host of the Goldstein on Gelt radio show, http://www.goldsteinongelt.com and owner/director of Profile Investment Services, LTD. He is a licensed financial professional in the U.S. and Israel. He is often invited to comment on financial affairs on the radio TV, and in local and international newspapers.

About Allan Lonz:
Allan is President of AdvisorVault, http://www.advisorvault.org, the only remote backup provider specifically designed to help small financial firms achieve today’s stringent electronic records archiving requirements. Such SEC17a-3 & 17a-4, as well as the supervisory and disaster recovery demands contained in FINRA rules 3510 and 3010.