I recently attended a webinar put on by the eDiscovery Journal and sponsored by Symantec. The topic of the webinar mirrored a new report called “Dodd-Frank: Information Governance and eDiscovery Next Steps” which was also put out by the eDiscovery Journal. You can order a copy of the report by clicking here.
As you can imagine , the webinar and report represent the authors’ best understanding to-date about the ongoing development of rules coming from the Dodd-Frank legislation. There are numerous take-aways which pertain to how firms involved in any type of trading activity must track and monitor this activity, in an era when any number of regulators can ask for information on short notice. And while not specifically focused on audio information, the authors clearly state that audio records (mostly in the form of recorded trading activity) are subject to the same rules of oversight as more conventional data sources like email and chat.
Two things about the audio compliance requirements struck me as critical. First is that ANY audio is subject to this regulatory oversight, including audio from cell phone conversations that may pertain to company trading activities. This will pose a significant challenge to firms, as tracking and recording cell phone usage is not a straightforward exercise. Contrary to what Edward Snowden and the mass media would have you believe, the phone companies (and the NSA) are not in the business of recording and listening to every cell phone conversation in the country. There are third-party systems that can record cell phone traffic, but this is an added expense that firms will have to endure if they are to comply fully with this requirement.
But there is a second compliance requirement the authors mention that really got my attention. This states that any evidence requested by one of the regulators has to be turned over to the requesting party within 5 business days of the request. This is no doubt a challenging requirement for textual information, but it raises the bar much higher for audio content. Think about it. In order to meet this request, parties must be able to:
- Identify the appropriate traders (custodians) who are subject to the requests;
- Find all the audio recordings that include these traders;
- Potentially identify specific trade content itself, such as trades for specific securities, swaps, etc.;
- Pull all this out of the system and format it for production to the regulator; and,
- Ship it off!
I know that my above list is a much-abbridged version of everything that has to happen to pull of this amazing feat. And based on what I know about how most financial services companies have their audio recorded and stored, meeting the 5-day requirement is at this point an impossibility for all but a very few. But the forward looking firms are starting to explore this area, so here is a short set of guidelines that I think make up the critical components of a system to meet this new requirement.
First and most obvious is the need to record every transaction that occurs. Most large firms are already doing this because of state and federal mandates, at least as far as company phones are concerned. But recording every call requires a significant amount of processing and storage capability, and retention requirements can cause this capability to grow exponentially. Don’t overlook the long-term storage needs when considering a recording system for your needs.
Second, you need to be able to quickly find and export calls that are most relevant to any information request. Most government requests will state a particular date range, and possibly the names of several suspect traders, and maybe even the content of the trades. The first two (date and trader names) should be captured in the meta-data for these recordings (see my earlier post about the importance of meta-data) so make sure your system is accurately capturing all this content in the database. Without meta-data there is no way possible to respond to these requests. And there are some fairly new recording systems that have limited export capabilties….literally, one major system in common use restricts exports to only 50 files at a time! Can you imagine trying to export thousands of phone calls from a system, 50 files at a time? I have seen this happen, and it ain’t pretty.
Finally, once you’ve identified the likely recordings by meta-data and exported them from the system, you still need to review them for content or privilege or to just get a better sense of what you are handing over to the Feds. This is where a highly scalable and accurate audio discovery solution becomes critical. My whole blogosphere has been dedicated to discussing the different approaches to this problem, and how Nexidia fits in, so I won’t bore you again but encourage you to scroll down and read some of my prior topics. And if you are a trading firm that is starting to look at how you can better manage your audio content and would like to have an in-depth discussion, please drop me a note. I promise I won’t hit you with a hard sell, but will be happy to help you evaluate your situation and make suggestions on how you can bring your audio systems into compliance with these new standards.