FINRA's Best Practice Advice is Timely Amid More Prevalent Cloud-Based Strategies for Advisors
At Global Relay we were encouraged to see FINRA’s latest report: “Cloud Computing in the Securities Industry”, published last week. As pioneers of the cloud when we first offered our market-first cloud-hosted archiving and supervisory solutions to FINRA regulated broker-dealers over 20 years’ ago, we have since continued to work closely with customers to help them optimize cloud technology to meet their evolving compliance needs. To see FINRA publish a tailored report inviting comments from broker-dealers is great, and reflective of just how central cloud strategies have become to the future of financial services.
The rising prominence of cloud, and different approaches to it
As FINRA highlights, there are diverse cloud service models. Global Relay is a SaaS (Software as a Service) provider with two decades of unparalleled service providing cloud-hosted archiving, compliance and legal solutions. FINRA’s statement that “In a SaaS model, the cloud provider manages all the layers of software and hardware…” absolutely holds true for Global Relay. Our model enables us to do the technical heavy-lifting while providing broker-dealers with innovative, AI-driven, compliance supervisory systems, that crucially hold up to regulator scrutiny. As a private – as opposed to a public – cloud solution, our customers benefit from dedicated, single firm access too.
For firms still unsure of how a transition off-premise might benefit them, we have put together an eight-step pathway to cloud migration and archiving success; covering the business case element through to detailed best practice guidance on the seamless import of your data.
Firms engaged by FINRA as part of the report also indicated to its authors that SaaS models “proved to be useful especially at the outset of the pandemic, given the reportedly easy and seamless way in which workers could continue working from a remote location.”
When firms moved to off-premise working almost overnight amid Covid-19, cloud-hosted SaaS models like ours meant pandemic-struck businesses saved on infrastructure costs while ‘always on’ functionality kept workflows agile and efficient, wherever advisors were based.
Section III of the report focused on “Regulatory Considerations for Cloud Computing”. These include important due diligence checks around cybersecurity, third-party operational audits (SOC 2), data privacy, business continuity, disaster recovery and WORM storage. Global Relay takes pride in its rigorous approach that protects the accessibility, integrity, and confidentiality of client data. We engage third party auditors to conduct regular testing on our services, internal controls, and data centers. SOC 2 audits test and then report on the design and operating effectiveness of non-financial internal controls at cloud vendors. Global Relay’s services and multiple mirrored data centers undergo SOC 2 audits at least annually. Given the highlighted importance of vendor security protocols for protecting client data, within the report, we are pleased to be exceptionally transparent as to our ‘military-grade’ approach to security. Other important operational security practices include:
- Cybersecurity Operations Center - Centralized security information and event management system (SIEM), collects and correlates logs in real time.
- Risk Reduction - Targeted attack detection, and denial of service protections, keep data safe and available. 24-hourly scans and pre-release code reviews that pre-empt threats.
- Penetration Testing - Annual penetration testing by a third party auditor provides independent analysis of attack vectors and security vulnerabilities.
- Recoverability - Highly secure, resilient, and scalable IT infrastructure in two mirrored data centers supports failover in the event of a disaster.
At a time when cloud adoption strategies are increasingly varied, this is timely guidance from FINRA as the market considers options for implementation. As broker-dealers formulate questions and feedback in response, the underlying message from myself and my colleagues here at Global Relay is that we are here to help you explore cloud technology to get more out of your supervision solution, while ensuring full regulatory compliance.
To read the FINRA report in full click here.
To have one of our specialists contact you to answer your questions about cloud migration click here.