If you have stored your books and records documents in paper form for any significant period of time, you have probably noticed how your filing cabinet footprint has grown accordingly. The benefits of using electronic document storage are apparent, but let us list a few of them:
- Less physical space required – terabytes of data representing millions of pages can be stored in a single hard drive
- Searchable indexes – you can find one file from among millions is seconds
- Easily reproduced – backup copies or physical copies can be made almost instantly
- Shareable – digital files can be shared with your coworkers and clients easily
- Relatable – digital files can be associated with other digital records for easy retrieval
- Portable – files can be accessed from anywhere, anytime
Of course, all of this convenience comes with security risk which we’ll discuss later in this post. Given the less than entertaining nature of this subject, we have included some of our favorite Bugs Bunny quotes throughout the post. Enjoy!
I knew I shoulda taken that left turn at Albuquerque!
If you have already established a system based on good old fashion paper, all is not lost. The process of scanning these documents can easily be handled by a staffing agencies. When embarking on such a project keep the following in mind:
- If you’re using a third-party to do scanning, make sure to have them sign a non-disclosure agreement and have them thoroughly read your written privacy and scanning procedures (you have them, right?)
- Be sure to set up the metadata fields in your electronic system before scanning begins and ensure the person(s) responsible for scanning complete these fields as part of their process – this will allow you to easily retrieve the documents in the future (more about metadata below)
- Be sure to use a suitable scanning resolution of at least 300 DPI (dots per inch) – anything higher will take up more space than is necessary and take longer to upload/download. Anything lower may be potentially unreadable.
- Have an employee periodically check the quality of the scans to make sure they are readable, not skewed and pages are not missing.
- Hang on to the original paper documents for some period of time in case quality issues are discovered
Well, ya talked me into it
We have convinced you of the benefits of using electronic document storage and, if you are currently storing paper, you have converted them. But which documents need to be stored in compliant storage and which can I simply keep on my desktop or local file server?
This is always a difficult question to answer thoroughly. Certainly, any client communication or contract, new account documentation and formal branch documents need to be stored in your declared books and records system with the appropriate security and retention set. Other documents that may be works in progress or files not related to your practice might be sufficiently stored on your desktop. In all cases, security is paramount. Also, keep in mind that compliant storage is more expensive than a hard disk drive, for example. When in doubt, place a copy in your books and records system and always work with your compliance department to understand their specific requirements.
Captain! Captain! Just what’s the meaning of this?
The rules regarding electronic document storage are set forth in SEC Rule 17a-4. Let us take a look at the main concepts in that rule (be sure to read the entire rule, however, to understand the entire scope):
- WORM Compliance – “Write Once, Read Many” refers to the ability to ensure files cannot be altered or overwritten once they have been stored. This is important because you want your books and records system to reflect the original, unaltered versions of your documents. Some systems will allow versioning to relate updates to the original without overwriting them.
- Quality Audits – the rule requires that your process for getting files into your electronic document system includes regular quality checks. This responsibility should be part of the job description of one of your employees so that it’s clear who will be doing this check and how often. They should verify that files contain a complete copy of the document (no missing pages), the pages aren’t skewed or otherwise unreadable. Usually, since so many documents may be added on an ongoing basis, some representative subset is visually audited to ensure processes are being followed.
- Indexing – as mentioned above, adding metadata or tags to your files will make searching for and finding them easier. For instance, you may have metadata fields that capture the document type, client name, account number, etc. Since this data is associated with the file, the system doesn’t have to open and read each document to find all of Elmer Fudd’s IRA documents, for examples. This is important for regulator audits as they will want to quickly find specific documents within your system, thus the rule that indexing be present.
- Retention – how long you are required to store files varies by document type but the best practice is to store all documents for the longest required period. Check with your compliance department to determine retention periods. Then, ensure that your electronic document storage system is set up to prevent documents from being removed if they are still within this period. The retention period usually starts when an account is closed, for example – keep this in mind when setting retention policies.
- Third Party Down-loader – the rule requires that someone other than your staff has access to download files from your system for the regulator’s review. The rule doesn’t go into the “why” for this requirement but it can be assumed that the regulators can’t always rely on the firm to perform this function in a timely manner. Keep this in mind when shopping for compliant electronic storage vendors – some are not willing to sign the required Third Party Down-loader agreement form (a sample of which is provided at the end of the rule). For instance, Salesforce.com (at the time of this writing) does not agree to signing this form and therefore (and unfortunately) their document storage system is not SEC compliant.
- Backups – not only is backing up your files good practice, it is a requirement. Cloud based document storage systems will provide this function for you. However, if you’re considering setting up your own on premises electronic document storage solution, be sure to include regular back ups of your data in your documented processes. When backing up files be sure to have at least one copy stored in a different location than your primary server to protect against natural disasters, fire and employee theft or malfeasance. Back ups should be taken at least daily, more often if you are adding many files throughout the day.
Look, Mac, let’s get this straightened out
As we have alluded to throughout this post, it is a good idea to have a written scanning and document storage procedures document that is updated whenever your processes change. This may even be a requirement by your Broker Dealer and/or RIA. It should include details about how documents are scanned into the system, the auditing process, the metadata being captured and the retention policy.
Before building your processes, however, you’ll want to determine whether you will set up your own electronic document storage system (not recommended) or if you’ll use a third-party vendor (highly recommended). Using a compliant third party has the following advantages:
- They can act as your third-party down-loader
- They are experts in document storage
- They will provide data backup and fail-over systems to ensure you always have access to your files
- Cloud based vendors will have the added advantage of making your documents accessible anywhere, anytime
- They will most likely have much more security around their servers and data centers than you can replicate on your own
You will want to do a significant amount of due diligence before selecting a vendor (hint: Cloud PM can help!). You will want to be comfortable with the vendor’s security policies and procedures and their compliance features. Also, be aware that some Broker Dealers and/or RIAs will require that all of your data, including electronic documents, be stored in the continental United States. Many vendors use cloud based systems that are not regionalized and therefore cannot guarantee where the data will be stored if they have servers overseas.
Lastly, look for a vendor that can easily integrate with your other systems, especially your Customer Relationship Management (CRM) system (check out the previous post in this series specifically on CRMs). Also, be aware that many custodians also provide an electronic document storage system which is handy if you have all your accounts at a single custodian or if they allow documents to be stored for accounts at another custodian.
There’s gold in them thar hills
Using an electronic document storage system can significantly improve the efficiency of your processes and can be a central part of a truly paperless environment. As with all technology, however, there are security and compliance considerations that must be well thought out before you can benefit from such a system. Integrating storage with other systems like a CRM can make accessing files much easier and your clients will benefit in the end.
Beyond the electronic document storage options you may have available through your custodian(s), here is a short list of vendors that provide compliant storage and are willing to sign a third party down-loader agreement:
Alright, alright, quit shovin’!
Cloud PM is here to help with this important technology choice for your practice. We’ve successfully implemented many of the vendors listed above including integrations with CRMs like Salesforce.com. Let us act as your technology advocate as you begin to explore your options. Contact us to get started on the road to a paperless practice.