The NextLabs Information Barriers [SEC, NASD 2711] solution:
Prevents Conflicts of Interest. Control internal information flow to avoid improper communication and collaboration that results in compliance violations.
Maintain internal boundaries across the organization. Improve efficiency and reduce errors with consistent controls across applications and systems where data is communicated, distributed, and stored
Apply identity to determine who can collaborate. Enforce a fine-grain policy to ensure only authorized users can share specific information under appropriate context internally.
Automate user education and workflow procedures. Assist users to handle data internally with proper discretion by simplifying workflow, and avoid unintended misuse or data loss.
Fully audit and report internal information disclosure. Monitor activities, discover risks, and remediate gaps to prove compliance with information barriers.
Identify, control and audit the flow of material, non-public information to ensure confidentiality, and demonstrate NASD 2711 and SEC compliance
The National Association of Securities Dealers Rule 2711 (NASD 2711) requires separation between a financial services firm's investment banking group, and the firm's research and trading group, to prevent potential conflicts of interest and to maintain the integrity of the public market. Although organizations may separate these two groups, through electronic or physical means, the prevalence of e-mail, instant messaging, webmail, internet phones and other technologies offer easy channels for improper communication.
In addition, some personnel may need to "cross the wall" for a particular engagement, or sit "above the wall" to manage compliance processes. Yet, it is still necessary to ensure that information obtained remains on the appropriate side of the wall.
In order to comply with NASD 2711, financial organizations must:
Identify and protect regulated data wherever it is stored, communicated or used.
Prevent unauthorized information access, usage or disclosure.
Provide audit trails that prove information integrity.
NextLabs Information Barriers [SEC] Compliance Applications
NextLabs' solution is a set of applications which include a comprehensive set of pre-built policy libraries and pre-built reports that meets the requirements of NASD 2711 compliance and other regulations requiring the establishment of "Chinese Walls" between teams or groups. Policy sets can be easily customized to the environment or used as templates to create new policies. The solution helps investment banks and other financial services institutions protect regulated information in compliance with NASD 2711.
Enterprises can now enforce proper information access entitlements and data handling policies with controls that create and maintain information barriers within and across complex organizations. The Information Barriers solution allows companies to:
Create boundaries that reflect internal business relationships based on regulatory, international, or entity requirements.
Manage data access, handling, and disclosure with consistency across communication and collaboration channels to prevent improper activities while remaining transparent to normal business.
Educate inside users about policies and procedures to increase compliance awareness.
Monitor activities comprehensively, simplify auditing, and report violation attempts to prove effective policy.
The Solution helps companies automate the enforcement of information-sharing and communication-compliance procedures by rapidly creating information barriers across teams, departments, business units, entities, subsidiaries, regional locations, and resources. Consistent controls are enforced at the applications, desktops, and servers where data is stored, shared, and distributed, preventing conflicts of interest and improving corporate integrity.
Information Barrier Applications
Applications are provided to protect communication and collaboration, and come pre-built with policy objects and components. Policy sets are interoperable and easily customized to the environment. Policy applications include:
E-Mail Barriers
The E-Mail Barrier features provide controls across enterprise messaging clients to create a consistent boundary. Example policies include:
Deny analyst researchers from e-mailing unpublished research documents to investment bankers.
When the regional branch office attempts to e-mail customer account information outside the region, quarantine documents and initiate approval procedures.
Unified Communications
The Unified Communications Barrier provide controls across multi-channel communications to create a boundary that is consistent across voice and electronic communications applications (IM, e-mail, VoIP, Web conference, etc.). Example policies include:
When a chat is initiated over instant messenger between users with a potential conflict of interest, automatically add a chaperone to monitor the conversation.
Prevent employees engaged in a Web conference and located outside of the region from saving customer data distributed electronically.
Collaboration
The Collaboration Barriers provide controls across collaboration portals, such as Microsoft SharePoint, to create a virtual boundary when users try to share information or attempt inappropriate access. Example policies include:
Prevent anyone outside of the Research team from accessing unpublished research in designated Research team SharePoint document libraries (regardless of access rights assigned by SharePoint administrators).
When foreign employees attempt to access and download customer files, warn the employees about regional regulations and log the attempt for auditing.
File Sharing
The File Sharing Barriers provide controls across Windows and Linux file shares, and Web or FTP servers to create a consistent boundary that limits disclosure. Example policies include:
Allow account managers of the company's Japan subsidiary to upload customer account records only to Japan regional servers.
Prevent client team A from accessing M&A deal files on a Windows file share directory used by client team B, who is responsible for a competing customer.
