Identify, control and audit the flow of material, non-public information to ensure confidentiality, and demonstrate NASD 2711 and SEC compliance

The National Association of Securities Dealers Rule 2711 (NASD 2711) requires separation between a financial services firm's investment banking group, and the firm's research and trading group, to prevent potential conflicts of interest and maintain the integrity of the public market. Although organizations may separate these two groups, through electronic or physical means, the prevalence of e-mail, instant messaging, webmail, internet phones and other technologies offer easy channels for improper communication. 

In addition, some personnel may need to “cross the wall” for a particular engagement, or sit "above the wall" to manage compliance processes. Yet, it is still necessary to ensure that information obtained remains on the appropriate side of the wall.

In order to comply with NASD 2711, financial organizations must:

• Identify and protect regulated data wherever it is stored, communicated or used.
• Prevent unauthorized information access, usage or disclosure.
• Provide audit trails that prove information integrity.

Educating and alerting users to potential breaches, automating certain communication procedures are also critically important capabilities in enhancing the organization's ability to comply with NASD 2711.

NextLabs Information Barriers [SEC] Compliance Applications

NextLabs' solution is a set of applications which include a comprehensive set of pre-built policy libraries and pre-built reports that satisfy and report on NASD 2711 compliance and other regulations requiring the establishment of "Chinese Walls" between teams or groups. Policy sets can be easily customized to the environment or used as templates to create new policies. The solution helps investment banks and other financial services institutions protect regulated information in compliance with NASD 2711.

Enterprises can now enforce proper information access entitlements and data handling policies with controls that create and maintain information barriers within and across complex organizations. The Information Barriers solution allows companies to:

• Create boundaries that reflect internal business relationships based on regulatory, international, or entity requirements.
• Manage data access, handling, and disclosure with consistency across communication and collaboration channels to prevent improper activities while remaining transparent to normal business.
• Educate inside users about policies and procedures to increase compliance awareness.
• Monitor activities comprehensively, simplify auditing, and report violation attempts to prove effective policy.
   

The Solution helps companies automate the enforcement of information-sharing and communication-compliance procedures by rapidly creating information barriers across teams, departments, business units, entities, subsidiaries, regional locations, and resources. Consistent controls are enforced at the applications, desktops, and servers where data is stored, shared, and distributed, preventing conflicts of interest and improving corporate integrity.

Information Barrier Applications

Applications are provided to protect communication and collaboration, and come pre-built with policy objects and components included. Policy sets are interoperable and easily customized to the environment. Policy applications include:

E-Mail Barriers

The E-Mail Barrier features provide controls across enterprise messaging clients to create a consistent boundary. Example policies include:

• Deny analyst researchers from e-mailing unpublished research documents to investment bankers.
• When the EU branch office attempts to e-mail client account information outside the region, quarantine documents and initiate approval procedures.

Unified Communications

The Unified Communications Barrier features provide controls across multi-channel communications to create a boundary that is consistent across voice and electronic communications applications (IM, e-mail, VoIP, Web conference, etc.). Example policies include:

• When a chat is initiated over instant messenger between users with a potential conflict of interest, automatically add a chaperone to monitor the conversation.
• Prevent employees engaged in a Web conference and located outside of the region from saving client data distributed electronically.

Collaboration

The Collaboration Barriers features provide controls across collaboration portals, such as Microsoft Office SharePoint, to create a virtual boundary when users try to share information or attempt inappropriate access. Example policies include:

• Prevent anyone outside of the Research team from accessing unpublished research in designated Research team SharePoint document libraries (regardless of access rights assigned by SharePoint administrators).
• When non-EU employees attempt to access and download EU client account files, warn the employees about regional regulations and log the attempt for auditing.

File Sharing

The File Sharing Barriers features provide controls across Windows and Linux file shares, and Web or FTP servers to create a consistent boundary that limits disclosure. Example policies include:

• Allow account managers of the company's Japan subsidiary to upload client account records only to Japan regional servers.
• Prevent client team A from accessing M&A deal files on a Windows file share directory used by client team B, who is responsible for a competing client.