New Canadian e-mail storage and retrieval requirements legislation is coming down the pipe, with companies moving to streamline their e-mail back-up, and vendors keeping up with demand.
National Instrument 31-103 is a proposed draft regulation that will require many financial service firms to archive their e-mail for seven years, and have it on-hand for two years, according to research analyst Vince Londini of Info-Tech Research Group.
The legislation was put out by the Canadian Securities Administrators in February for comment so that stakeholders could add their input before the requirements are passed into law.
National Instrument 31-103 is expected to go into effect by late summer or early fall, according to Kieron Dowling, president and CEO of the Toronto-based e-mail archiving and retrieval company Jatheon Technologies .
“It is very similar to SEC regulations that require retention of records related to trading,” Londini said. “But it’s much broader, covering who trades what and what to do with the information. It’s much larger than just record retention.”
This is yet another regulation that IT managers need to keep on top of, said Londini. “Anyone who trades financial instruments may well already be subject to some U.S. regulations. The financial sector is the leading adopter of archiving solutions after all,” he said.
For IT managers staring National Instrument 31-103 in the face, there are a couple of approaches, depending on what level of risk aversion management has, said Londini. “From a risk mitigation perspective, it’s less dangerous to run everything, and, when it comes to defendability, easier to set blanket policies,” he said.
When it comes to companies with employees not covered by the new regulations, or business areas that are less prone to be sued or audited, IT managers can stick to the safe side by implementing a roles-based e-mail back-up system that is less exhaustive, and only stockpiles the e-mail and data of the stipulated trader types.
Jatheon is using the new regulations as a platform to push its appliance, Plug n Comply. Recent customers include private investment company Marquest Asset Management, who traded in its old Jatheon works for the Plug n Comply 1000 E.
Jatheon added in new functionality last month that is tailor-made for those aiming for National Instrument 31-103 compliance and includes policy-driven archiving and forwarding of email, notification for policy violation for users, and RAID support tools.
SMBs are the target market for Jatheon, said Londini: “Since the appliance is bundled hardware with software, it’s simple to acquire and set up.”
Smaller companies with sparse IT staff—or branch offices with none—can benefit from the out-of-the-box functionality, which Dowling claims can be done in under an hour. Other benefits to IT managers running smaller shops is the man-hours required to ferret out requested e-mails and information from back-up tapes that are not easily searchable. “We’re really targeting the mid-market that doesn’t have the IT budget, or the time,” said Dowling.
It will also come in handy for IT staffers looking to be compliant in a short period of time before National Instrument 31-103’s looming late summer deadline—and the next compliance headache.