AdvisorVault’s 17a-4 Cloud Backup Plug-in will make you purr like a kitten; it’s a game changer when you need to be compliant on the cloud, I am talking about Google Workspace and Microsoft 365 (the only two real options firms today). I mean, at the end of the day, moving your company to the cloud is a good decision – there’s no need for in-house systems anymore, IT support is gone, also bye-bye individual user licensing fees, and you get an instantly mobile workforce for one flat monthly fee per user with everything they’ll need to do their jobs from, anywhere. For example, if you choose Microsoft 365 each employee gets a full featured email account on Microsoft Exchange Online, with all the bells and whistles, tons of space on OneDrive, a company SharePoint site for collaboration and Teams for video conferencing.
Although the cloud is great, and FINRA is fully behind members who want to use it (in fact, regulators don’t care what technology firms use as long as they meet the basic demands of rule 17a-4: meaning they keep separate copies of data in a secondary location in original format where it can be retrieved when audited). However, it’s important to understand there are major problems with cloud services like Google Workspace and Microsoft 365 when it comes to compliance. For example, data on the cloud isn’t backed up; it’s not retained for 7 yrs. in any kind of archive; if something is deleted, you can’t call Microsoft or Google and ask them to restore it and there’s no features to search data, or retrieve records, there’s no flagging or supervision capability, finally cloud providers won’t act as the 17a-4 D3P. (I’m suspecting they’re trying to cut down on legal fees…)
Nonetheless, trying to use their built-in tools to meet compliance is difficult. I mean, just try setting up a Lock Policy on Google or configuring Archived Mailboxes for everyone on Exchange Online, you’ll also need to know how to run PowerShell Commands and create Retention Rules to apply Preservation Locks. Then there’s creating Azure Immutable Blob Storage, or designing Google Cloud Buckets — let’s be honest, that’s too complicated for the average small firm! However, this doesn’t matter since Microsoft and Google won’t give you the FINRA attestation letters anyway.
In reality, you’ll need to add a proper D3P to the cloud to make it compliant, that’s what we do, with our 17a-4 Direct Cloud Plug-in.
Our Direct Cloud Plug-in helps firms on Google Workspace and Microsoft 365 meet all the demands of rule 17a-4, it connects directly to the cloud, runs in the background, is automated and managed by AdvisorVault with three main features to help customers with compliance: