In early May, Finan-cial Planning Association (FPA) President Mark Johannessen met with Andrew J. "Buddy" Donohue, director of the investment management division of the U.S. Securities and Exchange Commission (SEC), to discuss current regulatory issues affecting the financial planning profession. Present also at that meeting was Duane Thompson, FPA's director of government relations.

Among the issues discussed with Donohue, who oversees the $30 trillion investment management and mutual fund industries, was the RAND report on differences between financial planners and brokers; competitive pricing pressures in the industry; and possible changes to the books and records requirements for investment advisors. According to Thompson, they discussed the SEC's apparent interest in adopting an enforceable standard for the electronic storage and retrieval of pertinent records.

Currently, there is a dizzying array of existing laws and regulations covering this issue. From Sarbanes-Oxley compliance to the Gramm-Leach-Bliley Act to the SEC's own ruling in 2001 (Parts 270 and 275 in title 17 of the Code of Federal Regulations), the intertwining laws and regulations make adoption of a standard difficult. However, the mere fact that the SEC is willing to consider changes that might embrace electronic files could be good news for registered investment advisory firms, but bad news for large firms and broker-dealers.

According to Thompson, "The SEC came out with their initial rules for electronic record-keeping in the late '90s, shortly after the industry started using the Internet, and didn't do much afterward except to provide guidance on e-mail storage, etc., only informally after inspections. What they plan to do is to 'update' that guidance, perhaps in a rule-making, not just interpretative guidance."

Thompson went on to say, "I had the impression that when Buddy Donohue mentioned this, they were going to be assessing current record-keeping practices this year and then update their rule-making. This could be through a 'sweep,' although he didn't say that, but more likely by checking on practices through routine inspections by the Office of Compliance Inspections and Examinations (OCIE), their examination arm."

According to Thompson, Donohue also mentioned "that making adjustments is frequently more difficult for global firms that have legacy systems coded to certain countries." According to Thompson, the SEC is expected to update its books and records rule over the coming year.
The smaller firms that typically pay top dollar for record-keeping storage space, assuming that their files are stored on location at their offices, would have the incentive to move toward a virtual (electronic) file storage solution (obviating the need for physical files) and ultimately save thousands of dollars. Not true for the larger firms and broker-dealers, which may have already invested hundreds of thousands of dollars (or more) in electronic record-keeping systems that may or may not comply with a new adopted standard from the SEC.

Nevertheless, if there is an SEC mandated enforceable standard, all firms will be subject to it, regardless of size or prior system limitations. Therefore, it is incumbent upon advisory firms to learn what might apply to them and investigate ways to incorporate new standards into the operations of their firms.

One important issue is likely to be the integrity of a scanned original document. What guarantees are in place to ensure that any document is, in fact, an unaltered original? There are, at present, at least two methods of assuring this. First, some scanners can apply a digital post-imprint code on a scanned image.

Fujitsu, for example, offers such scanners: Its Fujitsu fi-6140 is the only scanner in its class featuring an optional post imprinter capable of printing up to 40 freely definable alphanumerical codes on the back of scanned documents in order to simplify the search for an original document at a later date. This feature can be combined with a digital imprint on the scanned image verifying its authenticity as an original.

A second method involves an audit trail for a document created by the scanning software. This trail shows the creation date and a historical record of every time someone accessed the document or altered it when it was viewed. Laserfiche (http://www.laserfiche.com), a leading provider of scanning and document management solutions, has added an audit trail feature to its software.

According to the company's Web site, the Laserfiche Audit Trail allows a user to easily monitor who has been viewing which documents and when. This allows a firm to monitor sensitive case documents that need to remain secure, track staff productivity or document search activity for public records. The software also ensures that this information is always readily available through easily discernible audit logs. The audit trail allows nonstop monitoring of server activity and can sort by any field to easily accommodate search preferences.

The software has the following highlights:
It allows a search by title, location,
first visited, last visited, expiration and visit count.
It offers precise round-the-clock tracking of document usage.
It offers an instant display of the itemized audit log.
It offers a detailed monitoring of staff productivity.
It records in real time (the audit log is instantly updated when you perform an action).
It enables selective reporting and queries.
The file security is only accessible by the system administrator and not by every workstation.
The advanced edition has the same features as the starter and standard editions, but also records changes in security settings so that management and system administrators can monitor system activity:
It can track who assigns which rights to which users.
It can maintain records of searches performed in the Laserfiche repository.
It requires users to submit reasons for printing, e-mailing and exporting documents.
It enforces the application of watermarks containing the name of the user responsible for printing as well as other information.
It monitors attempts to change passwords.

Another program that has advanced audit-trail capabilities is DocuXplorer (http://www.docuxplorer.com). DocuXplorer security and event logs allow users to comply with regulations under Sarbanes-Oxley and the Health Insurance Portability and Accountability Act,  SEC and NASD rules for document security, confidentiality, retention and audit trails.

DocuXplorer security, like other programs, allows users to select default settings for read-only, read/write and full controls, but it also allows users to customize permissions for individuals and groups for any function of the program depending on each person's security and business process needs.

Ultimately, the system you choose will depend on what the SEC ruling will identify as the standard. However, if you already own one of these systems, chances are you are probably covered for whatever standards may be imposed.

David Lawrence, AIF (Accredited Investment Fiduciary), is a practice efficiency consultant and is president of David Lawrence and Associates, a practice-consulting firm based in Lutz, Fla. (www.efficientpractice.com). David Lawrence is a much-sought-after public speaker on a variety of leadership, financial and technical topics. For details, visit www.davidlawrencespeaks.com.