Financial service firms must be especially vigilant about how they manage their email traffic. Hosted email management solutions is one way to keep out of trouble.
Here’s the problem: Today, email is the most widely used software application on the planet. For that reason, sensitive data that used to be conveyed in written documents between financial firms finds its way into emails. If these get into the wrong hands, firms could at least lose some competitive advantage and at most get prosecuted for malfeasance or sued for sexual harassment.
So the consequences for financial services firms that irresponsibly manage their email traffic can be steep indeed. Email management products protect them against the administrative, legal, and regulatory vicissitudes that accompany the explosion of email in corporate life.
Drivers of Email Management
According to David M. Smith, Research Analyst, Messaging, Gartner, “legal discovery is the biggest driver of email management.” Discovery requires that organizations produce in a timely fashion all records relevant to a subject matter like an incidence of malfeasance for which they are being investigated.
Barclay Blair, Director, Technology Practice at Kahn Consulting, Inc. a legal consultancy specializing in information management, explains in concrete terms the possible consequences for a company if it sloppily maintains its emails. In a case involving Murphy Oil USA, Inc. and Fluor Daniel, Inc., the discovery cost to the latter of searching through 14 months of stored email tapes (about 20 million pages of messages) cost more than $6 million and took six months. So the company may have lost more in preparing for the suit than it did in fines resulting from possible loss of it. Unfortunately, this is not uncommon when corporations go to court.
Spending $20,000, $30,000 or $50,000 on an e-mail management system seems a small price to pay by comparison.
It also extends to requests for information that prove an organization like a bank has not violated SEC regulations. Some financial companies improvise solutions for discovery. For instance, once a user’s PC email cache has been exhausted, he might be asked to copy the archived emails into a separate file. Unfortunately, few people do. As a result, if not automatically managed, emails that could be critical to a discovery request could disappear.
Other regulations also govern practices like retention of records. According to Craig Olson, Vice President of Corporate Marketing, Zantaz, a major email application service provider (ASP), under the US Securities and Exchange Commission Rule 17a-4, broker/dealers and financial exchange members must preserve all electronic communications relating to the business of their firms in a non-rewritable, non-erasable format for three years. This usually means storing them on WORM (Write Once Read Many) optical discs on which data cannot be changed once recorded. Furthermore, he says, the financial company must give a third party access to the retained emails so regulators can go through the third party if they need access.
The Sarbanes-Oxley Act mandates that executives at financial companies are responsible for the financial conduct of the company and may need to refer to emails to verify employees have not participated in illegal practices. Compliance officers at brokerages even have to periodically review a 20 percent random sampling of emails between brokers and clients to police emails for violations in this regard. Email archival products vastly expedite these processes.
The Value of an ASP
Hosted solutions often do so cheaper, faster, and better than installed ones. They require small up-front set-up fees and spread out subscription fees over extended periods. Suppliers can deploy them faster–sometimes in a few days. What’s more, the service provider maintains and upgrades the application and provides all personnel for doing so.
As a result, the financial services firm has little IT staff and equipment overhead and no management headaches. The companies in Table 1 offer hosted email management services; the chart also notes their most salient characteristics.
Table 1 – Selected Hosted Email Management Providers And Services | ||
Service Provider | URL | Activities Performed by Email Management Product |
ZANTAZ | Zantaz.com | Archival |
Postini | Postini.com | Archival |
MX Logic | Mxlogic.com | Archival |
MessageLabs | Messagelabs.com | Security |
Ziplip | Ziplip.com | Archival |
LivePerson | Liveperson.com | Collaboration |
Docharbor | Docharbor.com | Archival |
According to Gartner, the volume of emails received by enterprises is growing by 40 percent a year. Most email caches on PCs can store about 25MB of data, which most users exhaust in a month or so. Then they have to purge it or lose old emails as new ones replace them in the cache. So managing these messages in an efficient manner with email management products–consolidating emails onto one server instead of on users’ separate hard drives and indexing them for quick retrieval–has its rewards.
This process is especially cost-efficient when outsourced to an ASP. The ASP houses the repository onto which all the customer’s e-mails are consolidated and indexed as well as the email management software that customers can use via Web browsers to retrieve specific messages. The customer simply leases the service for an affordable monthly fee.
With these tools, archiving and finding emails is easier, says Chris Williams, Analyst, Ferris Research, an email consultancy. Some products even offload old emails and attachments to yet another repository which shrinks the corpus companies have to manage and makes it easier to back up and restore. Some ASPs that offer email management as an outsourced service will even archive emails offsite as a back-up copy in the event of disasters.
The Types of Email Management Applications
Archival is the most popular type of email management. Archival products index all data in an email–that is, in the header, body and attachments–and search according to date ranges, sender, and/or recipients. These products can also search by full text for the body and attachments. Some also create full audit trails of actions performed on emails like access, editing, deleting, as well as by whom and at what time and date.
Without these products, says David Via, Analyst, Ferris Research, companies “have to go to a back up tape, restore their messaging system, and somehow try to extract the information they seek from the documents.” A search like this, he explains, often requires that IT manually look through the headers, bodies, and attachments of all emails to verify they contain the information they’re looking for–a difficult, time-consuming, and expensive process.
Email management products also do what’s known as collaboration. Typically, these field and automatically route incoming emails to appropriate recipients. For example, a financial firm might use a product like this in its customer service call center. Emails arriving in the general support mailbox are scanned by the software and, based on their subject matter, are parsed and automatically routed to experts in the email’s subject matter–say, retirement funds. The expert either replies or sends the appropriate canned response if that is possible. Obviously, this obviates the need for staff to open every incoming email, decide who should answer it, and then route it to them. Making the call center operation more productive saves the financial company money.
Email management products can also perform security functions. Some encrypt sensitive outgoing emails. For instance, a stockbroker buying lots of stock in a company for a client might not want to signal others that he is doing so, because that might prompt them to buy, causing the price of the stock to go up. Others purge sensitive emails from the recipients’ mailboxes after a set period from when they were sent and make it impossible to cut, copy, or print emails to guarantee they don’t become public.
Others filter out spam and viruses. They quarantine received messages and allow only the designated recipient–like someone in management–to open them with a password. This is a common strategy for screening pornography that employees might try to download off the Internet. Still others prevent emails that violate established policy from leaving the organization to prevent the company from getting sued for company violations like an employee sending sexually harassing email.
If financial institutions do not manage their emails properly, there are real world consequences.