Workspace FINRA configuration guide

Supporting compliance with FINRA

​Supported edition for this feature: Enterprise Plus with the Assured Controls and Assured Controls Plus add-ons.

If you're in the Financial Services Industry (FSI) and need to follow Financial Industry Regulatory Authority (FINRA) rules, you can use Google Workspace to export and archive your data. This article provides an overview of the settings and features that you and other Google Workspace administrators can apply to support compliance with the FINRA and other financial services regulations. 

FINRA compliance for Workspace

FINRA compliance requires that records are archived and communications are monitored. Supported Workspace features address the electronic records requirements specified by multiple regulatory bodies for financial services institutions, including:

  • Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f)(2)
  • SEC in 17 CFR § 240.18a-6(e)(2)
  • FINRA in Rule 4511(c), which defers to the format and media requirements of SEC Rule 17a-4(f)
  • Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d)

For more information, go to the FINRA website.

Workspace configuration

Gmail, Google Calendar, and Google Chat exports capture communications-based records that you can set up to automatically export to third-party platforms. You can turn the following Workspace features on or off to meet critical recordkeeping, supervision, surveillance, and oversight requirements.

  • Gmail—Journal all emails from a specific organizational unit or a group in Google Groups to a third-party mailbox using SMTP. 
  • Chat—Journal all chat events for a specific organizational unit or group to a third-party mailbox using SMTP. 
  • Calendar—Journal all calendar events for users in a specific organizational unit or group to a third-party mailbox using SMTP. 
  • Google Drive—Export all Drive files that are labeled for compliance archiving to a Google Cloud Storage (GCS) bucket using the Data Export tool. 
    • Data records are archived by AODocs Compliance Archive, a third-party records management solution by AODocs, Inc.
    • Drive records are archived by a third-party records-management solution called AODocs Compliance Archive by AODocs, Inc. 
    • AODocs Compliance Archive is an advanced content-management service that’s integrated with Workspace and GCS. It meets the securities industry requirements for preserving electronic records in non-rewritable, non-erasable format for applied retention periods and legal holds.
    • When you use the AODocs integration, you can label Drive files for compliance archiving. These records are locked, meaning the access control lists (ACLs) are removed and stored in an indexable format in a GCS bucket.

All Workspace admins who are responsible for setting the archival and surveillance requirements within the tools used across an FSI organization can complete these tasks. All admins are expected to configure, monitor, and operate the tools required to remain in compliance with key FSI regulations (earlier on this page), including FINRA.

Configure FINRA compliance for Gmail

You can set up a third-party archiving solution to archive Gmail journal messages. For detailed instructions, go to Integrate Gmail with a third-party archiving solution.

Configure FINRA compliance for Chat

Set up a third-party solution to archive Chat messages as email journal archives. For detailed instructions, go to Integrate Chat with a third-party archiving solution.

Configure FINRA compliance for Calendar

Set up a third-party solution to archive Calendar events and their details as email journal archives. For details, go to Integrate Calendar with a third-party archiving solution.

Configure FINRA compliance for Meet

As an administrator, you can tailor Meet's functionality to your organization’s financial services compliance needs. For details, go to Manage Meet settings (for admins)

Configure FINRA compliance for Drive

The integration between Workspace and AODocs is designed to help organizations meet FINRA compliance requirements, specifically for Drive data to meet SEC 17a-4 requirements. When Drive documents are finalized in AODocs and given a label, the Data Export tool exports them to a customer-owned GCS bucket with Write Once, Read Many (WORM) storage turned on. AODocs then indexes this data from the export bucket and copies it to its own immutable GCS buckets according to defined retention policies, making it searchable for compliance purposes.

Complete the following steps to set up AODocs and Drive:

  1. Set up a Compliance Archiving module in AODocs. For details, go to the AODocs website.
  2. Schedule a supporting FINRA export for Drive to export your organization’s Drive data to a GCS archive. AODocs takes the data from this store and copies it for indexing. For instructions, go to Set up a FINRA compliant data export

Need more help?

If you have questions about setting up Workspace for FINRA compliance, contact your Google Sales representative.


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
7650013580478231402
true
Search Help Center
true
true
true
true
true
73010
false
false
false
false