June 25, 2018

Keeping ahead of the due diligence regulatory storm

Scott Snyder, Sr. Director, Product Marketing | June 25, 2018

The development of a comprehensive strategy for compliance monitoring and reporting data room activity requires ongoing extensive planning and preparation, especially when dealing across industries, lines-of-business, geography-specific standards, and complex global regulatory requirements.


In 1934, the SEC enacted the Securities and Exchange Act. The act was in response to the financial practices that many believed caused the 1929 stock market crash. The act is a set of laws that require companies to make and keep records that can be used for reviewing and auditing securities transactions.

In May 2003, the SEC enacted an amendment to primary rule 17a-4 to allow broker-dealers to store records electronically, including communications and messaging such as email and instant messages for at least six years. Organizationally, these rules generally apply to banks, securities firms, stock brokerage firms, and any financial institutions that deal in the trading of securities of any type that are governed by the SEC. It also includes any entities that fall under the jurisdiction of the National Association of Securities Dealers (NASD).

Practically, what this means is that e-communications for these firms must be retained and supervised to meet the requirements:

  • SEC 17 CFR 240.17a-3 (FINRA), “Records to Be Made by Certain Exchange Members, Brokers and Dealers” – the requirement to make records
  • SEC 17 CFR 240.17a-4 (FINRA), “Records to Be Preserved by Certain Exchange Members, Brokers, and Dealers” – the requirement to preserve records
  • NASD 3010 and 3110 refer to and inherit the same requirements of 17a-3 and 17a-4 as applied to the NASD, demanding the creation of policies and retention of reviewable customer records and transaction data.

Ensuring compliance with regulatory requirements

Compliance professionals recognize that recordkeeping requirements apply not only to internal e-communications, but also to technologies outside their organization where e-communications take place, including due diligence applications.

With the introduction of Merrill DatasiteOne, the only SaaS app for due diligence, our product engineers have taken steps to ensure comprehensive records of these communications are available to the compliance department. In addition, they have added tools to deliver complete data room activity transparency across an organization’s employee base.

1. Regulatory compliance data feed – Regulatory compliance continues to be an ongoing concern for many companies. This is especially true for compliance departments at banker/advisor organizations where even the hint of impropriety between the deal side of the business, and the trading side of the business, can earn the ire of federal regulators that are on the lookout for unethical business practices. Two new tools assist with this challenge.

  • Active project data room monitoring – A new compliance feed provides a daily update of electronic communications that occur across DatasiteOne projects. This will include all email communication (invitations, alert messages, free-hand email messages), as well as Q&A forum communications including attachments not currently in the data room. Subscribers can import that daily feed and add the data to their e-communication retention system.
  • Pre-diligence data room monitoring – This critical activity monitoring and reporting delivers user invitation and activity information for data room projects before launch. This affords the compliance department visibility to all users invited, active, and their last login to the data room. It also can confirm that only authorized users are on the invitation list and brings awareness when others from outside the organization are invited. With this visibility, compliance professionals can highlight and question those invitations. A good example is when a non-corporate address is used to access to the data room. The compliance department may flag that address and direct the project administrator to revoke login credentials.

2. Domain activity reporting – DatasiteOne projects often involve dozens, if not hundreds, of individuals from a given organization. The compliance office requires the ability to track and report on user log-in activity on each project. They must also have visibility to track which user IDs are active to make sure employees who have left the organization don’t use outdated credentials to access projects or share information. This new reporting mitigates these challenges.

Keeping you ahead of the storm

To meet the specific challenges of an ever-evolving global regulatory compliance landscape, Merrill is continuously developing and introducing features and functionality to DatasiteOne that are designed to address the requirements of corporate governance and regulatory compliance.

Merrill’s half-century of global expertise, and commitment to forward-thinking technology, provides the resources to make the high-stress, high-risk world of due diligence more manageable. Aligning that technology with industry-leading customer service, including 24/7/365 expert service available in 14 languages by phone, email, chat, and in-person, helps our customers secure success.

Learn more about DatasiteOne or request a live demo.

Ready to Get Started?

You may also like:

Keep the deal moving - even on the move

With the Datasite mobile app, you always know where the deal’s at – wherever you are.

M&A Professional reviewing documents via data room
The ABCs of SPACs and de-SPAC’ed Entities

With the change in market conditions over the last year (increased inflation, interest rates etc.), there is concern that companies who went public via a SPAC in 2020 and 2021 will not be able to continue their business operations due to a lack of free cash flow or will face de-listing because their stock is not in compliance with the NYSE or NASDAQ requirements. These companies may need to explore alternative options, such as rescue capital raises, full company sale to a strategic, bankruptcy, and PE take-private options, etc.

M&A Professionals work on a data room
M&A and digital transformation: Opportunities and challenges in APAC

The pandemic saw a growth spurt in digital platforms. Will the tech sector be able to sustain investor interest in the face of challenging macroeconomic dynamics? Learn more about emerging digital transformation stories from APAC in our expert spotlight blog.

City Skyline