June 25, 2018

Keeping ahead of the due diligence regulatory storm

Scott Snyder, Sr. Director, Product Marketing | June 25, 2018

The development of a comprehensive strategy for compliance monitoring and reporting data room activity requires ongoing extensive planning and preparation, especially when dealing across industries, lines-of-business, geography-specific standards, and complex global regulatory requirements.


In 1934, the SEC enacted the Securities and Exchange Act. The act was in response to the financial practices that many believed caused the 1929 stock market crash. The act is a set of laws that require companies to make and keep records that can be used for reviewing and auditing securities transactions.

In May 2003, the SEC enacted an amendment to primary rule 17a-4 to allow broker-dealers to store records electronically, including communications and messaging such as email and instant messages for at least six years. Organizationally, these rules generally apply to banks, securities firms, stock brokerage firms, and any financial institutions that deal in the trading of securities of any type that are governed by the SEC. It also includes any entities that fall under the jurisdiction of the National Association of Securities Dealers (NASD).

Practically, what this means is that e-communications for these firms must be retained and supervised to meet the requirements:

  • SEC 17 CFR 240.17a-3 (FINRA), “Records to Be Made by Certain Exchange Members, Brokers and Dealers” – the requirement to make records
  • SEC 17 CFR 240.17a-4 (FINRA), “Records to Be Preserved by Certain Exchange Members, Brokers, and Dealers” – the requirement to preserve records
  • NASD 3010 and 3110 refer to and inherit the same requirements of 17a-3 and 17a-4 as applied to the NASD, demanding the creation of policies and retention of reviewable customer records and transaction data.

Ensuring compliance with regulatory requirements

Compliance professionals recognize that recordkeeping requirements apply not only to internal e-communications, but also to technologies outside their organization where e-communications take place, including due diligence applications.

With the introduction of Merrill DatasiteOne, the only SaaS app for due diligence, our product engineers have taken steps to ensure comprehensive records of these communications are available to the compliance department. In addition, they have added tools to deliver complete data room activity transparency across an organization’s employee base.

1. Regulatory compliance data feed – Regulatory compliance continues to be an ongoing concern for many companies. This is especially true for compliance departments at banker/advisor organizations where even the hint of impropriety between the deal side of the business, and the trading side of the business, can earn the ire of federal regulators that are on the lookout for unethical business practices. Two new tools assist with this challenge.

  • Active project data room monitoring – A new compliance feed provides a daily update of electronic communications that occur across DatasiteOne projects. This will include all email communication (invitations, alert messages, free-hand email messages), as well as Q&A forum communications including attachments not currently in the data room. Subscribers can import that daily feed and add the data to their e-communication retention system.
  • Pre-diligence data room monitoring – This critical activity monitoring and reporting delivers user invitation and activity information for data room projects before launch. This affords the compliance department visibility to all users invited, active, and their last login to the data room. It also can confirm that only authorized users are on the invitation list and brings awareness when others from outside the organization are invited. With this visibility, compliance professionals can highlight and question those invitations. A good example is when a non-corporate address is used to access to the data room. The compliance department may flag that address and direct the project administrator to revoke login credentials.

2. Domain activity reporting – DatasiteOne projects often involve dozens, if not hundreds, of individuals from a given organization. The compliance office requires the ability to track and report on user log-in activity on each project. They must also have visibility to track which user IDs are active to make sure employees who have left the organization don’t use outdated credentials to access projects or share information. This new reporting mitigates these challenges.

Keeping you ahead of the storm

To meet the specific challenges of an ever-evolving global regulatory compliance landscape, Merrill is continuously developing and introducing features and functionality to DatasiteOne that are designed to address the requirements of corporate governance and regulatory compliance.

Merrill’s half-century of global expertise, and commitment to forward-thinking technology, provides the resources to make the high-stress, high-risk world of due diligence more manageable. Aligning that technology with industry-leading customer service, including 24/7/365 expert service available in 14 languages by phone, email, chat, and in-person, helps our customers secure success.

Learn more about DatasiteOne or request a live demo.

Ready to Get Started?

You may also like:

How Buy-Side Legal Teams Can Beat the Five Big Blockers

Friction, inefficiencies, and lack of central control can jam the gears of any deal, especially on the buy-side. And the lost time can sink any transaction. You didn’t cause these problems. But you can fix them with the right tools.

M & A Professionals discussing a Data Room
Corporate Conversations: Q&A with Will Chuchawat

Will Chuchawat heads up the Private Equity and M&A Group at the international corporate law firm Proskauer Rose LLP. Following the release Datasite’s report, As the Tide Turns, What’s Next? H2 Market Outlook, we asked Will to share his views on the trends we identified.

M & A Professional Working on a Data Room
Market Spotlight: Aging populations sparking PMB growth in APAC

The advancement of the healthcare industry in South Korea and Japan has provided a fertile bed for M&A in the pharmaceutical, medical, and biotech (PMB) sector. Is this enough to attract foreign dealmakers? Learn more in this market spotlight blog.

Scientist studies rack of test tubes