Compliance Uk Hub

Compliance Gateway: “Belt and Suspenders” Assurance for Regulatory Communications

Proofpoint is excited to announce the newest release of our Compliance Gateway solution (version 2.16). Compliance Gateway enables firms that require the strictest levels of regulatory compliance to track, audit and reconcile all content and digital communications. It helps organizations ensure that every file or communication record originally sent is also in your archive or data store.

Embedded in the latest release of the Compliance Gateway solution is the new upstream reconciliation feature, which provides “belt and suspenders” assurance by allowing organizations to bidirectionally audit and remediate content from the source.

Downstream vs. upstream reconciliation in Compliance Gateway

Compliance Gateway’s existing downstream reconciliation feature ensures that all data is received by a destination system, such as an archive, surveillance system or data store, by generating a reconciliation report to verify successful transport. If a message fails to write to the data store or is flagged as missing, the solution will reattempt to send the data and log potential errors to a reconciliation report.

With upstream reconciliation, Compliance Gateway generates a one-to-one reconciliation report in the form of a manifest before the data is moved from the upstream source application, such as Microsoft Exchange, Microsoft Teams, LinkedIn, Slack, Twitter, Zoom and so on. And once the data is sent downstream to its final storage destination, Compliance Gateway generates an audit log report.

A measure to prevent gaps that can lead to costly fines

Compliance Gateway is an especially important tool for highly regulated firms that must retain their communications end-to-end so that they can comply with continually evolving regulations and prove to regulators that a data store receives their captured content. With complex in-stream compliance and archiving operations, gaps can emerge between messaging and content capture, both from the upstream source as well as the downstream destination. If these firms can’t accurately audit and remediate them, they could face stiff fines and other penalties. 

For example, in 2011, a major broker-dealer was fined $1.65 million for violating FINRA Rule 9216 and NASD 3010, respectively. The firm failed to retain millions of emails pursuant to FINRA requests. That violation was due to three of the firm’s 58 email servers failing to successfully send a journal copy of messages to archive servers for over 2,800 associated users.  

The firm was fined for “failure to establish and maintain appropriate systems and procedures reasonably designed to: (i) achieve compliance with applicable recordkeeping rules; and (ii) detect and remedy deficiencies in its email retention systems, which would achieve compliance with the FINRA and NASD rules. The problem was that the firm had no mechanism in place to audit and validate that the exact same number of messages and content sent to the archive were all successfully captured from the source and written to the destination.   

An accurate message count and audit trail to help minimize risk

A unique solution in the compliance marketplace, Proofpoint Compliance Gateway helps organizations ensure every communication record generated can be found in their repository or data store. The solution provides a complete audit trail of the content’s source, all the way to the destination archive. Potentially missing data is tracked, audited, reported and automatically remediated. Compliance Gateway minimizes the risk of stiff regulatory fines and sanctions while helping to ensure an accurate message count and audit trail for compliance or regulatory investigations.

“Compliance Gateway from Proofpoint provides our most highly regulated clients complete compliance assurance and data fidelity,” says Darren Lee, executive vice president and general manager, Compliance and Digital Risk Business Unit, at Proofpoint. “It provides end-to-end data reconciliation protection, ensuring that all collected communications are preserved and delivered to the Proofpoint Enterprise Archive.”

He adds, “In an ever-evolving market where work from home will remain, we innovate to help every customer protect their compliance posture while achieving business growth now and in the future.”

Compliance Gateway with embedded upstream reconciliation is targeted for general availability in Q1CY22. Contact Proofpoint Sales for more details on how our Compliance Gateway solution can keep your organization compliant and in control.  

Subscribe to the Proofpoint Blog