Published: 26 June, 2012

Legal and compliance issues around hedge fund marketing emails

I have been alarmed at the number of compliance issues ignored at asset managers and hedge funds in relation to their email marketing campaigns.

Systems have been implemented that have no compliance functionality – mainly due to the fact that vendors and managers are not aware of the compliance issues.


This blog post has come about through my alarm at the number of compliance issues that are being ignored in relation to email marketing in the finance sector. Systems have been implemented that have no compliance functionality, which is mainly due to the vendors and managers not being aware of the compliance issues.

To try and remedy this I have summarised the main points of email compliance from the ProFundCom website.


ProFundCom is the only email platform to comply with three very specific compliance directives:

  • FSA Rule SYSC 3.2.6R, which states that ‘a firm must take reasonable care to establish and maintain effective systems and controls for compliance for electronic communication.’
  • Securities and Exchange Commission (SEC) Rule 17a-4, which describes stringent rules governing the storage of all electronic messages including email and instant messages.
  • ISO 27001 Security Management Standard. This is an international quality for email and data security and compliance, which was introduced in 2005.

Data Retention

ProFundCom complies with the latest SEC and FSA regulations that stipulate records of electronic communications are stored for at least seven years if they relate to particular types of business. The types of business include receiving and executing client orders, negotiating, agreeing and arranging transactions across the equity, bond, financial commodity and derivatives markets, as well as offers of services and products to prospects or existing investors. Electronic communications subject to the new retention requirements include faxes, e-mails and instant messaging. Many firms, in response to the FSA’s consultation, have reported that their existing technologies do not allow the recording and retention of all of these types of communication. However, all clients of ProFundCom have this ability.


ProFundCom complies with the Securities and Exchange Commission (SEC) Rule 17a-4, which describes stringent rules that govern the storage of all electronic messages, including email and instant messages.

ProFundCom stores all emails that have been sent out from the system in a special write-once table, where it remains locked for the SEC regulatory period of seven years. These transaction can be queried directly via the ProFundCom Interface to provide immediate regulatory body access.

To comply with the regulation the index can be searched and used to retrieve records; all activity in the message store is monitored. This data can also be made available to other corporate email archiving applications via our XML interface. Products we have integrated with are InterWoven, PlumbTree, Legato and FileNet using the PFC XML interface. If an email archiving system is already in place, or if tight integration is not required, all emails generated by ProFundCom can be bcced to that account.

Identity Management

All ProFundCom access is provided via a secure login that requires username and password authentication. Extensions to ProFundCom are also available that lock a login to a specified IP address or to a dynamically changing key.

Document Security

Documents in the ProFundCom library are stored in a database where they can be retrieved only by the ProFundCom system. Data is placed in the ProFundCom system only via the personalised and secure html links in the emails sent. This process ensures that documents are not exposed to web-crawlers or search engines such as Yahoo or Google.

Hosting Environment

ProFundCom servers are hosting at Rackspace and Star Networks for failover and redundancy objectives.

ProFundCom uses some of the most advanced internet security technology available. When you access your ProFundCom server, your information is protected using both server authentication and data encryption, ensuring your data is safe, secure, and available only to registered users in your organisation. Your data will be completely inaccessible to your competitors.

ProFundCom provides each user in your organisation with a unique user name and password that must be entered each time a user logs on. ProFundCom issues a session ‘cookie’, but this is only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user. ProFundCom does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.

In addition, ProFundCom is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders.

SAS90 and ISO9001

ProFundCom has become an ISO 9001:2008 compliant organisation in addition to being a SAS90 certified organisation. The certification is accredited by the United Kingdom Accreditation Service (UKAS).

The certification of compliance with ISO 9001:2008 recognises that ProFundCom’s policies, practices and procedures ensure consistent quality in the services and products provided to customers.

If you want to find out how ProFundCom can help you use digital marketing to raise assets schedule a demo here

Find out how ProFundCom can help you

Sign up for a 3 month trial. We’ll help you get going and answer any questions.

Try now