Guidelines for FINRA SEC 17a-4 Compliance for Broker-Dealers

  • Email Archiving
  • Laws and Regulations

    • Guidelines for FINRA SEC 17a-4 Compliance for Broker-Dealers

    According to the Security and Exchange Commission (SEC) Rule 17a-4, banker-dealers in the financial services manufacture are required to retain and index electronic correspondences, including email, with immediate accessibility for a period of two years and with not-firsthand access for at least six years. Equally a result, broker-dealers demand to be able to securely store hundreds of thousands of emails every day and access them at a moment's notice. Failure to comply with SEC 17a-4 can outcome in astringent penalties, ranging from fines to even the possibility of jail time.

    Due to the gravity of an SEC 17a-four violation, as well as other regulations divers by the Financial Institution Regulatory Potency, broker-dealers are turning to digital archiving solutions for instant and secure access to records.

    Sentry our 15-minute demo to see how nosotros're helping businesses meet compliance standards >>

    What is SEC Rule 17a-4?

    Instituted in the interest of protecting investors from fraudulent or misleading claims, the original Securities Substitution Act of 1934 authorized the SEC to outcome record-keeping rules for banker-dealers, including the retentivity and furnishing of copies of records "necessary or appropriate in the public interest, for the protection of investors or otherwise in furtherance of the purposes of the Substitution Human activity."

    Typically listed together, Rules 17a-three and 17a-iv require banker-dealers to preserve each transaction record and general business records "in an easily accessible manner." Rule 17a-4 was later amended to include electronic record keeping, pregnant banker-dealers could now apply digital storage to retain records, provided it did not overwrite or erase records for the required retentiveness period (more on that after).

    When Did SEC 17a-four Go Into Effect?

    SEC Rule 17a-iv was originally instated in 1993; information technology was afterward amended to include electronic tape keeping in 1997.

    Who is Afflicted by SEC 17a-4?

    SEC Rule 17a-iv applies to banker-dealers and other relevant parties who trade securities or act as brokers for traders, including banks, securities firms, stock brokerage firms and whatsoever other entity that falls under the jurisdiction of the Financial Manufacture Regulatory Authority (FINRA).

    What Are the Bones Requirements of Rule 17a-4?

    In a nutshell, SEC Rule 17a-iv requires banker-dealers to shop all business organization records for a flow of no less than six years on non-rewriteable and non-erasable media. Firms that store information electronically are too required to maintain a human relationship with the third-party provider responsible for storing their records.

    What Happened to the NASD?

    The National Association of Securities Dealers, or NASD, was founded in 1939 to oversee the operations and activities of the NASDAQ stock market. In 2007, the NASD merged with the New York Stock Substitution to create FINRA.

    What Does FINRA Do?

    FINRA is an independent regulatory arrangement that ensures fair fiscal markets in the U.S. by:

    • Deterring misconduct past enforcing rules
    • Disciplining those who break those rules
    • Detecting and preventing wrongdoing in the U.S. markets
    • Educating and informing investors
    • Resolving securities disputes

    According to Investopedia, "The SEC is responsible for ensuring fairness for the individual investor and FINRA is responsible for overseeing virtually all U.S. stockbrokers and brokerage firms. In the grand scheme of things, FINRA is overseen by the SEC." The SEC originally used NASD Rules 3010 and 3110 to enforce 17a-4, but those accept been superseded by FINRA Rules 3110 and 3170.

    What is WORM Compliance?

    WORM is short for "write once, read many" and refers a specific data storage format that writes data to a single disk a single fourth dimension and prevents the erasure or alteration of any data on that disk thereafter. Back in the 24-hour interval, when broker-dealers and firms stored information on physical hardware, such every bit CD-ROMs and floppy disks, the WORM format made it piece of cake to maintain SEC Rule 17a-4 compliance.

    However, now that cloud storage has become the most popular way to store financial records, firms are running into issues with WORM compliance. From Wells Fargo Securities to Hancock Investment Services, a number of securities firms and brokerages accept establish themselves on the wrong side of WORM compliance and have suffered the consequences — that's why, when looking for a digital storage organisation, it'south vital that broker-dealers look for a solution that maintains unalterable, non-rewriteable and non-erasable records.

    How Long Do I Have to Preserve Communications for 17a-4 Compliance?

    Co-ordinate to the SEC, "Every member, broker and dealer discipline to § 240.17a-4 shall preserve [all records] for a menstruation of non less than 6 years, the start two years in an easily accessible identify." In addition to SEC Dominion 17a-4, all broker-dealers discipline to SEC Rule 17a-3 must preserve the post-obit materials for a minimum of three years, the start 2 of which they must be hands accessible:

    • Check books, banking company statements, cancelled checks and cash reconciliations
    • All bills receivable or payable (or copies thereof), paid or unpaid, relating to the business organization of a member, broker or dealer
    • Originals of all communications received and copies of all communications sent by the member, broker or dealer relating to business
    • All trial balances, computations of aggregate indebtedness and cyberspace capital, financial statements, co-operative part reconciliations, and internal inspect working papers
    • All guarantees of accounts and all powers of attorney and other bear witness of the granting of whatsoever discretionary authority
    • Copies of resolutions empowering an agent to act on behalf of a corporation
    • All written agreements (or copies of thereof) entered into by a fellow member, broker or dealer relating to concern
    • Records in support of amounts
    • And so on

    What Are the Penalties if I Neglect to Comply With Rule 17a-4?

    The SEC has fined some of the largest investment banks in the world, including Goldman Sachs & Co., Citigroup Inc., Morgan Stanley & Co. and Bank of America for policies and procedures that violate 17a-4 compliance.

    In 2017 lonely, FINRA fined 12 of its largest member firms a combined $14.iv 1000000 for violation of SEC Dominion 17a-4, specifically, failure to keep "hundreds of millions of electronic documents in a WORM [format]," as well as Rule 3110. These firms included Wells Fargo & Co., SunTrust Robinson Humphrey and PNC Upper-case letter Markets.

    As you lot tin see, the criteria for 17a-4 compliance are strict, and the penalties for violation severe.

    How Can I Stay Compliant With SEC Rule 17a-4?

    Every bit outlined above, in order for broker-dealers to comply with SEC regulations nether Dominion 17a-4, they must retain electronic communications with customers, too as all other communications germane to their business, for at to the lowest degree six years on non-rewriteable and non-erasable storage. Rule 17a-4 does allow for broker-dealers to implement digital storage systems that inhibit alterations, erasure and loss of electronic files for the required archiving menses.

    These communications must exist easily attainable, indexed and, per WORM compliance, stored on non-erasable, non-rewriteable media. This long-standing requirement has gained more than attention equally of belatedly due to increased enforcement from federal regulators.

    What is D3P Compliance?

    The SEC besides enforces a Designed Third Party (D3P) Dominion, which, according to Iron Mountain:

    "…requires [broker-dealers] who store data electronically to maintain a human relationship with an independent third party who can admission their records in the event of an audit or request [the broker-dealer] is unable or unwilling to replenish this information."

    Since the onset of D3P compliance regulation, broker-dealers accept get proactive in complying with this rule. FINRA requires broker-dealers to present a D3P "Letter of Undertaking" and all documentation and service agreements that prove D3P compliance. These tightened regulations make information technology important for broker-dealers to choose a D3P for electronic record storage.

    Rule 17a-four besides requires that a indistinguishable re-create of each record must exist kept on write-once media. The banker-dealer must store these duplicate files in a carve up location than the original.

    FINRA SEC Rule 17a-iv Compliance in Summary

    The following is a summary of how to implement and enforce 17a-4 compliance:

    • Have written and enforceable memory policies
    • Store data on non-erasable, non-rewriteable media
    • Maintain a searchable index of all stored information
    • Have readily retrievable and viewable data
    • Maintain storage of information offsite

    Intradyn designs archiving solutions specifically for the financial services industry that are designed to do all of the above and more in the interest of maintaining FINRA and SEC 17a-4 compliance, likewise equally other regulations enforced past major agencies. Contact us today to learn more than about how our solutions tin can give you complete peace of mind when information technology comes to ongoing regulatory compliance.

    As the master operating officer and co-founder of Intradyn, Adnan provides wide-ranging oversight of day-to-solar day operations. He has two decades of feel helping to shape the direction of archiving solutions and has been instrumental in the success of the company's global capabilities.

    FINRA Compliance Checklist

    Avoid Hefty Penalties With Our FINRA/SEC 17a-4 Compliance Checklist.

    Download Now