Established as part of the Securities Exchange Act of 1934, SEC 17a-4 defines a set of records preservation and retention requirements for registered broker-dealers. SEC 17a-4 itself became part of the law in 1997, and in recent years, enforcement of this rule—along with the consequences for violating it—have increased significantly.

As recently as 2016, the SEC fined Wells Fargo $4 million for their failure to keep some of their records in a read-once, write-many (WORM) format, one of the key provisions of 17a-4. For simply using a file format that had the possibility of being edited, a company was fined millions.

Outlined in this 14-page PDF released by the SEC, the implications of SEC 17a-4 can be significant for your business and its bottom line.

Read below to

Retention Periods – Rule 17a-4 (a), (b), (c), (d)

This section of the rule outlines records retention requirements for today’s broker-dealers. It requires that firms retain most of their records for 3-6 years, whether they’re hard-copy documents or electronically stored information (ESI) such as emails.

Figure 1: The standard records management lifecycle for most broker-dealer record.

To meet these requirements, most organizations need a way to classify and track records throughout their lifecycle, from the date they’re created, through their time in use, their retention period and eventually final disposition or archival. They’ll also need a solution that is able to put all these documents in the right place.

This is where document and records management tools come in. A document management system can help you gain control over all the different types of information you need to keep track of and even capture your paper documents for storage in a digital format. Many records management solutions offer the ability to monitor record lifecycles and notify you when records need to move from one stage to the next. In addition, advanced records management systems allow you to define retention schedules and policies at the folder level, saving records managers from having to store or move records through their lifecycles one at a time.

Non-Rewritable, Non-Erasable – Rule 17a-4(f)(2)(ii)(A)

This part of SEC 17 a-4 dictates that broker-dealers must preserve information exclusively in a non-rewritable, non-erasable format. This means that once a firm finishes using a record and is ready to put it into retention, they must retain the record in a format where it cannot be changed, moved or deleted.

The best part of using records management software to assist with this is that you can support record integrity even before the record enters retention. Even when actively working with files, a quality records management solution can set up read-only restrictions for particular records, which can assist in preventing their modification, relocation and deletion. Some systems even feature legal holds that you can set on records to pause their lifecycle for use in litigation. Still, while these powerful features provide assistance when records are active, SEC Rule 17a-4 specifically requires that records in retention are stored in a write-once, read-many (WORM) format.

There are two ways you can create a WORM environment to support compliance. The first method is simply to purchase WORM-compliance hardware and store your information on it. Once data is on these drives, it is impossible to modify, move, or delete its contents unless you physically destroy the drive itself. You can also utilize a software solution that enables a strict compliance mode, which will simulate the hardware level features of a WORM drive. One of the benefits of using software-based WORM through a strict compliance mode is that you can apply it to cloud and SaaS solutions in addition to local servers.

Quality and Accuracy of Recording Process – Rule 17a-4(f)(2)(ii)(B)

In addition to setting standards for records themselves, SEC Rule 17a-4 also requires that broker-dealers “verify automatically the quality and accuracy of the storage media records process.” This means that you must preserve data integrity and quality for examination from auditors. The right records management solution would have the tools necessary to keep logs of these processes and catch input or output errors. To preserve business continuity—some solutions even automate the process of data replication and creating backups. Most importantly, the best solutions detect file corruption, degradation of storage media and file tampering, which gives you peace of mind that you’re presenting auditors with up-to-date, valid and accessible information.

Serialized Original and Duplicates – Rule 17a-4(f)(2)(ii)(C)

SEC 17a-4 further requests that broker-dealers serialize their electronic storage media and time-date this media for its required retention period. This makes it easy for auditors to identify records and establish a timeline for each record as it goes through its lifecycle.

To assist broker-dealers in fulfilling this request, the right records management solution can make records easy to identify and place chronologically. Many of them assign unique numeric entry IDs to each record, and then store the record’s entry date and last modified date in the system. Some records management solutions even allow you to locate records by their assigned entry ID, their creation date, or any retention policies that may pertain to them. This search ability makes it easy to generate reports that auditors can review.

Downloading Indexes and Records – Rule 17a-4(f)(2)(ii)(D)

To comply with SEC 17a-4, a firm’s electronic storage media must “have the capacity to readily download indexes and any records preserved on the storage media to any medium acceptable. This means that the records management solution you choose needs to make its records downloadable in an accessible format.

A robust records management solution will allow you to download files in a variety of formats, from TIFF to PDF, or in its original, unedited format. Those that are a step above may even permit the download of multiple records in an archive file format such as a ZIP file. These download format options give auditors flexibility in how they view records, which minimizes the risk of having readability issues that could delay the audit process.

Easily Readable – Rule 17a-4(f)(3)(i)

Further emphasizing the need for auditors to be able to read from your records, 17a-4 states that firms must “at all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images.” Similar to how 17a-4 (f)(3)(i) establishes format readability, this part of the rule focuses on the need for firms to give auditors the proper mediums to review records.

An accessible records management solution will give auditors choices on how to view your records, whether it’s from a desktop, web-based or mobile application. Others will go a step further and include built-in document viewers and the ability for authorized users to export documents, giving auditors even more options.

Facsimile Enlargement – Rule 17a-4(f)(3)(ii)

This section declares that a broker-dealer must “be ready at all times to immediately provide, any facsimile enlargement” that may be requested by the governing authorities. This statement takes the issue of readability in a direct way—it demands that broker dealers not only make files accessible, but also ensure that auditors can physically read the files with ease.

Records management software can offer zoom functionality to assist in meeting these demands, and even support record printing for more scrutinizing review.

Separate Duplicate Copies – Rule 17a-4(f)(3)(iii)

According to SEC Rule 17a-4, a firm’s electronic storage media must “store separately from the original, a duplicate copy of the record stored on any medium acceptable” under 17a-4.

This requires firms to keep copies in separate places. This way, if something happens to the location containing one of the copies, others are unaffected. A proper records management solution can assist you in efforts to both preserve business continuity and meet compliance requirements by replicating contents across multiple geographic locations and monitoring data storage for durability.   f

Organize and Index Original and Duplicate Records – Rule 17a-4(f)(3)(iv)

Under 17a-4, firms are required to “organize and index accurately all information maintained on both original and any duplicate storage media.” This means that as a broker-dealer, you need to have information searchable and easy to locate.

Most records management software solutions allow you to search records by keywords or an ID number, and index scanned documents using optical character recognition (OCR). The best solutions even allow you to share links to records securely in custom-made reports. These features can give auditors a quick reference of records presented to them, with the added ability to search for records if necessary.

Audit System – Rule 17a-4(f)(3)(v)

This section requests that broker-dealers “must have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved” and the “inputting of any changes made to every original and duplicate record maintained and preserved thereby.” Simply put, broker-dealers need an audit trail that keeps track of changes made to records and other activities taking place where records are stored.

Records management software can offer extensive auditing capabilities to track system activity. Some solutions even allow you to view, filter and sort audit information and export it in the form of convenient reports. In addition, the right records management software can keep track of what has happened to a record, even after it has entered disposition or finished its lifecycle.

Access to Records by Regulators – Rule 17a-4(f)(3)(vi)

According to SEC Rule 17a-4, upon request, a broker-dealer must provide prompt access to records and indexes stored on electronic storage media. This means that even if you stop using a records management solution for any reason, the SEC may still ask you for the records stored on the associated system.

Still, the best software vendors out there will offer to keep your data after you stop using their services, at least for a short time. This can give you the peace of mind that you’ll be able to present information to auditors when they request it.

Third-Party Undertaking – Rule 17a-4(f)(3)(vii)

An important requirement to meet, this part of the rule states that broker-dealers must allow for one or more designated third parties (D3P) to download their digitally stored records when the SEC requests them. In addition, any D3Ps must sign and file an undertaking regarding these records with the broker-dealer’s designated examining authority (DEA).

 

Figure 2: Instead of providing records directly to the SEC, broker-dealer firms need to have a D3P download their records and provide them to the SEC instead.

Some vendors of records management software can also act as your D3P. As the vendor is already familiar with the software, this makes the process of having the D3P download your data and present it to the SEC a seamless one.

A Comprehensive Package

With the right records management solution, you can make meeting the compliance challenges presented by SEC Rule 17a-4 a breeze. However, to achieve the best results, you need to choose the right records management software that fits your needs and the requirements set by auditors.

Want to learn more? Get your SEC 17a-4 Compliance Guide and learn more about which software features you can use to simplify record-keeping compliance in your organization.

Related Posts