Why You Should Worry About Rule 17a-4
Last April we talked about how to comply with Rule 17a-4(f) under the Securities Exchange Act (SEA). But because many firms still aren’t correctly fulfilling the regulation’s requirements, we figured it’s time for an update.
The US Securities Exchange Commission, pursuant to its regulatory authority of the under the US Securities Exchange Act of 1934 (outlining data retention and accessibility requirements), issued Rule 17a-4(f) in 1997 requiring broker-dealers, who store records and required books in an electronic format, to comply with precise regulations. For example, part of the regulation states explicitly:
(ii) The electronic storage media must:
A ) Preserve the records exclusively in a non-rewriteable, non-erasable format;
B ) Verify automatically the quality and accuracy of the storage media recording process;
C ) Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; and...
D ) Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.
However, because electronic transactions and digital communications weren’t in high demand way back in 1997, many firms simply didn’t take any action, and still are not fully in compliance.
Why is 17a-4 a hot topic now?
Today’s business environment is grounded in digital and electronic processes. No matter what industry you’re in, you have documents and records needing to be safeguarded against a variety of risks. It’s now essential to have a robust storage and archive system, especially with the rise in the volume of electronically-stored sensitive financial data. Plus, the Financial Institution Regulatory Authority (FINRA) began requiring proof of a firm’s compliance back in 2007—and no one wants to be caught in an audit without the right data at hand. Here are just two examples of companies who were unprepared.
- PNC Capital Markets was fined $500,000 for failing to “maintain approximately 1.9 million electronic brokerage records in non-erasable and no-rewritable format,” otherwise known as WORM.
- FIRNA fined RBS Securities, Inc. $2 million for failing to store 14 million records adequately, retain 5,849 Microsoft chat messages, and implement an audit system.
If you’re a broker-dealer or in the financial industry, the compliance standards outlined in rule 17a-4 now should be top of mind. You likely make a multitude of decisions and already use digitized processes, which means you rely heavily on your electronic storage systems to secure and organize documents. That’s why the most challenging part of navigating rule 17a-4 is figuring out where to begin.
So Where To Start with 17a-4?
The best place to start after reading the entire governing document is to analyze your company’s storage system and archive processes. Where are your servers? Who has access? What software programs process your information? Is your data encrypted? Are the documents required to be in a WORM format being stored correctly? Take an internal audit and determine where any gaps are before jumping in.
Based on your circumstances and the full list of SEC requirements, determine what you need to save. Some examples can include:
- Invoices & Financial Records
- Employee Applications
- Customer Complaints
- Call Sheets
Once you know what you need to keep, you can then identify proper processes for storage, retrieval, and access as outlined in the 17a-4 regulation.
We know it can be tough—especially for small firms and companies without the proper resources and experience. And that’s where outside experts in record and information management can assist. To help meet FINRA record retention rules, DocuLynx software solutions can utilize proprietary integrated control codes and employ a systematic retention period for your records easily. And our robust information governance and data management solutions can automatically define the classification of your documents. With a precise technological solution in place, both your structured and unstructured enterprise data can be accurately classified and managed all in one centralized location (both on or off-premise). And if a FINRA audit comes your way you can be ready for whatever requests are made of your data.
Learn how DocuLynx can help you with the 17a-4 to get your organization in full compliance.