Also known as the broker-dealer retention rule, the SEC 17a-4(f) is one of the most significant U.S. financial regulations that has evolved along with technology, since its inception.
As a regulation that was originally built around old technological capabilities of financial organizations and designated third-parties (D3Ps), the nuances of today’s version of SEC 17a-4(f) are now significantly far more complex and wide-ranging in terms of technologies and methods that firms must use to archive, store, and access certain business records.
Today, the popularity of email, instant messaging, social media, and text messaging in the finance sector have pushed the Commission to innovate its previous ruling. However, it is important to understand that the thrust of the modern version is the same as per the rule’s initial targeting.
Read on as we detail in this post the background and purpose of SEC 17a-4 and how its requirement has changed and evolved along with the technological landscape.
The 1993 No-Action Letter
In 1992, the Securities Industry Association (SIA) proposed to the SEC’s Division of Market Regulation that it recommends a no enforcement action be taken against broker-dealers if they utilized “optical storage technology” to maintain required books and records instead of paper or micrographics.
According to SIA, the optical storage technology allowed for required books and records to be recorded in a non-rewriteable and non-erasable (or Write Once Read Many “WORM”) format, and also allowed member firms to automatically verify the accuracy of stored data, serialize and time-stamp the records, and create indexes of the documents. The SIA estimated that the savings realized by switching from microfilm to optical disk would range from $250,000 a year for a medium-sized firm to $1.6 million a year for a large firm.
The following year, the Division of Market Regulation granted the SIA’s request, but with certain conditions to help ensure that records stored in this manner would be accurate and accessible for examination purposes.
Among the compliance conditions set forth by the 1993 No-Action Letter were:
“The broker-dealer must maintain, keep current and surrender promptly upon request by the staffs of the Commission or the SROs of which the broker-dealer is a member all information necessary to download records and indexes stored on optical disks; or place in escrow and keep current a copy of the physical and logical file format of the optical disks, the field format of all different information types written on the optical disks and the source code, together with the appropriate documentation and all information necessary to download records and indexes.”
Rule 17a-4 (f)
In 1997, the Commission codified the Division’s No-Action letter by amending the paragraph (f) of the Rule 17a-4. The SEC’s proposed language for the escrow and Third Party Download requirements of the amended Rule 17a-4(f) was lifted virtually unchanged from the No-Action Letter.
However, one significant difference of the final rule from the letter is that it did not limit broker-dealers to using optical disk. Instead, it allowed them to employ any electronic medium, subject to specific requirements. According to the SEC, acceptable electronic storage media (in 1997) included optical disk, optical tape, and CD-ROM.
Background on D3P Requirement
SEC also adopted in the final rule the D3P Requirement “substantially as proposed,” as well as the accompanying escrow provision.13 The full text of the D3P Requirement is as follows:
“For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party (“the undersigned”), who has access to and the ability to download information from the member’s, broker’s, or dealer’s electronic storage media to any acceptable medium under this section, shall file with the designated examining authority for the member, broker, or dealer”
Initially, the rule envisioned a D3P who would be able to independently download and convert information stored on portable media such as optical platters without having access to the broker-dealer’s computer systems. As such, the rule expected that D3Ps would have their own systems to download and convert information on media supplied to it by the regulators.
Today’s Version of SEC 17a-4
Since 1997, the securities industry standard for electronic storage has shifted from portable media to hard-drive storage located at the broker-dealer’s facility.
As a result, the focus of D3P requirement has shifted from the ability of third parties to independently download data from their own facility, to “onsite” or “online” access – the ability to retrieve data from the broker-dealer’s storage system facility (onsite), or through secure remote access or a VPN solution (online). Today, D3Ps must now have capabilities in retrieving data via all three access protocols.
In 2007, the rule changed again when Financial Institution Regulatory Authority (FINRA), the primary self-regulatory organization (“SRO”) for broker-dealers, decided to make D3P compliance a greater priority.
FINRA examiners, in routine examinations of broker-dealers, started requesting copies of the D3P’s required “Letter of Undertaking,” along with the service agreement between the broker-dealer and the D3P – including test reports of the D3P’s ability to actually access and download random required books and records from storage.
Why is Compliance with SEC 17a-4 Crucial?
Financial organizations under SEC can no longer afford to ignore this rule because SEC now levies significant fines and penalties against non-compliance.
However, complying with this SEC rule has benefits beyond just avoiding fines: It forces broker-dealers to collect, document, and analyze all the systems and configurations it uses for electronic recordkeeping. By archiving relevant business records such as work-related text messages, broker-dealers can become better organized, and in the process uncover and fill gaps in their general compliance with Rule 17a-4.
Furthermore, a reliable D3P can also be the broker-dealer’s reliable partner when addressing technical issues which might compromise their compliance to the rule, such as when integrating with other companies using different archiving systems, destruction or loss of systems, and lost of access to data stored in legacy systems after upgrading or purchasing a new storage technology.
The TeleMessage Mobile Archiver effectively addresses compliance, regulatory, eDiscovery response requirements and reduces risk across a variety of industries. TeleMessage captures mobile content, including SMS, MMS, Calls, and Chats from corporate or BYOD mobile phones. Messages are securely and reliably retained within TeleMessage servers or forwarded to an archiving data storage vendor of your choice.
Our mobile archiving products securely capture content from mobile carriers and mobile devices for a variety of ownership models (BYOD, CYOD, and employer-issued). With our three archiving methods, you can always find the right tools or blend for your requirements:
We are your one-stop shop for international, cross-carrier mobile text archiving. Contact us today to learn more about our enterprise mobile archiver’s capabilities.
