SEC Rule 17a-4: Electronic Storage Media

Posted on by SCM Communications

Under certain conditions, a broker-dealer may maintain and preserve records by means of “electronic storage media.” SEC Rule 17a-4 defines that term as “any digital storage medium or system” that meets the conditions set forth in the rule. Many common forms of digital storage media (for example, flash drives, backup drives, portable hard drives) are not “electronic storage media” for purposes of Rule 17a-4 because they do not meet the conditions set forth in the rule. For this reason, broker-dealers should not use the term “electronic storage media” loosely to mean any digital storage medium or system. Instead, the term should be used only to describe digital storage media and systems that satisfy the conditions set forth in Rule 17a-4. To satisfy these conditions, electronic storage media must:

  1. Preserve records exclusively in non-rewriteable, non-erasable format;
  2. Automatically verify the quality and accuracy of the recording process;
  3. Serialize the original, if applicable, duplicate units of storage media and time-date for the required period of retention the information placed on such electronic storage media; and
  4. Maintain the capacity and ability to readily download indexes and records preserved on the electronic storage media to a medium acceptable under SEC Rule 17a-4(f).

Due to the technological expertise and resources needed to create and implement an electronic storage medium that meets these conditions, most small broker-dealers will seek electronic-storage solutions from reputable vendors. Smarsh and Global Relay are vendors that market their email archiving solutions to broker-dealers. Other vendors, such as Laserfiche, offer document management solutions that are capable of preserving a wide range of records in compliance with Rule 17a-4.

It is important to note that the conditions listed above apply to electronic storage media that is used to maintain and preserve original records, such as those that a broker-dealer must preserve pursuant to SEC Rules 17a-3 and 17a-4. Digital storage media that merely stores a duplicate of an original record would not be subject to the requirements applicable to electronic storage media, provided the broker-dealer preserves the original record in accordance with applicable recordkeeping and retention requirements.

Thus, for example, a hard drive used by a broker-dealer to store scanned images of original records as part of a business continuity measure would not be subject to these requirements, provided the broker-dealer continues to maintain the original records in hardcopy format (or other permitted format) in accordance with applicable recordkeeping and retention requirements. In this example, the hard drive, though a type of digital storage media, is not a form of “electronic storage media” for purposes of Rule 17a-4 since the broker-dealer is using it for a business purpose other than preserving original records. If, however, the broker-dealer destroyed the original records after scanning them and the hard drive was the sole means of preserving these records, that hard drive would need to be “electronic storage media” and the broker-dealer would have an obligation to ensure that the hard drive is capable of meeting all four conditions enumerated above.

Notification Requirements

Prior to employing any form of electronic storage media, a broker-dealer must notify FINRA. This notice must be given 90 days prior to employing any form of electronic storage media other than optical disk technology. Optical disk technology, which generally refers to systems that store data on CD-ROM or other archival grade optical disks, require only prior notice.  When notifying FINRA, the broker-dealer must provide its own representation or one from the storage medium vendor or other third party with appropriate expertise that the selected storage medium meets the requirements of SEC Rule 17a-4. Notifications are submitted electronically to FINRA through the Regulatory Notifications application in Firm Gateway.

Compliance Requirements

A broker-dealer’s election to use electronic storage media subjects the broker-dealer to a number of highly technical compliance requirements (listed below). In practice, most small broker-dealers will need to rely on the technology of its electronic-storage provider to meet these requirements. Through initial due diligence and ongoing testing, a broker-dealer should establish that it has a reasonable basis for concluding that it can rely on the provider’s technology. In accordance with Rule 17a-4, a broker-dealer that utilizes electronic storage media must:

  1. At all times have available, for examination by the staffs of the SEC and self-regulatory organizations of which the broker-dealer is a member, facilities for immediate, easily readable projection or production of electronic storage media images and for producing easily readable images.
  2. Be ready at all times to provide, and immediately provide, any facsimile enlargement which the staffs of the SEC, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the broker-dealer may request.
  3. Store separately from the original, a duplicate copy of the record stored on any medium acceptable under Rule 17a-4 for the time required.
  4. Organize and index accurately all information maintained on both original and any duplicate storage media. (At all times, the broker-dealer must be able to have such indexes available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker-dealer is a member. Each index must be duplicated and the duplicate copies must be stored separately from the original copy of each index. Original and duplicate indexes must be preserved for the time required for the indexed records.)
  5. Have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved pursuant to Rules 17a-3 and 17a-4 to electronic storage media and inputting of any changes made to every original and duplicate record maintained and preserved thereby. (At all times, the broker-dealer must be able to have the results of such audit system available for examination by the staffs of the SEC and the self-regulatory organizations of which the broker-dealer is a member. The audit results must be preserved for the time required for the audited records.)
  6. Maintain, keep current, and provide promptly upon request by the staffs of the SEC or the self-regulatory organization of which the broker-dealer is a member all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes.

Designation of Third-Party Downloader

A broker-dealer exclusively using electronic storage media for some or all of its record preservation must have at least one third party who has access to and the ability to download information from the broker-dealer’s electronic storage media to any acceptable medium. A third party with this access and ability is commonly referred to as a third-party downloader. The third-party downloader must provide an undertaking that permits regulators to access the records when needed. The broker-dealer must electronically submit the third-party downloader’s undertaking to FINRA through the Regulatory Notifications application in Firm Gateway.

Due Diligence and Ongoing Testing

Without the technological resources to create and maintain their own electronic storage media that meets the requirements of SEC Rule 17a-4, most small broker-dealers elect to use reputable email archivers and other vendors for their electronic-storage needs. Although it is a good practice to choose reputable vendors, a broker-dealer should still conduct initial due diligence and ongoing testing of each vendor to ensure that the vendor’s solutions comply with SEC Rule 17a-4.

Disclosing the Use of Electronic Storage Media

Depending on its business, a broker-dealer may have various disclosure obligations related to its use of electronic storage media. At minimum, the broker-dealer must properly answer Question 8.A. of Form BD to disclose any arrangement with a third party under which any books and records of the broker-dealer are kept or maintained by the third party.

Concluding Thoughts

Several broker-dealers have been severely disciplined for violations of the electronic storage media requirements. A good way for your firm to avoid a similar fate is to perform periodic reviews designed to verify that the firm’s use of electronic storage media meets the requirements of Rule 17a-4. If your firm’s policies, procedures, and controls fail to prevent a violation for any reason, these reviews can help your firm promptly detect and correct the deficiency before it is spotted by a regulator.