SEC Modernizes Records Preservation By Registered Broker-dealers
Sat 05 Nov, 2022 / by C. Dirk Peterson / Client Alerts
SEC ELECTRONIC RECORDS PRESERVATION RULE – RULE 17a-4(f)
Amendments to the preservation of records storage prescribed by Rule 17a-4(f) and related undertakings under the Securities Exchange Act of 1934 (“Exchange Act”) become effective January 3, 2023, with a compliance date of May 3, 2023. These recent amendments modernize the storage of records by broker-dealers, including permitting under certain circumstances records storage in the cloud, a medium of storage that has heretofore not generally satisfied the technical requirements of the rule.
Broker-dealers will need to assess their vendor contracts to ensure that they are consistent with the full preservation of required records and required access by examination staff. Additionally, modifications to vendor contracts, or execution of new vendor contracts, may be necessary for firms to implement records preservation consistent with the amendments. Lastly, a firm’s policies and procedures must be consistent with the firm’s record-keeping practices.
Do not hesitate to contact C. Dirk Peterson at firstname.lastname@example.org or at (202) 659-3905 with questions or assistance on the implementation of the records storage alternatives contemplated by the rule amendments.
Some of the key takeaways from the SEC’s rulemaking include:
- Eliminating the notice to FINRA or other designated examining authority, if not FINRA, prior to use of one or more electronic recordkeeping systems or changes in the use of an electronic recordkeeping systems.
- Eliminating certification requirements of a storage vendor or third-party that the storage system complies with Rule 17a-4(f).
- Providing an alternative to WORM (write once, read many) storage medium with the use of an audit-trail alternative. The use of the audit-trail alternative is intended to preserve “electronic records in a manner that protects the authenticity and reliability and reliability of original records” to the extent the storage system contains: (1) all modifications to and deletions of any portion or the entirety of a record; (2) time stamping of all actions on records; (3) identification of users creating, modifying, or deleting records, if applicable; (4) other data that reflects the integrity and authenticity of records stored in an electronic recordkeeping system; and (5) automatic verification of the completeness and accuracy of the records storage [Securities Exchange Act Release No. 96034, 87 F.R. 66412, 66417-19 (Nov. 3, 2022)].
- Providing an alternative permitting in-house undertakings in lieu of current third-party undertakings that grant access to applicable regulatory examination staff seeks to a broker-dealer’s records. Of course, a firm can continue to outsource the undertaking to a third party under the status quo. If, however, the undertaking function is internalized, a firm must appoint a “designated executive officer” (a member of senior management who has access to the firm’s records and who can convey records for examination purposes). The DEO may permissibly delegate responsibilities to up to two other officers and three IT specialists of the firm for purposes of access undertakings. According to the SEC, the DEO “should have information about every repository that the firm may employ for the purpose of holding the firm’s records pursuant to the requirements of Rule 17a-4(f) . . . [Securities Exchange Act Release No. 96034, 87 F.R. 66412, 66426 (Nov. 3, 2022)].
- Conditionally permitting cloud storage of records via alternative undertakings. The rule amendments enable the use of cloud-storage facilities by modifying third-party undertakings where a records vendor prepares or maintains a firm’s record. Thus, an alternative undertaking applies where digital records are stored by the storage vendor, but the firm has independent access to the records stored in the cloud, without intervention by the storage vendor.
- Modifying technical requirements of serialization (applicable to optical disk storage), download capability, back-up/redundancy capacity, and accessibility by regulatory examinations staffs.