Financial services firms are required to maintain electronic records in a format that complies with SEC rules. The underlying purpose of these rules is to maintain and preserve the firm’s required records and be able to provide prompt production of those records to fulfill regulatory requests. Due to the challenges of storing and maintaining all of the firm’s records on its own electronic systems, firms are reliant on vendors to provide SEC-compliant storage and to serve as the designated third-party under the rules.
Rules 17a-3, 17a-4, and 18a-6 of the Securities Exchange Act of 1934 and Rule 204-2 of the Investment Adviser’s Act of 1940, along with the rules and regulations of FINRA, the MSRB, and other regulatory bodies, prescribe certain books and records which broker/dealers and investment advisers must maintain, such as correspondence, complaints, and financial records. These rules also indicate how long certain records must be maintained, with these time-frames varying depending on the type of record.
Furthermore, Rules 17a-4(f), 18a-6(e) and 204-2(g) provide specific technical requirements for the electronic maintenance of records. In addition to WORM (Write Once-Read Many) storage, the rules contain requirements such as indexing, duplicate records, and an audit system. And at the beginning of 2023, while the SEC kept WORM storage as an option, firms were provided with a new “audit-trail” alternative for storage.
Finally, the rules require regulators be provided access to the records as well as all information needed to access the records and indexes. For broker/dealers maintaining electronic records, the SEC requires an undertaking in which a designated third-party (D3P) or a designated executive officer of the firm agrees to provide regulators with access to those records if requested.
RegEd is fully aware of the requirements for electronic storage of our client’s books and records as required by the rules of the SEC. RegEd’s Trax products meet the SEC’s electronic storage requirements, and thus are 17a-4, 18a-6 and 204-2 compliant. Clients can choose to contract for these services for an additional fee. RegEd will provide a signed SEC undertaking and act as your firms’ designated third-party under rule 17a-4(f) or 18a-6(f). For broker/dealers, the client will then electronically file these documents with FINRA (or if applicable, other “designated examining authority”) in order to meet the notification requirements of these rules.
The maintenance of electronic records can help reduce or eliminate the need for hard copy storage as well as the time, accessibility, risk of loss, and security issues that can come with hard copies. Electronic records in a properly managed and indexed system improves the speed and accuracy in which a firm can produce requested records to regulators, helping to demonstrate the firm’s commitment to properly maintaining documentation and providing an appreciation of the firm’s handle on oversight of its representatives, and potentially reduce the length of an examination. In addition, electronic records that are maintained in accordance with SEC requirements can also provide assurance to regulators that the member firm understands the importance of true, correct, and properly maintained records, and can represent the overall culture of compliance of the firm.
By leveraging RegEd’s electronic recordkeeping capabilities, clients do not have to adopt and manage internal systems or work with providers and systems that may or may not be WORM, and which do not meet all of the other technical requirements. Using RegEd’s electronic record system, clients are able to focus internal IT resources elsewhere, rather than on ongoing management of an internal solution and avoidance of costly, unintentional errors and lost records that can occur when other changes are made to the firm’s infrastructure. In addition, RegEd’s system is protected through rigid access controls, encryption of data at rest using AES-256, logging and monitoring of system activity, and redundant data loss protection systems, so clients know that their data is secure. Finally, RegEd is a regulation-focused organization that monitors new and proposed regulations, and thus will be aware of and quickly modify its solutions to meet future record-keeping rule changes.
RegEd solutions meet the technical requirements for electronic storage of books and records:
- RegEd solutions are maintained in WORM technology (Elastic Cloud Storage) that automatically verifies the quality and accuracy of records during the WORM retention process. RegEd does not plan to move to the audit-trail alternative at this time.
- Records are serialized and date/time stamped for the required retention period.
- As the designated third-party, RegEd has access to indexes which can be retrieved on-demand via an internal retrieval tool.
- Client data is triple-mirrored on our WORM device.
- Records are indexed and searchable by metadata.
- Standard fields and metadata unique to each application are automatically stored based on triggering events within each application.
- Data is maintained in two, geographically-separated physical locations to also meet business continuity purposes.
- RegEd conducts audits annually and makes the audits available to clients.
The storage of records meets the duration requirements of the rules and regulations.
- Length of storage can vary based on the particular RegEd product. For example, Advertising records in our Enterprise Advertising Review Solution can be maintained for a different time-frame than Onboarding files.
- The duration is selected by the client during implementation.
- The duration can exceed or be less than the time period required by regulation, if requested by the client, with certain conditions.
RegEd enables firms to meet the other legal obligations mandated under the rules:
- RegEd will sign an SEC undertaking and act as the designated third-party with respect to their records maintained electronically by RegEd for our clients who have contracted for these services.
- RegEd will collaborate with clients on their particular requirements, including those clients who have not previously used any electronic storage media, and therefore may have additional regulatory reporting obligations.
- RegEd has experience in various implementation scenarios with our clients:
- RegEd can work with clients who have historical records that need to be imported and included as part of our electronic storage platform for the client-selected retention period.
- RegEd has worked with clients in special situations such as in M&A where each firm has its own existing records and one, both or neither is an existing client of RegEd.
RegEd is the market-leading provider of RegTech enterprise solutions with relationships with more than 200 enterprise clients, including 80% of the top 25 financial services firms.
Established in 2000 by former regulators, the company is recognized for continuous regulatory technology innovation with solutions hallmarked by workflow-directed processes, data integration, regulatory intelligence, automated validations, business process automation, and compliance dashboards. The aggregate drives the highest levels of operational efficiency and enables our clients to cost-effectively comply with regulations and continuously mitigate risk.
Trusted by the nation’s top financial services firms, RegEd’s proven, holistic approach to RegTech meets firms where they are on the compliance and risk management continuum, scaling as their needs evolve and amplifying the value proposition delivered to clients. For more information, please schedule a consultation.