As you continue to educate yourself about compliance and regulatory topics in this ever-changing environment, compliance with Electronic Storage Media (ESM) regulations is an important piece of the puzzle. All broker-dealers and transfer agents who store information electronically must maintain a relationship with an independent third party who can access their records in the event of an audit or request if the broker-dealer is unable or unwilling to furnish the information. This Designated Third Party serves as a safeguard for our financial system.
Are you fully Compliant with SEC Rule 17a-4 and 17Ad-7?
SEC Rule 17a-4(f)(3)(vii), is part of the U.S. Securities Exchange Act of 1934, which outlines requirements for data retention, indexing, and accessibility for companies that deal in the trade or brokering of financial securities, such as stocks, bonds, and futures. As proof of this relationship, the firm must file a letter of undertaking signed by the third party in which it represents that it will access the records at the request of the Commission, FINRA, or the SROs.
SEC Rule CFR Title 17 Section 240.17Ad-7 (f)(5)(ii) as amended, allows transfer agents to use electronic or micrographic storage media to maintain their records. Specifically, the rule requires transfer agents to use storage mechanisms that are designed to ensure the accessibility, security, and integrity of the records, detect attempts to alter or remove the records and provide means to recover altered, damaged, or lost records. It also requires them to create an index of the records, keep a duplicate, and be able to promptly download them. In addition, transfer agents must keep in escrow an updated copy of the software or other information that is necessary to access and download electronically stored records.
If you’re not 100 percent sure about your compliance with these SEC rules, visit Iron Mountain in booth #14 at the FINRA Annual Conference to understand what is required. (If you’re not attending the conference, our contact info is at the end of this post.)
Mid-sized and Smaller Broker-Dealer Firms are at Risk
While medium to large size broker-dealers, as defined by FINRA’s 2018 Industry Snapshot, are the broker-dealers with the largest set of record types and systems covered by D3P undertakings, the small firms still represent 46% of the total number of broker-dealers covered by Iron Mountain today. Clearly, compliance with these rules is everyone’s responsibility and the cost of non-compliance high for all firms. Failure to meet this compliance requirement can be costly due to fines, negative publicity, or the loss of trust and confidence of your clients — and FINRA aggressively enforces these rules.
Are You Prepared for your next FINRA Audit?
Our D3P team will be at the conference and can walk you through strategies to be prepared for a FINRA audit in terms of compliance with the rules around the use of electronic storage media. They can explain how a contract with a D3P provider will ensure you are prepared with the following materials:
- A Letter of Intent to share with auditors and regulators
- Copies of the Annual Test Report and status reviews
- A System Configuration Plan
- A letter attesting that the archive meets 17a-4 compliance
- A Letter of Undertaking for the Transfer Agent