While the US Securities and Exchange Commission seeks to modernize electronic recordkeeping requirements in a technology-neutral manner, its proposed amendments are unclear as to the permissible use of the “cloud” or distributed ledger technology.

On November 18, 2021, the Securities and Exchange Commission (SEC) proposed amendments (Proposal) to the electronic recordkeeping requirements applicable to broker-dealers, security‑based swap dealers (SBSDs), and major security-based swap participants (MSBSPs).[1] Comments on the Proposal should be received on or before January 3, 2022.

The Proposal would amend the electronic record preservation and prompt production of records requirements under the Securities Exchange Act of 1934 (Exchange Act) as follows:

Evolution of “WORM”

The current electronic record preservation requirements for broker-dealers under Rule 17a-4(f) under the Exchange Act date back to 1997, and, although intended to be technology neutral, were then guided by the predominant electronic storage method at the time—using optical platters, CD-ROMs, or DVDs (collectively, optical disks) (i.e., hardware solutions that permanently “burned” records onto optical disks).[8] The original requirements, and the WORM format requirement, in particular, have thus been subject to SEC interpretation over the years to account for changing systems norms.

For example, in 2003, an SEC interpretation announced that broker-dealers were not required to use optical disks to meet the WORM requirement. Instead, broker-dealers could use a system of “integrated hardware and software codes” that prevents the overwriting, erasing, or altering of a record during its required retention period, so long as the system did not solely mitigate the risk that records could be altered, overwritten, or erased.[9] Then, in 2019, in the release adopting Rule 18a-6 for SBSDs and MSBSPs, the SEC further refined its interpretation of the Rule 17a-4(f) WORM requirement, clarifying that relying solely on “a software solution that prevents the overwriting, erasing, or otherwise altering of a record during its required retention period would meet the requirements of the rule.”[10]

The SEC opted not to adopt a WORM requirement under Rule 18a-6 for SBSDs and MSBSPs in 2019, although it had proposed one. Instead, yielding to commenters, the SEC acknowledged that SBSDs and MSBSPs may already have electronic recordkeeping systems that would not meet the WORM requirement, and further stated that addressing any modifications to the WORM requirement under Rule 17a-4(f) would be more appropriately addressed in separate rulemaking.[11] The SEC also clarified that the final Rule 18a-6(e) would not require the use of a particular electronic storage “medium,” such as optical disks, instead opting to use the phrase “electronic storage system” because the latter phrase better characterizes a system that produces and preserves records electronically without being unduly prescriptive.

Industry efforts to persuade the SEC to liberalize what have long been viewed as technology-specific rules that are obsolete and measurably slowing the pace of firms’ adoption of innovative and dynamic communication technologies, in favor a “principles-based” requirement similar to what has been adopted by the Commodity Futures Trading Commission, have been ongoing. With the recent Proposal, the SEC is taking a step toward addressing some of these concerns about the WORM requirement, albeit stopping short of a principles-based approach.

Observations

Cloud-Based Storage:[12]Even though cloud-based storage solutions have proliferated over the years, the Proposal gives little shelf space to this innovation. The SEC does include in the Proposal a discussion regarding the permissible use of solely software-based systems that are designed to comply with Rule 17a-4(f), and in doing so cites to specific cloud-based solutions (which implicitly would appear to support cloud-based storage); however, the Proposal does not explicitly affirm the permissibility of using cloud-based storage to comply with firms’ recordkeeping and retention obligations. This may be a missed opportunity on the part of the SEC to provide clarity on an issue with which many firms may continue to struggle.

Distributed Ledger Technology: The Proposal is silent on whether blockchain or other distributed ledger technology could be used in furtherance of firms’ compliance under the proposed amendments. Rather than provide firms with clarity, if adopted as proposed, the amendments will likely result in firms seeking guidance from FINRA and the SEC on whether a particular type of technology or provider is acceptable.

Of course, firms would be obligated to determine for themselves whether a particular technology complies, but it would help the industry for the SEC to provide more specific guidance regarding whether—and the specific circumstances under which—distributed ledger technology can comply with any proposed amendments. Given the growing importance and focus on distributed ledger technology across the financial services industry,[13] it would be appropriate for the SEC to acknowledge the technology in order to give the industry comfort that its use could be compliant as it matures.

Redundancy: The Proposal’s requirement that firms have a second electronic recordkeeping “system” that preserves a second set of records that can be accessed and examined if the primary electronic recordkeeping system storing the primary set of records is disrupted, malfunctions, or otherwise becomes inaccessible may be pragmatic from the perspective of ensuring that books and records are not entirely lost; however, the SEC has provided little justification for prescribing that a second “system” be deployed. The industry may benefit from additional guidance as to what exactly might constitute a separate “system” and whether there are particular configurations of the primary and back-up systems that would render the back-up system not sufficiently separate. Moreover, while the Proposal refers to business continuity concerns, the Proposal does not discuss in any depth how the current duplicate record requirement under the rules has proven insufficient, particularly given FINRA’s requirements relating to business continuity plans.

Final Thoughts

The SEC should be commended for its effort to seek to modernize the electronic recordkeeping requirements under Exchange Act Rules 17a-4 and 18a-6. While the Proposal seeks to implement a number of important advancements, there are some additional considerations that the SEC might seek to address before finalizing the Proposal.