In mid-2020, the firm Cantor Fitzgerald & Co. agreed to pay a fine of $3.2 million to the SEC for inaccurately storing trade data information.
The Securities Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) prosecute companies that fail to follow SEC Rule 17a-4, a major ruling that dictates how registered broker-dealers create, keep, index, and share certain records and reports.
So, how can you be sure that your organization’s methods of keeping records comply with SEC Rule 17a-4? First, you need to understand the key components and requirements of the ruling. Then you need to know how to meet those requirements so your organization is in compliance. Fortunately, some digital asset management (DAM) platforms have features that can help ensure that your organization is able to comply with SEC and FINRA regulations.
FINRA is a regulatory body that works under the Securities and Exchange Commission. It’s responsible for enforcing rules among financial professionals. Sometimes you may see SEC Rule 17a-4 written as FINRA 4511, since it’s the part of the FINRA rulebook that enforces that regulation.
And what does SEC Rule 17a-4 do? It simply specifies how firms must maintain their records--including “electronic storage media”.
In 1997, just as the internet was becoming more widespread, the SEC issued an addendum—paragraph (f). This change let firms store records electronically using “write once, read many” (WORM) storage.
WORM stands for “write once, read many”. It refers to electronic storage that is permanently written, and can never be changed or deleted (write once), but can be easily accessed again and again (read many). This electronic storage can consist of DVDs, hard drives, or even cloud-based services, like a DAM.
You have to do the following to comply with SEC 17a-4:
In addition to SEC 17a-4 requirements, FINRA Rule 4511(c) requires that firms keep any books and records not specified by SEC rules for at least six years. In other words, you have to keep those WORM records safe for a 6-year period.
Or you can just get a digital asset management system that does it for you.
So how do you check off all of those boxes?
If you haven’t already, consult your corporate counsel or compliance officer to understand your company’s policies and procedures relating to SEC 17a-4 compliance.
Some questions to ask might be:
How can we create assets that are WORM-compliant and easy to find?
Cloud storage provides the most secure and efficient means of storing data and records. It does, however, come with its own set of problems in relation to SEC 17a-4. What happens, for instance, if you rely on a vendor to maintain your records and that vendor, either intentionally or unintentionally, deletes your records?
This is where digital asset management comes in. The right DAM solution can offer access to storage methods that comply with SEC Rule 17a-4. This removes the stress of trying to make sure your records comply with the ruling.
Here are some things to look for when trying to find a DAM that will help you meet the requirements of the SEC and FINRA:
Meeting this requirement is fundamental. Even if you know that no one has altered records, your word alone is not enough. You need to prove beyond a doubt that there’s no possible way someone could have altered an asset after you stored it.
WORM storage is that proof. It allows an organization to create a copy of an asset that cannot be changed—either by the third-party vendor or by someone within your organization. It also protects assets from criminal intent or gross error.
Ask whether the DAM solution has a specific WORM storage feature that complies with SEC 17a-4.
It doesn’t matter how securely you store your data if it’s not easy to find. The SEC requires that records be accessible immediately if requested. That data also must be indexed so that your administrators and SEC auditors can find records quickly and effortlessly.
The SEC also requires that your organization has at least one person who can explain how you make, keep, and organize your records. So look for whether your administrators can create storage groups and configure them in any way they like. That way DAM administrators can configure methods of storage and search so that it’s easy to walk auditors through the process of using their DAM to find records.
The SEC mandates that you store at least one duplicate copy of every record you make. And this duplicate copy must be stored separately from the original for the same amount of time.
Ask DAM vendors whether they can store multiple copies of your assets across separate storage locations. This way, if any single storage system experiences problems, there’s a separate storage system with a complete copy of the asset.
SEC 17a-4 and FINRA 4511 each require different retention time frames depending on the type of record. Make sure you can set variable time frames for each asset to comply with each requirement. This ensures compliance while also cutting down on the clutter of non-relevant records.
It can be daunting trying to find a DAM solution to meet your growing company’s demands for media storage without sacrificing compliance. But it’s an important part of any financial institution’s legal obligations.
If you’re looking to prioritize compliance with record-keeping regulations, such as HIPAA, SEC Rule 17a-4, and the OAIS reference model for digital repositories, we can help. Our DAM, Cortex, offers Write Once, Read Many (WORM) storage features, multiple storage solutions, and an easy-to-search system that’ll help you comply with your FINRA requirements.
Want to learn more? Schedule a demo today.
Cortex is an Enterprise Digital Management Platform built to grow with your business.