Why It’s Important:
Securities and Exchange Commission (SEC) Rule 17a-4 (the Rule) specifies the retention period that certain records must be preserved, along with the acceptable format or medium for retaining these records. The requirements of the rules are stringent and provide firms with layers of obligations to remain compliant.
What Your Firm Needs to Consider:
Broker-dealers must know what records to preserve and for how long. In addition, firms must know the acceptable format or medium for preserving these records. The changing landscape of electronic recordkeeping systems has prompted recent changes to the original rule adopted in 1997, which adds new complexity to the requirements of preservation and acceptable methods of producing such records to securities regulators.
Examples of Records to Be Preserved:
Records to be preserved for six years (the first two years in an easily accessible place), as per SEC Rule 17a-4(a):
- General ledger
- Assets and liabilities
- Income and expenses
- Capital accounts
- Securities record (position records)
Records to be preserved for three years (the first two years in an easily accessible place), as per SEC Rule 17a-4(b):
- Ledgers regarding:
- Securities in transfer
- Dividends and interest received
- Securities borrowed and loaned
- Securities failed to receive and failed to deliver
- All long and short record differences, count, and comparison
- Monies borrowed and loaned, with a record of collateral
- Records for cash and margin accounts
- Monthly trial balances and net capital computations
- FOCUS Report supporting documents
- Banking documents, including cash reconciliations
Is Your Firm Compliant with the New Record-Keeping Requirements?
Audit Trail Alternative
The original rule required that broker-dealer records be preserved exclusively in a non-rewriteable, non-erasable format (Write Once, Read Many). The amended rule allows for an audit trail alternative option.
Requirements for meeting the audit trail alternative option:
- Employ an electronic recordkeeping system that can preserve records in a manner that will allow for the recreation of an original record if it is altered, overwritten, or erased.
- Maintain a complete time-stamped audit trail that includes:
- modifications to and deletion of a record
- the date and time of operator entries and actions that create, modify, or delete the record
- the individual(s) creating, modifying, or deleting the record
- any other information needed to maintain an audit trail of each distinct record in a way that maintains security, signatures, and data to ensure the authenticity and reliability of the record and will permit re-creation of the original record and interim iterations of the record
Production of Electronic Records
The electronic recordkeeping system must have the capacity to readily download and transfer copies of a record and its audit trail, if applicable. Firms must be ready to furnish electronic records always stored on an electronic recordkeeping system, in both a human-readable format and in a reasonably usable electronic format that will allow securities regulators to search and sort through information in the records.
Maintain Backup Records
A set of records also needs to be stored on a second electronic recordkeeping system as a backup to the primary electronic recordkeeping system to maintain access to the records in the case of a disruption or malfunction to the primary system.
Provide Independent Access to a Senior Officer
Broker-dealers must provide at least one senior officer with independent access and the ability to provide records to securities regulators. Independent access would mean the senior officer has the knowledge, credentials, and information necessary to access and provide the records without having to rely on other individuals at the firm.
Best Practices
We are seeing firms using third-party vendor software for electronic archival of records. This means regulatory groups will maintain their working papers and output on shared drives on the firm’s computer network and, at month-end, copy the files into the 3rd party software. Firms must have a cataloging and indexing process set up so that regulators can easily access the archived records. Supervisory controls should be in place to monitor the process to ensure the firm is compliant with the Rule.
How We Can Help:
Forvis Mazars can assist your firm with rule requirements compliance by conducting an overall review of your business model. Understanding your business provides the first approach to the appropriate application of the Rule.
If you have questions, reach out to a professional at Forvis Mazars or submit the Contact Us form below.