Let’s go over three simple things you can do (I am talking to compliance officers now) that’ll help your firm reduce tech spending while at the same time meet the demands of rule 17a-4: a really important thing these days, especially if you’re a small FINRA firm with a limited budget and no in-house IT staff – and want to keep it that way.

The first thing you need to do if you want to get IT spending under control and make sure you have data compliance in order, is get everyone on a complete cloud platform. And the best cloud platform for small FINRA firms today is Microsoft 365 because for one flat monthly fee each employee gets everything needed to do their job. For instance, each person gets a full Exchange email account with all the bells and whistles, company wide data storage on SharePoint, individual data storage on OneDrive, Teams for collaboration with a centralized web portal for managing everything.

Then once everyone is on Microsoft 365, it’s important to fully migrate all data and email onto it; you don’t want to have information stored all over the place like on people’s PCs, various cloud systems or in-house disk because that will leave gaps. Ultimately, it’s the firm’s compliance officer who should push to consolidate everyone’s data on Microsoft 365 because as part of FINRA rule 17a-4 electronic records and email should be consolidated onto one platform so that the long-term archiving and retention of data is done centrally – you surely don’t want to be caught with your pants down during the 17a-4 electronic records request when the auditor comes in and you can’t reproduce a sample data set from your archive.

A firm’s IT policy is critical for keeping data compliance costs low as possible, especially for a small FINRA firm since it defines what technology they’ll allow reps to use to communicate with clients and what they shouldn’t. Therefore, the IT policy makes clear what data needs to be retained for 17a-4 compliance, more importantly though, during the 17a-4 electronic records request it makes things easier because the auditor knows exactly what to look for

OK, now that your whole office is on Microsoft 365, and you’ve managed to migrate everyone’s data/email there, you also created an IT policy telling employees to use Microsoft email and Teams for communication with SharePoint or OneDrive to store books and records only. The final step is choosing a 17a-4 consolidated D3P (Designated Third Party) such as the AdvisorVault’s Consolidated D3P Service. Our consolidated 17a-4 D3P does everything a FINRA firm needs to meet data compliance, such as archiving, retention of data for 7 yrs. in its original, non-modified format, provide the two third party 17a-4 attestation letters and finally will make the firms data available to FINRA if they request it during an audit.

For instance, our consolidated D3P service plugs right into the Microsoft 365 cloud and archives employees records stored there to meet 17a-4. This means all users emails (including their complete Outlook profile with contact, calendar), all documents saved in SharePoint, OneDrive including Team chats are automatically transferred to our 17a-4 compliant archiving system. Also, making it readily available to the FINRA regulator when they come in for their 17a-4 electronic records request to easily download a sample set of any electronic records the firm has save on the Microsoft Cloud going back 7 yrs. (The default retention period AdvisorVault applies to all its customers data to meet rule 17a-4.)

To keep data compliance spending low as possible and also meet FINRA rule 17a-4, there are three simple things a firm can do: (1) Move everything to a complete cloud platform such as Microsoft 365, (2) create a clear IT policy telling employees to use only Microsoft email, Teams, SharePoint and OneDrive, and (3) choose a consolidated 17a-4 D3P to make Microsoft 365 compliant.