Let’s go over three simple things you can do (I am talking to compliance officers now) that’ll help your firm reduce tech spending while at the same time meet the demands of rule 17a-4: a really important thing these days, especially if you’re a small FINRA firm with a limited budget and no in-house IT staff – and want to keep it that way.

Microsoft 365 – A Complete 17a-4 Cloud Solution for FINRA Firms

The first thing you need to do if you want to get IT spending under control and make sure you have data compliance in order, is get everyone on a complete cloud platform. And the best cloud platform for small FINRA firms today is Microsoft 365 because for one flat monthly fee each employee gets everything needed to do their job. For instance, each person gets a full Exchange email account with all the bells and whistles, company wide data storage on SharePoint, individual data storage on OneDrive, Teams for collaboration with a centralized web portal for managing everything.

Then once everyone is on Microsoft 365, it’s important to fully migrate all data and email onto it; you don’t want to have information stored all over the place like on people’s PCs, various cloud systems or in-house disk because that will leave gaps. Ultimately, it’s the firm’s compliance officer who should push to consolidate everyone’s data on Microsoft 365 because as part of FINRA rule 17a-4 electronic records and email should be consolidated onto one platform so that the long-term archiving and retention of data is done centrally – you surely don’t want to be caught with your pants down during the 17a-4 electronic records request when the auditor comes in and you can’t reproduce a sample data set from your archive.

Your IT Policy: The Key to Simplifying 17a-4 Compliance

Firms often ask me: What should we archive to meet rule 17a-4? And I reply, what does your IT Policy say? In other words, when the auditor comes in that’s the electronic records will they potentially ask you to reproduce since that’s what you defined in your IT policy. I am not trying to talk down to you here, but its a no-brainer. Therefore, the first step to simplify data compliance is to creating this policy telling everyone what technology they should use, (specifically how reps should communicate with customers/partners). It’s important to have the compliance officer sign off on this as well. Naturally, once you’re on Microsoft 365 reps will only use their Microsoft email or Teams, similarly your firms books and records will be stored on SharePoint or people’s OneDrive only. Then you’ll know exactly which electronic records and communications your firm needs to retain for compliance:

A firm’s IT policy is critical for keeping data compliance costs low as possible, especially for a small FINRA firm since it defines what technology they’ll allow reps to use to communicate with clients and what they shouldn’t. Therefore, the IT policy makes clear what data needs to be retained for 17a-4 compliance, more importantly though, during the 17a-4 electronic records request it makes things easier because the auditor knows exactly what to look for

Choose a Consolidated FINRA D3P to Make Microsoft 365 17a-4 Compliant

OK, now that your whole office is on Microsoft 365, and you’ve managed to migrate everyone’s data/email there, you also created an IT policy telling employees to use Microsoft email and Teams for communication with SharePoint or OneDrive to store books and records only. The final step is choosing a 17a-4 consolidated D3P (Designated Third Party) such as the AdvisorVault’s Consolidated D3P Service. Our consolidated 17a-4 D3P does everything a FINRA firm needs to meet data compliance, such as archiving, retention of data for 7 yrs. in its original, non-modified format, provide the two third party 17a-4 attestation letters and finally will make the firms data available to FINRA if they request it during an audit.

For instance, our consolidated D3P service plugs right into the Microsoft 365 cloud and archives employees records stored there to meet 17a-4. This means all users emails (including their complete Outlook profile with contact, calendar), all documents saved in SharePoint, OneDrive including Team chats are automatically transferred to our 17a-4 compliant archiving system. Also, making it readily available to the FINRA regulator when they come in for their 17a-4 electronic records request to easily download a sample set of any electronic records the firm has save on the Microsoft Cloud going back 7 yrs. (The default retention period AdvisorVault applies to all its customers data to meet rule 17a-4.)


To keep data compliance spending low as possible and also meet FINRA rule 17a-4, there are three simple things a firm can do: (1) Move everything to a complete cloud platform such as Microsoft 365, (2) create a clear IT policy telling employees to use only Microsoft email, Teams, SharePoint and OneDrive, and (3) choose a consolidated 17a-4 D3P to make Microsoft 365 compliant.

About AdvisorVault

AdvisorVault is the only FINRA D3P with a Consolidated 17a-4 Service, designed to give small firms everything needed to meet today’s data compliance demands. Our turn-key approach performs the archiving, retention, and supervision of electronic records no matter where they are stored – in-house or in the cloud. Including the FINRA third party letters with all the required documentation. For one flat monthly fee it’s the only fully 17a-4 compliant option – Complete data compliance peace of mind, out-of-the-box.

Allan Lonz, President
direct: 416-985-0310
Toll free: 1-866-732-1407 ex 1