Compliance officers end up feeling like they’re hanging from a tree, scratching their heads when it comes to FINRA rule 17a-4. Its complex and they need to also understand the technology behind it; at the same time, few have the expertise to fully grasp it. However, the best way to approach 17a-4 (especially if you’re a small firm) is choosing a vendor that offers a Consolidated 17a-4 Third Party (D3P) Service – this will simplify and keep the cost of achieving compliance with rule 17a-4 low as possible.

We understand small FINRA firms can’t spend thousands of dollars a year trying to keep compliant with FINRA rule 17a-4; they must continually find ways to keep this cost low as possible, that’s why we created the only Consolidated 17a-4 Designated Third Party (D3P) Service to solve this unique problem.

A Consolidated 17a-4 D3P Service: The Key for Small FINRA Firms

What usually happens these days when it comes to electronic data retention , when we are talking about FINRA firms, such as banks, broker dealers, hedge funds, Investment advisors and private equity firms is that they are forced to use several vendors to help them achieve all the requirements of 17a-4. For example, they must hire one provider for email archiving, one to backup their books and records and another to act as their D3P as well as provide disaster recovery. Because of this, they eventually end up paying too much and making the whole compliance process more complex than it has to be.

AdvisorVault’s Consolidated D3P Service is a complete solution that solves this problem. Priced at one flat monthly fee, we include everything needed to achieve all the electronic records archiving demands of rule 17a-4. Essentially, as the D3P chosen for FINRA compliance AdvisorVault does the actual data backup and archiving and performs all the other functions needed as the designated third-party downloader service. By using AdvisorVault, the whole compliance process is simplified, thus, making audits easier to pass with a large reduction in the cost of compliance. Further, these key features are included in the AdvisorVault consolidated 17a-4 D3P service.

“FINRA likes it when a firm consolidates their data archive with one D3P vendor because this makes the 17a-4 electronic requests easier for everyone. Choosing a Consolidated D3P will retain all data within the cloud such as full email accounts with contacts/calendar/complete profile, books, and records (Word docs, scanned data, and customer databases). In addition, the D3P will backup data for disaster recovery with documentation included for FINRA who also will be willing to act as the downloader if requested by FINRA.”

Features of a 17a-4 Consolidated D3P Service

A FINRA 17a-4 Consolidated D3P Service must have four features. This is important it includes these features because firms don’t want to search for several vendors to achieve compliance, also FINRA likes this since it makes the electronic records request easier, but most importantly, it will keep the cost of data compliance low because there is only one D3P taking care of data compliance. Features of a Consolidated 17a-4 D3P:

One: Email Archiving

First thing, the Consolidated D3P will perform the archiving of email. This is important because during the FINRA electronic records request this is what the auditor will want to see right away as part of the 17a-4 supervision. However, the problem today email is so dispersed; firms now use cloud services, in-house emails systems and mobile devices to access their messages, therefore, as part of the D3P service a provider needs to be able to connect to all these various systems, take a copy of messages and store them compliantly. Also, it’s important that the provider performing the email archiving can also offer full cloud email archiving to clients. For example, the D3P’s email archiving service should connect seamlessly into cloud email and transfer it to 17a-4 compliant storage.

Two: Books and Records Archiving

Once a full email archiving process is in place, FINRA members need to make sure data contained in the books and records is properly archived with the D3P. The difficulty here is that books and records data is contained throughout the firm in many different formats such as Office documents, scanned files, data bases, and branch offices or uploaded to the cloud. The key here also is to make sure all this data is easily stored in an SEC format compliant with the electronic records archiving rules of SEC 17a-4. Therefore, the D3P must have an automated method to connect to all these various systems, make a copy of the data stored on them so it can be transferred to 17a-4 compliant storage. In addition, the D3P also has to offer the FINRA firm a few added features to achieve the ongoing supervisory rules of 17a-4:

  • Daily Alerts and Reporting. Compliance officers and key personnel must receive regular reports of the data archiving process done by the D3P as part of 17a-4. Reports as well as regular emails showing what data has been archived will form a critical part of the FINRA firms’ supervisory process so it can be proven to regulators during an audit

  • Sample Data Sets. Similarly, to email, regulators will ask for a sample data set contained in the firms books and records. FINRA firms, such as broker-dealers will be asked to provide a sample of data being archived with the D3P, this should be a simple process that compliance officers perform themselves during an audit

  • Secure Consolidated Access. The D3P should also have a secure consolidated web interface that compliance officers and other key personnel can use to search as well as download sample data sets to their computers so they can make copies of this data to DVDs which can be given to auditors when requested

  • Electronic Records Supervision: To ensure full compliance with 17a-4, FINRA firms must have a built-in tool to perform the ongoing supervision of electronic records, and to be able to access their data archive during an audit. Therefore, the D3P should include a secure web interface which provides compliance officers and other key employees the ability to access and download electronic records to their hard drives so that sample copies of data can be made for regulators on the spot. In addition, this supervisory tool needs to have automatic indexing built into it so that searches can be done quickly, and all data is included to provide full seven-year access to data as required by 17a-4 for FINRA electronic records retention compliance

Three: The 17a-4 Third Party Service

The 17a-4 Third Party: As part of their service, the D3P must be able to access the FINRA firm’s data archive. In addition, they need to download any data in a format readable by auditors. This is critical because archiving data as required by rule 17a-4 can be a complex technical undertaking that auditors don’t want firms to miss the mark on, so as a result they need to rely on a secondary third party that has the technology to offer FINRA firms such as broker-dealers the ability to properly outsource the archiving of electronic records, so they are retained and accessible in their original format.

Four: Documentation

As their final obligation, the 17a-4 D3P must provide two compliance documents to customers: (1) the 17a-4 3rd Party Storage Provider Letter and (2) the 17a-4 Broker Dealer Letter.

Summary

Using a Consolidated 17a-4 Designated Third Party (D3P) Service is the best way for small FINRA firms to get a handle on data compliance today. AdvisorVault’s Consolidated D3P service is a complete solution combining data backup, email archiving with retention of electronic records to a secondary 17a-4 compliant system, including the 17a-4 third party downloader service with all the required documentation. For one flat monthly fee its the only fully 17a-4 compliant option for small FINRA firms.

About AdvisorVault

AdvisorVault is the only FINRA D3P with a Consolidated 17a-4 Service, designed to give small firms everything needed to meet today’s data compliance demands. Our turn-key approach performs the archiving, retention, and supervision of electronic records no matter where they are stored – in-house or in the cloud. Including the FINRA third party letters with all the required documentation. For one flat monthly fee it’s the only fully 17a-4 compliant option – Complete data compliance peace of mind, out-of-the-box.

Allan Lonz, President
alonz@advisorvault.org
direct: 416-985-0310
Toll free: 1-866-732-1407 ex 1