SEC 17a-3 and 17a-4 and KOMpliance

SEC 17a-3 and 17a-4

SEC 17a-3 and 17a-4 apply to all Defined Exchange Members

  • SEC 17a-3 specifies the records to be made by Certain Exchange members.
  • SEC 17a-4 specifies the records to be preserved by Certain Exchange Members.

Together they specify the rules surrounding supervision, records retention, non-rewriteable storage, and ease of retrieval and viewing. Paragraph (f)(2)(ii)(A) of Rule 17a-4, requires broker-dealers maintaining records electronically to use a digital storage medium or system that "preserves the records exclusively in a non-rewriteable, non-erasable format."

  • NASD 3010 requires member firms to supervise the activities of each registered representative. The supervisory responsibility of the member firm covers the use of email, group email, bulletin boards, chat rooms, and websites when it relates to the firm’s business member firms.
  • NASD 3110 addresses the document storage and accessibility (Books and Records) requirements for NASD registered representaties, and is largely based on the SEC 17a-4 rules regarding electronic document storage.

Penalties:

Large fines ($50 million in one case) and penalties and sanctions that can severely impair the business. Public disclosures can decrease investor confidence and damage brand/reputation.

How KOMpliance Helps Meet SEC 17a-3 and SEC 17a-4 Requirements

Standard Summary of Requirements Solutions
Rule 17a-4(a)(b)(c)(d)(e)
Preservation of Records		 Every member, broker and dealer subject to § 240.17a-3 shall maintain and preserve records for periods that range from three years to the life of the enterprise and any successor enterprises.
These records are typically required to be maintained and preserved in an easily accessible place.		 Fully supported by KOMpliance®
KOMpliance can automatically retain records of different types for specified time periods.
KOMpliance e-WORM preserves retained records immutably, protecting them from all changes.
KOMpliance preserves an audit trail of all file access attempts.
Rule 17a-4(f)(2)(ii)(A)
Acceptable Media

The electronic storage media must:
Preserve the records exclusively in a non-rewriteable, non-erasable format;

The SEC interpretive release states:
“A broker-dealer would not violate the requirement in paragraph (f)(2)(ii)(A) of the rule if it used an electronic storage system that prevents the overwriting, erasing or otherwise altering of a record during its required retention period through the use of integrated hardware and software control codes.”

 Fully supported by KOMpliance®

This requirement is fulfilled by storing files to a KOMpliance® e-WORM volume. e-WORM creates a WORM drive on HDD or SSD media.

Data stored to the KOMpliance® Volume (email, files, documents, and so on) using e-WORM is not modifiable for the whole duration of the file retention period. 
Rule 17a-4(f)(2)(ii)(B)
Quality Verification		 Verify automatically the quality and accuracy of the storage media recording process; Fully supported by KOMpliance®
  • Writes are verified by hardware to ensure that the committed buffers are identical.
  • The final phase of the commit process validates and compares the entire contents of the archive storage volume with the original contents.
  • KOMpliance® creates a digital signature that is used to validate and compare the archive volume contents with the original image.
  • KOMpliance® provides a WORM digital signature validation capability. This provides a complete validation of the accuracy of the recording process and guarantees the integrity of the contents.
Rule 17a-4(f)(2)(ii)(C)
Record Duplication and Time-Dating		 Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; Fully supported by KOMpliance®
  • Serializes the archive media and the associated duplicates stored.
  • The retention period is stored on the archive media.
  • Files with common retention periods are grouped together and archived on the same archive media.
  • The retention period is propagated across all the duplicates.
  • Each archive storage volume has a Unique Identifier and creation information.
  • Each duplicate archive volume maintains references to the original master and the serial number of the archive volume it was duplicated from.
Rule 17a-4(f)(2)(ii)(D)
Downloadable Indexes and Records		 Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member. Fully supported by KOMpliance®
The files stored in KOMpliance® are readily available and fully accessible by authorized users and applications. The files can be readily copied to media of choice; as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.
Rule 17a-4(f)(3)(i)
Easily Readable Images		 If a member, broker, or dealer uses micrographic media or electronic storage media, it shall:
i) At all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images.		 Fully supported by KOMpliance®
Rule 17a-4(f)(3)(ii)
Facsimile Enlargement		 Be ready at all times to provide, and immediately provide, any facsimile enlargement which the Commission or its representaties may request. Fully supported by KOMpliance®
Rule 17a-4(f)(3)(iii)
Separate Storage of Duplicate Records		 Store separately from the original, a duplicate copy of the record stored on any medium acceptable under Rule 17a-4 for the time required. Fully supported by KOMpliance®
  • Supports data replication and duplication to duplicate media acceptable under §240.17a-4 at one or more sites for the time required.
Rule 17a-4(f)(3)(iv)
Organizing and Indexing of Records

“Organize and index accurately all information maintained on both original and any duplicate storage media.

(A) At all times, a member, broker, or dealer must be able to have such indexes available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.

(B) Each index must be duplicated and the duplicate copies must be stored separately from the original copy of each index.

(C) Original and duplicate indexes must be presered for the time required for the indexed records.”

 Fully supported by KOMpliance®
  • Indexing is created by the authoring and managing applications.
  • All data that is stored on KOMworx archive volumes is readily accessible at all times.
  • All the contents of the archive storage volumes is duplicated to separate archive media of choice.
  • All originals and duplicate volumes are retained for the same exact period.
Rule 17a-4(f)(3)(v)
Audit System

The member, broker, or dealer must have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved pursuant to Rule 17a-3 and Rule 17a-4 to electronic storage media and inputting of any changes made to every original and duplicate record maintained and preserved thereby.

(A) At all times, a member, broker, or dealer must be able to have the results of such audit system available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.

(B) The audit results must be presered for the time required for the audited records.”
The SEC interpretive release states: “The audit procedures for a storage system using integrated software and hardware codes to comply with paragraph (f) would need to provide accountability regarding the length of time records are stored in a non-rewriteable and non-erasable manner.”

 Fully supported by KOMpliance®
  • The file creation and modification dates are readily accessible and can be easily audited to validate and confirm when the data was input into the volume
  • The creation and logging of the Audit information is the sole responsibility of third party applications
  • All audit information committed to the archive volumes will be retained according to the assigned retention policies
Rule 17a-4(f)(3)(vi)
Documentation		 “The member, broker, or dealer must maintain, keep current, and provide promptly upon request by the staffs of the Commission or the self-regulatory organizations of which the member, broker, or broker-dealer is a member all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes.”

 Fully supported by KOMpliance®
Files stored within KOMpliance® volumes are readily accessible using standard system tools and applications.
Rule 17a-4(f)(3)(vii)
Third-party Access Filing		 “For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party (‘the undersigned’), who has access to and the ability to download information from the member’s, broker’s, or dealer’s electronic storage media to any acceptable medium under this section, shall file with the designated examining authority for the member, broker, or dealer the following undertakings with respect to such records:*”
*The following information was omitted because it pertains specifically to the responsibilities of the third parties.		 Fully supported by KOMpliance®
Can provide current data formats and data to a third-party record download provider.
Rule 17 CFR Part 248.30
Procedures to safeguard customer records and information.
Regulation S-P		 Every broker, dealer, ... registered with the Commission must adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.

(a) Insure the security and confidentiality of customer records and information;

(b) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(c) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

 Fully supported by KOMpliance®
Data stored to the KOMpliance® Volume is not modifiable (No Edits, Deletes, Moves, Copies) for the duration of the file retention period.

Data stored to the KOMpliance® Volume is automatically encrypted and cannot be read even if the drive is removed.

Access can be fully restricted, preventing even system administrators from viewing records.

Additional Information:

http://www.sec.gov/rules/interp/34-47806

Copyright © 2019, KOM Software, Inc.

What Our Clients Say

  • KOMpliance provides us with functionality that wasn’t available before. We no longer have to worry about meeting different regulatory requirements for different types of studies or patients.
  • 1
  • 2
  • 3
  • 4
  • 5