The Modernization of SEC 17a(4) Recordkeeping Rules and the Business Impact for Financial Services
A consistent refrain from SEC Chairman Gary Gensler since his appointment has been the acknowledgment of the widening gap between today’s communication technologies and existing recordkeeping rulesets. While this may be a Captain Obvious statement to anyone attempting to reconcile the concepts of 1990s era WORM-based spinning disk storage devices with interactive, multi-modal, asynchronous communication sources, it has not been clear to date exactly where and how the SEC envisioned this gap being addressed.
However, with the growing fascination and demand for cryptocurrencies and their underlying blockchain and distributed ledger infrastructures, it’s clear that the time to act has arrived. Which brings us to the arrival of the proposed update to SEC Rules 17a-4, along with SEC 18a-6 (for firms not registered as broker-dealers).
Summary of the Rule
Record Preservation Requirements for Broker-Dealers (17a-4) and SBSD and MSBSP not registered as BDs (18a-6).
Amendments to Rule 17a-4 would now allow an audit-trial alternative to the current requirement that digital records be preserved exclusively in a non-rewriteable, non-erasable format. Rule 18a-6 (non-bank SBS Entities) would now include either WORM or an audit-trail alternative requirement.
In essence, the SEC seeks to make 17a-4 more focused on maintaining and preserving digital records in a manner that protects the authenticity and reliability of original records, versus focusing on the underlying technology. Registrants would have the flexibility to preserve all their electronic records, either by:
- Consistently using an electronic recordkeeping system that meets the audit-trail requirements
- Consistently using an electronic recordkeeping system that meets WORM (write once, read many) requirements
Or by:
- Preserving some digital records using an electronic recordkeeping system that meets the audit-trail requirement and preserving other digital records using an electronic recordkeeping system that meets the WORM requirement
One noticeable change in the proposed rule would be to eliminate the provision that a broker-dealer engage a third party who has access to, and the ability to, download information from the broker-dealer's digital storage media to any acceptable medium under the rule (SEC 17-4(f)). The requirement calls for the designation of a third party to provide access to the broker-dealer’s electronic records and provide them to the SEC and other securities regulators upon request.
This will now be the responsibility of a broker-dealer senior officer. Amendments would always require that at least one senior officer of the broker-dealer, who has independent access to, and the ability to, provide the records execute the undertakings.
Records and audit trails must be furnished to the SEC in a reasonably usable digital format that is compatible with commonly used systems for assessing and reading electronic records. Beware of proprietary digital formatted records. (See Section II Proposed Amendments, subsection D for Requirements for Electronic Recordkeeping Systems.)
The amendments would also eliminate the need for broker-dealers to notify their designated examining authority of which third party it intends to use, prior to (at least 90 days) employing digitally stored media.
Potential business impact
The proposed change raises several important questions, including:
- What is the current market demand to store digital communications on distributed ledger technology?
- Will adoption be focused on transactional and structured trade data, such as swaps?
- How soon will the market acceptance of cryptocurrency securities change these dynamics?
While these questions get sorted over the comment period prior to adoption, we thought we’d get the perspective of one of the leaders in FINRA’s early efforts toward technology modernization, former CIO Marty Colburn.
Marty indicated this change could be a compelling reason for those interested in exploring audit trail technology to streamline compliance by integrating items like transactions into one system for reconciliation — typically addressed via downstream processes.
As Marty said, “it took several years to see any adoption after the consolidated audit trail was implemented, and I’d not expect anything different here.” Marty also said that he could envision those communications among multiple parties involved in cryptocurrency securities or digital asset transactions could potentially benefit by making it easier to associate communications to their specific block in the chain.
However, understanding the required investments to modify existing processes and languages to make these associations will likely result in smaller fintech firms moving faster and farther than their larger counterparts, at least in the short term after the final rule is implemented. The result, as Marty noted, is an opportunity for innovation — where the agility, flexibility and business focus on one’s communications technology infrastructure will have a very strong influence in determining the next generation of market leaders.
Share this post!
Tiffany Magri
Latest posts by Tiffany Magri (see all)
- From Hypothetical Performance to Real Consequences: SEC’s Message to Advisers - April 15, 2024
- Navigating the SEC’s Expanded Dealer Definition - March 6, 2024
- Digital Communication Preservation: Highlights of the DOJ and FTC’s Imperative Guidance - February 27, 2024
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US