Compliance Services

Regulated institutions need to manage a complex web of rules and technologies to stay in compliance.  To successfully address relevant aspects requires knowledge of compliance, legal and IT issues that impact regulated institutions.  17a-4 works with closely with many financial institutions participating in regulatory discussions, annual compliance reviews and infrastructure examinations providing an in depth understanding of industry’s best practices.  As part of consulting services, 17a-4 works with Compliance and IT teams to advise on issues such as how best to archive content, what types of content need to be retained and how to create effective retention, review, supervision and disposition policies.

Designated Third Party Services – SEC / FINRA – Rule 17a-4(f)(3)(vii)) Letters of Undertaking and Notification

The Securities & Exchange Act (SEA) requires that electronic records be maintained in accordance with SEC Rule 17a-4(f).  It also requires that letters are filed with the Broker Dealer’s SRO.

  • 17a-4(f)(3)(vii) – Letter of Undertaking.  Prepared by the Broker Dealer’s Designated Third Party (D3P) to represent the D3P will assist, if requested, in the production of the Broker Dealer’s electronic records.  The D3P is required to understand where the electronic records are retained and the methodology used to search and produce those records.
  • 17a-4(f)(2)(i) – Letter of Notification.  This letter may be prepared by the Broker Dealer or D3P and notifies the SRO of Broker Dealer’s intent to deploy a system to retain electronic regulatory records.

As required by the ’34 Act designating a third party the ability to assist the SEC or other regulator should internal resources not be available, 17a-4 provides both Letters of Notification and Letters of Undertaking.  The D3P service also includes an Annual Compliance Review.

Dodd-Frank Act – CFTC – Technical Consultant to comply with CFR 1.31

Dodd Frank imposes recordkeeping, reporting and disclosure requirements on all Investment Advisers, Broker Dealers, and Major Swap Participants. In all cases, registered advisers are required to maintain records relating to their business activities as mandated by Rule 17a-4 of the Securities Exchange Act (Broker Dealers) and Rule 204-2 of the Investment Advisors Act (Investment Advisors).  17a-4 provides the required CFTC Letters under 17 CFR 1.31 and Dodd-Frank.

Independent Custodian – Encryption Key Management Service

Encrypted messaging platforms such as Symphony, by design, restrict the ability to decrypt messages where only the sender and recipient institutions are in possession of the associated private decryption keys.  Broker /Dealers and Registered Investment Advisors using platforms with end-to-end data encryption to protect confidential client and corporate information require an independent custodian to store and manage the decryption keys.  17a-4’s Independent Custodian service securely stores and manages private decryption keys on behalf of clients for compliance with New York State Department of Financial Services, SEC, and FINRA electronic recordkeeping requirements.  Combining a proprietary Hardware Security Module technology with leading expertise in encryption key management, this service enables registered financial services institutions to deploy and manage encrypted communications.  Regulated data is retained, archived, and available to designated regulatory authorities.

Annual Compliance Review

17a-4’s Annual Compliance Review service offers an opportunity to bring IT and Compliance teams together to go through the current systems and procedures in use and provide best practice recommendations.  These reviews help to clarify an institution’s compliance and business requirements, improve communication of existing policies and procedures and outline a roadmap for changing technologies and new regulations.  All elements of the review are documented for clients and can be incorporated into a broader institutional document such as an Annual Review (Rule 206(4)-7), Rule 38a-1, SOX or other compliance policy record.

Electronic Repository Review

17a-4 provides compliance reviews of archival, supervisory and other types of electronic repositories used to retain regulatory records.  17a-4’s Repository Review provides a comprehensive report of compliance with applicable regulatory requirements and industry best practices.  17a-4 will give guidance as to what technologies are best suited and most cost-effective for clients.  The Repository Reviews may cover supervisory lexicons, supervisory policies and review guidance.

17a-4 also offers Repository Reviews for emerging technologies that need to understand and document Rule 17a-4 compliance for a platform coming to market.

Retention & Disposition Checklist

17a-4 provides the essential steps to develop and implement an effective Retention and Disposition program for email and other records.  With minimal cost and institutional risk, clients can commence the process of disposing of legacy email records. This includes procedures for IT, Legal and Compliance to leverage the technology on hand to engage in an efficient disposition policy.

Supervisory Lexicons

17a-4 works closely with over 500 clients on regulatory reviews, audits, productions and retention policy development which, accordingly, maintains a continually developing lexicon set.  17a-4 understands lexicon sets should be actively monitored for maximum effectiveness.  Standard and custom lexicons are provided with ongoing updates for supervisors to review words and phrase recommended for incorporation.

e-Discovery Production Support

17a-4 can assist with e-discovery productions to alleviate pressure on in house resources.  Archive search and production support services:  Using wildcards, proximity, and Boolean operands.  Determining canonical name and other variations.  Verifying legal / regulatory holds.  Assisting with privilege logs and review. Formatting messages in accordance with production requirements.


Request a consultation here.