The Securities & Exchange Act of 1934 Rule 17a-4(f)(2)(ii) requires Broker Dealers to retain a Designated Third Party (D3P) for electronic records archives. D3P’s may be called upon to access and assist a regulator with the production of regulatory records pursuant to a matter. 17a-4 provides Letters of Notification (SEC Rule 17a-4(f)(2)(ii)), Letters of Undertaking (SEC Rule 17a-4(f)(3)(vii)) and CFTC Letters under 17 CFR 1.31. D3P services include Annual Compliance Reviews.
Annual Compliance Review
17a-4’s Annual Compliance Review offers an opportunity to bring IT and Compliance teams together to ensure current systems and procedures are in compliance and to review best practice recommendations. Compliance Reviews help to clarify an institution’s compliance and business requirements, improve communication of existing policies and procedures and outline a roadmap for changing technologies and new regulations. All elements of the review are documented for clients and can be incorporated into a broader institutional document such as an Annual Review (Rule 206(4)-7), Rule 38a-1, SOX or other compliance policy record.
17a-4 works closely with over 500 clients on regulatory reviews, audits, productions and retention policy development and maintains a continually developing lexicon set. 17a-4 understands lexicon sets should be actively monitored for maximum effectiveness. Standard, custom and topical lexicons are provided with ongoing updates for supervisors to review words and phrases recommended for incorporation into larger sets.
For emerging technologies that need to understand and document Rule 17a-4 compliance for a platform coming to market. Audits include a complete technical review and a compliance report documenting which requirements have been met.
17a-4 provides compliance reviews of electronic repositories used to retain regulatory records. Reviews include a comprehensive report of how a repository complies with applicable regulatory requirements and industry best practices as well as guidance as to what technologies are best suited and most cost-effective for clients.
Data Defense for AI Compliance
Financial institutions that use Algorithmic Trading and Robo Advising Strategies are required to comply with strict archiving and supervisory regulations for data-driven software that interacts with markets or clients. 17a-4’s Data Defense Service enables clients to both meet these regulatory requirements and provides for strong data defensibility compliance, consisting of: Model Explainability – Enables compliance, audit, and risk personnel to document AI-model data compliance with regulatory and legal requirements as well as the firms’ policies, procedures, and risk management. No Algorithmic Bias – Implements firm-wide data management policies and procedures to confirm data sets are complete, current, and accurate. Provides demonstrable actions for a firm to limit the potential for unfair bias resulting from data integrity or dataset demographic failures. Data Governance – Use of technology and data management procedures to demonstrate data source verification, integration, security, and quality metrics.
Independent Custodian Encryption Key Management Service
Broker Dealers and Registered Investment Advisors using platforms with end-to-end data encryption to protect confidential client and corporate information require an independent custodian to store and manage the decryption keys. 17a-4’s Independent Custodian service securely stores and manages private decryption keys on behalf of clients for compliance with New York State Department of Financial Services, SEC, and FINRA electronic record-keeping requirements.
17a-4’s Compliance Services team can assist with eDiscovery productions to alleviate pressure on in-house resources. Archive search and production support services includes assistance with privilege logs, culling and review.