Skip navigation

17a-4 Compliance Services

The #1 D3P Rule 17a-4 Compliance Services Provider

17a-4 provides compliance management solutions and regulatory compliance services to Clients operating in highly regulated industries including financial services, healthcare, and government.

17a-4’s Compliance Services team mission is to help Clients address complex regulatory compliance requirements – by turning business risk into best practices.

Our team has deep technical expertise and is comprised of engineers, operators, and solution specialists as well as our regulatory compliance subject matter experts. We focus on delivering solutions to Clients that meet their compliance challenges with a technology-first approach rooted in rigorous security, audit, and documentation best practices.

Let us help you identify risk and close the gap for full compliance.

If you’ve discovered some records or systems in use that are not being archived and you worry you are out of compliance, let us help.

Our Compliance Services team will do a thorough review of your data and explain applicable regulations so we can help you understand where your data is and how to comply with rules, policies and current guidance. We will provide industry best practices and recommendations so you can control your data and stay in compliance.

17a-4 has a long history working with IT and Compliance teams and we can help you navigate the adoption of a new technology so that both teams are happy with outcome.

There is no need to pass on new technologies and platforms that can help your business grow. Let our team help you deploy the latest and greatest technologies for business communications and growth while still satisfying all your security and compliance polices. Our expertise in this area is unsurpassed. We’ve helped Clients small to Enterprise roll out chat and document platforms, so IT, Legal and Compliance teams are happy with the outcome.

17a-4 Compliance Services


Get in Contact – our Compliance Services team is ready to help you today!

  • Fill out one of the many forms on this site
  • Shoot us an email at
  • Give a call to (212)949-1724

A Compliance Services associate is available to provide you with more details on our offerings and answer all your questions so you can decide if we can help.

There are no fees associated with the first consultation to review your needs and our offerings.

Designated 3rd Party Services

The Securities & Exchange Act of 1934 Rule 17a-4(f)(2)(ii) requires Broker Dealers to retain a Designated Third Party (D3P) for electronic records archives. D3P’s may be called upon to access and assist a regulator with the production of regulatory records pursuant to a matter.

Since 2001, 17a-4, LLC has worked with the SEC being retained as an expert witness for e-messaging retention matters for broker dealer clients. 17a-4 provides Letters of Notification (SEC Rule 17a-4(f)(2)(ii)), Letters of Undertaking (SEC Rule 17a-4(f)(3)(vii)). D3P services include Annual Compliance Reviews, Archive Audits and Rule 17a-4 Compliance Consultations.

More about our D3P service

Fully Paid Lending 3rd Party Collateral Administration 

The Securities & Exchange Act of 1934 Rule 15c3-3 requires broker-dealers operating programs in which they borrow fully paid and excess margin securities from customers (Fully Paid Lending Programs, “FPL”) to comply with the specific collateral requirements to ensure the protection of customer accounts.

17a-4’s Fully Paid Lending 3rd Party Collateral Administration (“FPLCA”) services provide collateral administration in connection with a broker-dealer Client FPL Program. The service ensures the Collateral provided by the Client complies with the requirements of Rule 15c3-3 and confirms successful Collateral delivery of equal or greater value to that of the loaned securities. 17a-4’s industry-leading compliance monitoring and compliance reporting tools enable FPL programs to successfully comply with SEA Rule 15c3-3.

More about our FPLCA service

Meeting & Collaboration Compliance

17a-4’s DataParser software is the leading independent software to capture many types of online meeting content for regulatory requirements and eDiscovery. Leveraging the expertise of our software developers, testing teams and partner relationships, we can guide your compliance and legal teams through the adoption of online meeting and collaboration tools to ensure your institution complies with applicable regulations. As meeting and collaboration technologies are constantly changing and each new feature or add-in becomes available, we work with our partners to determine how best to collect data and when to use administrative controls or policies.

Examples of our expertise include:

  • Capturing in-meeting chat content in Zoom, Microsoft Teams and Salesforce Slack;
  • Tagging external users’ data;
  • Using add-in App integrations like Polls, Whiteboards and Q&As;
  • Capturing meeting participant data including when they enter or leave a meeting.

Jurisdictional Archiving and Content Protection

Large, global institutions have the challenge to balance the efficiencies of a single archive with the regulatory and jurisdictional risks of having content available to regulations and litigation. We believe that compliance and legal teams need to work with their IT departments to determine how best to minimize the regulatory and litigation risk of confidential M&A, Intellectual Property, and other confidential content.

17a-4 does not provide archiving services but works with the major archive vendors to determine how they handle jurisdictional archiving and what are the current industry ‘best practices.’

Independent Custodian Encryption Key Management Service

Broker Dealers and Registered Investment Advisors using platforms with end-to-end data encryption to protect confidential client and corporate information require an independent custodian to store and manage the decryption keys. 17a-4’s Independent Custodian service securely stores and manages private decryption keys on behalf of clients for compliance with New York State Department of Financial Services, SEC, and FINRA electronic record-keeping requirements.

Blockchain Data Services 

17a-4 Blockchain Data Services provide blockchain node management and data archiving to support Broker-Dealers, CPO/CTAs, and Investment Advisors capture data from public blockchain ledgers and digital asset activities.

Blockchain Data Service runs archive nodes, on behalf of our Clients, on the leading public blockchains: Bitcoin, Ethereum, Solana, and Binance Smart Chain. As part of the daily data feed, our data services extract new blockchain data and parse it to make it easily reviewable and available to send into Client’s archive or cloud storage location.  Blockchain Data Services include:

  • Providing data extracts on a recurring basis for the leading public blockchain ledgers.
  • Cleansing and normalizing data to enable supervisory review and archiving.
  • Providing capability to derive insights from the compliance data, including attribution data (i.e. to whom a particular UXTO address belongs).
  • Provide a means to demonstrate compliance data archived is accurate and complete.

Digital Asset Compliance Consulting Advisory

The growth of the digital asset space has led to the advent of digital asset managers and other investment firms that make digital asset investments on behalf of their clients. As a result, digital assets including cryptocurrencies, DeFi protocol tokens, and other blockchain focused assets continue to be a focus area for the U.S. Securities and Exchange Commission (SEC), CFTC, and other regulators.

17a-4 assists digital asset managers and other broker-dealer and investment adviser firms in meeting compliance requirements from digital asset activities. The 17a-4 Digital Asset Compliance Consulting team understands how digital asset compliance affects all aspects of a Client’s business ― from operations and risk management to sales and marketing.

As a Compliance Advisor, we develop an intimate understanding of the Client’s business so we can provide proactive compliance support tailored to their respective needs and regulatory requirements. Our team is comprised of former financial regulators, lawyers, general securities principals, FINOPs, and experienced compliance and IT professionals that understand the digital asset regulatory environment and are well poised and experienced to bring you cost-effective regulatory advice and counsel. Furthermore, our dedicated focus on the regulatory environment assures that we remain abreast of new regulatory initiatives so that we can provide Clients advance warning coupled with leading edge solutions to help navigate the compliance landscape.

Our solutions are specifically designed to help Digital Asset Managers, Broker-Dealers and Investment Advisors align their advisory processes with regulatory requirements and the expectations of the SEC and the U.S. Commodity Futures Trading Commission (CFTC).

Archiving Best Practices

Identify your Data

The first part of creating and managing a compliant and legally defensible archive is to ensure that you know where all your data is. This can be a tricky process. You may think, email, chats, documents, what else is there? The answer, a lot. General ledgers, Prospectuses, HR records, Marketing and Sales materials, Client Meeting Information, Databases… the list goes on.  A thorough review of systems in use and where records reside is integral to identify corporate risk.

This is not to say you necessarily want all your data in your archive, but you must know what you have and where it is, to know if you are out of compliance. Penalties that are levied for non-compliance when it comes to records preservation can be hefty.  Not knowing where all corporate data/records is puts organizations at risk for fines as well as ligation and accidental data deletion.

Create a Unified Archive

The best way to control corporate data is to bring it into one archive.  However, this is not as easy it as sounds. With many different types of data coming from many different sources, getting all of it into one location can be a complicated process. Then to decide what is the best archive software for your business.

Cloud archives seem a natural fit for cloud data sources and cloud-based email systems but an on-premise archive may make more sense when managing enterprise security policies and hybrid email environments. DataParser is designed to help with exactly these issues.

Collecting data directly from the source, maintaining the chain of custody, threading all chats, reconciling all data to users and reporting on all processes are key features of DataParser that help users manage a compliant and unified archive.

Retention and Supervision Policies

The purpose of an archive is to preserve corporate data. Once you’ve cleared the hurdle of getting your data into your archive, you’ll need to decide how best to manage it. The goal is to minimize risk and adhere to organization policies and governing regulations – most archive have multiple features to achieve this.

Retention polices can be used to designate what data gets held and for how long. Regulated users, like broker dealers, must adhere to SEC and FINRA record retention requirements and keep copies of all communications in WORM (Write Once Read Many) in the business archive.

eDiscovery processes can then be performed in the case of litigation or regulatory review. Others, like Investment Advisors, require Supervision policies and procedures in place to ensure proper adherence to governing rules.

Disposition polices that remove or delete old data are also important to consider. Not only will you keep your archival storage costs down but you’ll also mitigate your corporate risk.

17a-4 in the News

View All Articles