The Securities & Exchange Act of 1934 Rule 17a-4(f)(3)(vii) requires Broker Dealers to retain a Designated Third Party (D3P) for electronic records archives. D3P’s may be called upon to access and assist a regulator with the production of regulatory records pursuant to a matter.
Since 2001, we have worked with the SEC being retained as an expert witness for e-messaging retention matters and broker dealer clients.
17a-4, LLC is the leading D3P provider for US Broker-Dealers. We focus on e-messaging retention requirements and compliant technologies. Since we work with so many firms, we can offer a unique perspective as to what industry leaders are doing with respect to messaging platforms, social media, trading databases and sales or CRM systems. Though 17a-4 will never disclose a specific client and what they are doing to comply with retention regulations, the extensive work across the different types of financial institutions provides a deep knowledge base for guidance as to best practices of peers.
Unlike many other Designated Third Parties, we combine a high level of knowledge with respect to both technology and compliance. Our large client base enables a deep understanding of the architecture of systems and repositores like SharePoint, OpenText, Schwab Compliance, Sungard, SQL databases, Microsoft’s Office 365, Amazon’s AWS, Salesforce, Symphony, Bloomberg and the many other platforms in use by financial institutions. 17a-4 provides a deep understanding of the various industry tools available.
The heart of the D3P service is the Annual Review. Having both IT and Compliance participate in a meeting to complete our 17a-4 D3P Questionnaire offers an opportunity to bring these teams together to ensure current systems and procedures are in compliance and to review best practice recommendations. This process encourages a meeting of the minds as to how IT is supporting Compliance. It also helps clarify an institution’s compliance and business requirements, improve communication of existing policies and procedures and outline a roadmap for changing technologies and new regulations. All elements of the review are documented for clients and can be incorporated into a broader institutional document such as an Annual Review (Rule 206(4)-7), Rule 38a-1, SOX or other compliance policy record.
17a-4’s D3P service includes filing the required Letters of Undertaking and Notification with the SEC and FINRA on behalf of Broker Dealer clients. These filings are an essential component of Broker Dealer compliance. Only non-registered clearing organizations, depositories, transfer agents and other entities that retain records but do not have an SRO are allowed to file directly with the SEC.
Prepared by the Broker Dealer’s Designated Third Party (D3P) to represent the D3P will assist, if requested, in the production of the Broker Dealer’s electronic records. The D3P is required to understand where the electronic records are retained, and the methodology used to search and produce those records. The Letter of Undertaking is filed via the FINRA Gateway.
This letter may be prepared by the Broker Dealer or D3P and notifies the SRO of Broker Dealer’s intent to deploy a storage system to retain electronic regulatory records. The Letter of Notification should be filed 90 days before deploying the electronic archive. The Letter of Notification is filed via the FINRA Gateway.
As a D3P compliance provider, we understand the complexities of enterprise infrastructures. Finding an acceptable access procedure is often challenging with large financial institutions. Broker Dealer compliance requirements can make adhering to corporate security policies a difficult task. Regulators continue to press institutions to make their systems more secure from hacking or intrusion yet still require a Designated Third Party to have access. 17a-4’s D3P service offers options for clients to balance these requirements. You choose which access method will work for your firm.
We understand Broker Dealer will always respond to regulators requests. As such, we strive to add value to our D3P service. We want our Clients to not only “check the box” for Rule 17a-4 compliance but also think of us as their partner in messaging compliance.
We have done extensive work with Rule 17a-4 compliance and a couple decades of helping Clients respond to regulatory requests. If the regulators show up and you are worried about the process… or the outcome, let us help! We know what to expect and how best to prepare and respond. You can be comfortable with the knowledge that you will have no surprises because you are fully compliant.
Our expertise with archives and emerging communication and collaboration technologies puts us in a unique position to provide our Clients with industry insights and feedback. D3P Clients are welcome to reach out throughout the year between reviews for a consultation. Perhaps you are considering at a new chat system or document collaboration tool and you want to get our industry feedback. Maybe a new archive is in order but there are so many to choose from and you need help figuring our which will work best for your firm. Give us a call! Included with your D3P service is any number of consultations you need to ask these types of questions and leverage our expertise in emerging technologies and options for compliant deployments.
Our D3P questionnaire is another way we add value. This document can be incorporated with other compliance documents for regulators, but it can also be used to keep track of your data and risk. We document where your data is, if it’s in WORM and what systems are in use that need to be considered for WORM. Further, we track versions and infrastructure changes. Many Clients remark on how useful this document is to their IT and Compliance teams.