17a-4’s Designated Third Party Service
The number one Independent D3P provider for US Broker-Dealers.
The Securities & Exchange Act of 1934 Rule 17a-4(f)(2)(ii) requires Broker Dealers to retain a Designated Third Party (D3P) for electronic records archives. D3P’s may be called upon to access and assist a regulator with the production of regulatory records pursuant to a matter.
SEC & FINRA Letters
17a-4’s D3P service includes filing the required Letters of Undertaking and Notification with the SEC and FINRA on behalf of Broker Dealer clients.
Rule 17a-4(f)(3)(vii) – Letter of Undertaking Prepared by the Broker Dealer’s Designated Third Party (D3P) to represent the D3P will assist, if requested, in the production of the Broker Dealer’s electronic records. The D3P is required to understand where the electronic records are retained and the methodology used to search and produce those records.
Rule 17a-4(f)(2)(i) – Letter of Notification This letter may be prepared by the Broker Dealer or D3P and notifies the SRO of Broker Dealer’s intent to deploy a system to retain electronic regulatory records.
D3P Annual Compliance Review
17a-4’s D3P service includes an Annual Compliance Review of the Broker Dealer’s Repository, Procedures and Policies.
Audit of retained data in the electronic archive.
Review of procedures to separate broker dealer records from other institutional records.
Assessment of current policy to cull privileged emails for efficient productions.
Review of steps to facilitate access to records.
Disposition recommendations and best practices.
Periodic calls to discuss Rule 17a-4 options and best practices.
All elements of the D3P ACR are documented and can be incorporated into broader institutional review documents to comply with SEC Rule 206(4)-7) and 38a-1, Sarbanes-Oxley Act (SOX) and FINRA Rule 3130.
Access to the Archive / Repository
Finding an acceptable access procedure is often challenging with large financial institutions. Regulators continue to press institutions to make their systems more secure from hacking or intrusion yet still require a Designated Third Party to have access. 17a-4’s D3P service offers options for clients to balance these two requirements.