Reducing risk, both reputational and financial, while providing peace of mind for marketing and compliance leaders, is the key benefit of a FINRA-compliant WORM solution for record retention. As marketers in Financial Services, we have a responsibility to maintain a record of a lot communications and information in a static, but searchable format that can be accessed at a moment’s notice. And we need to retain this for a minimum of several years. So how does a Financial Services marketing department ensure an effective strategy to comply with 17a-4?
Let’s Start with the Basics
Section 17(a) of the Securities Exchange Act of 1934, and more precisely, Rules 17a-3 and 17a-4 (“The Rules”), require that broker-dealers (the “Firm”) create and maintain a thorough record of not only each securities transaction effected by the Firm, but also of its securities business in general. These rules establish minimum requirements for recordkeeping:
- Rule 17a-3 defines which records broker-dealers must retain securities records, order tickets, trade confirmations, account statements, trade blotters, ledgers: asset and liability, customer account, income, along with trial balances, and employment-related documents.
- Rule 17a-4 defines the record retention policy—the time and manner in which these records must be maintained. Additionally, the Financial Industry Regulatory Authority (FINRA) imposes certain recordkeeping requirements firms who are members of that Self-Regulatory Organization (SRO).
It’s sub-part, SEC Rules 17a-4(b)(4), that specifically impacts marketers, as it imposes requirements of the preservation and content of internal and external communications by the Firm.
- Internal Communications: The rules require the preservation of all inter-office message and other internal communications.
The Five “-abilities”
As Financial Services regulations go, FINRA 17a-4 is fairly straightforward. And, like most regulations, the devil is in the details. Originally, the rules applied to paper records and micro-film or microfiche. In 1997, the rules were amended to provide for the use of electronic storage for record retention. Although the rules do not specify any particular technology, they do set forth certain requirements for electronic storage. When I talk to a marketer about 17a-4 compliance, I deconstruct it into five elements that their firm’s approach must provide: the five "-abilities," if you will.
- Immutability
- Discoverability
- Auditability
- Retainability
- Destructibility
Immutability
Immutability means that the final version of the communications or marketing assets and related documentation—as well as any relevant metadata—must be written to an unchangeable archive device, such as a WORM (write once, read many) drive. This ensures that data cannot be changed once it’s written to the device.
Discoverability
Discoverability is the need to have this archive be indexed in a way that makes it fully searchable by the metadata and key attributes so that any information in the communication can be retrieved and reviewed.
Additionally, part of this, 17a-(a)(21), includes that there be “Persons to explain Records and their Content.” This means that there needs to be a listing of the personnel at a particular office who can, with no delay, explain the various information held in the archive and decode how the firm creates, stores, names, and organizes these records.
Auditability
Auditability (my favorite made-up word) covers the need to log and record every event that occurs from the first writing of the data to the moment it is destroyed. Think of it as a “chain of custody” for your archived communications.
Retainability
While 17a-4 specifies the minimum retention period of data (three years), your organization's timeframe may vary. Therefore, the system must support the ability to retain different records per your company's retention policies and procedures. When those policies expire, you end up at the last “-ability.”
Destructibility
The final step for retained records is their expiration and destruction. Financial institutions do not want to hold records for a moment longer than their policies require. So although it’s not explicitly called out in FINRA 17a-4, a key piece of this is the ability to destroy the records when they expire. Your organization will have record-destruction policies that dictate the method of destruction and how many times the device would be overwritten to eradicate any trace of data.
Be FINRA 17a-4 Ready with the Right Technology
How do you ensure that your company complies with SEA FINRA 17a-4 by putting the five “-abilities” to work? Through marketing operations technology. This is 2017, after all.
To make sure that your company’s technology helps you comply with FINRA 17a-4, consider these questions:
- Can I “lock down” all communications and marketing assets and their associated metadata to prevent further edits, but still provide search functionality?
- Can I quickly produce the required information to comply with Legal and Compliance audit requests?
- Does my technology have the capability to retain different records according to my company's retention policies and procedures?
- Can we back up these records to compliant storage at an offsite location?
If you’re at a firm that handles investments (broker-dealer) and your martech stack doesn’t include a WORM-compliant solution for marketing communications, it’s time to close that gap - before you incur penalties and fines. It’s time to invest in a marketing operations platform that automates these procedures. Of course, Aprimo can help.
For more information on these regulations, visit the following supporting sources:
SEC Interpretation: Electronic Storage of Broker-Dealer Records
(17a-3) Records to be Made by Certain Exchange Members, Brokers and Dealers
(17a-4) Records to be Preserved by Certain Exchange Members, Brokers and Dealers
This author is not a lawyer… he hasn’t even played one on TV. However, he has two decades of success operating at the intersection of Marketing, Technology, and CRM for global enterprises. Consult your corporate counsel or compliance officer to ensure that you understand your company’s policies and procedures as it relates to FINRA 17a-3 and 17a-4 compliance.
About the Author
Follow on Twitter Follow on Linkedin More Content by Jonathan Fiur