Beyond having to follow basic retention schedules and compliance measures, organizations in highly regulated industries must adhere to more stringent requirements such as SEC Rule 17a-4. Failure to comply with these regulations have landed companies into some pretty hot water. An annual report by the U.S Securities and Exchange Commission stated that in 2018 alone, 821 enforcement actions resulted in $3.9 billion in disgorgement and penalties.
This article will delve into what SEC Rule 17a-4 is, which organizations are impacted, four challenges that arise when meeting these requirements, and how to address these challenges to ensure compliance.
What is SEC Rule 17a-4 and which organizations are impacted?
Rule 17a-4 is part of a regulation issued by the US Securities and Exchange Commission (SEC) in accordance with the US Securities Exchange Act of 1934. Under this Act, organizations that operate in the financial service industry (including stockbrokers and brokerage firms) must comply with requirements for electronic data storage. This includes aspects such as retention period, discoverability, accessibility, and accountability.
More specifically, this rule requires that financial firms retain and index records of transactions on indelible media and provide immediate accessibility for this content for two years, and non-immediate access for a minimum of six years. There should be duplicate records kept at an off-site location for the same amount of time. Other communications, including (but not limited to) physically written communication, emails, and instant message should also be retained for three to six years, period dependent on the documents at issue.
What are the consequences for non-compliance?
These requirements are enforced by the Financial Industry Regulatory Authority (FINRA). A non-profit organization authorized by US Congress, FINRA controls the operations and enforces rules that govern the activities of organizations operating in the financial services industry. The SEC and FINRA are two of the most important regulatory bodies in the US financial system.
Under SEC 17a-4, financial firms are under continuous observance and face substantial fines for non-compliance. Monetary fines for breaking regulation range from $1,000 to over $140,000 per breach. There are also non-monetary penalties including suspension or expulsion of the responsible individual and/or entire company, depending on the nature of the breach. One example includes Scottrade getting fined $2.6 million for failing to "have centralized document-retention processes or procedures for all firm departments to follow," however this case is not unique.
With consequences like these, relevant organizations will want to ensure compliance. They will likely face a few challenges along the way...
What four challenges do organizations face with this regulation?
1. Achieve legal/regulatory compliance
The first challenge is making sure that the necessary boxes are ticked to become SEC17a-4 compliant, and remain that way. To do this, organizations will need to make sure that they have the capabilities to:
- Retain relevant content
- Discover and export that content
2. Pass audits to avoid penalties
As discussed in the prior section, consequences of regulation breach are substantial. To avoid fines, loss of certification, loss of credibility, and bad press, organizations must be able to conduct periodic internal and external audits to prove that they are SEC-compliant.
3. Too much content across too many systems
From the inbox to local files, the data that SEC 17a-4 demands be retained can come from one of many different systems. These can get lost, since not all content is known and/or discoverable without the proper tools. Not being able to search and access content will pose a massive risk in proving compliance.
In addition, not all content is properly protected within these systems.
4. Limited internal resources to tackle problem
On top of challenges with ensuring retention, discovery, security and accessibility, often times organizations do not have the time or enough internal resources to properly manage all of this data.
Addressing the four challenges
To meet these requirements, financial firms can select tools which not only comply with SEC 17a-4, but automate the retention process to ensure that compliance is achieved without strain or time from the organization's end users.
Using a tool like Collabspace, a cloud compliance solution, will not only ensure that compliance is met, but will optimize eDiscovery and offer review and audit features. By using Collabspace, organizations will have...
1. Automatic retention ensures SEC 17a-4 compliance
Collabspace uses a data lake approach to records management, meaning that data is automatically streamed into ransomware-proof, WORM-compliant storage. Not only are automated lifecycle workflows applied to this data to ensure end-to-end compliance, but end users can search content across multiple platforms from one place. The automatic optical character recognition (OCR) and audio/video transcription features offer even more content discovery options.
2. Audit features to ease periodic reviews
With features like version tracking and audit lists, organizations can access and export full audit trail and receive content review notifications. This way, audits can be easily conducted both internally and externally whenever necessary to prove regulations are being met.
3. Backup, security, and searchability across multiple platforms from one place
The Collabspace data lake connects all content sources for unified, cross-platform records management. This ensures that all content is properly retained and fully secure with ransomware-proof, WORM-compliant storage. The streamed data has both container and multi-part item-level encryption, and geo-replication for disaster recovery purposes.
As mentioned above, multi-platform content, including traditionally non-text-searchable documents such as image and pdf, are discoverable from one place. Features such as unified search provide advanced filtering for accuracy, and search templates can be built out to make search more efficient.
4. Automation to save time for your team
Whether it's auto categorization of content, automated end-to-end lifecycle workflows, or the audit trail feature, Collabspace not only ensures that SEC 17a-4 compliance is met, but will save end users time with records management and accessing the content they need, when they need it.
Want to learn more about how Collabspace can ensure that your organization meets SEC 17a-4, or another, compliance? We work hard to provide products that meet your organization's regulatory requirements. Contact us with your questions, read our Compliance Checklist, or download our free Collabspace brochure below: