The First Changes in 25 Years, and Why?
SEC Rule 17a-4 and 18a-6 under the Securities Exchange Act of 1934, which define a set of electronic recordkeeping and prompt production of records requirements for registered broker-dealers, security-based swap dealers (SBSDs) and major security-based swap participants (MSBSPs), have their first updates in 25 years. The amendments are effective on January 3, 2023.
The amendments are designed to modernize recordkeeping requirements given technological changes over the last two decades and to make the rule adaptable to new technologies in electronic recordkeeping, quoted from the SEC recent press release. The most noticeable amendment is adding an audit trail as an alternative stated in Rule 17a-4(f)(2)(ii)(A) to the long-ago adopted requirement to preserve records in write-once, read-many (WORM) format. It eliminates the need for firms to deploy a separate electronic recordkeeping system used for compliance purposes only, which also lowers the compliance cost.
Adding Audit Trail as an Alternative Requirement to the Existing WORM-Format
Firms have the final discretion to adopt an electronic recordkeeping system that meets either the audit trail requirement or the WORM requirement. It should provide a complete time-stamped audit trail to preserve electronic records in a manner that permits the recreation of an original record if it is altered, overwritten or erased; defined terms extracted from the final rule include:
- All modifications to and deletions of a record or any part thereof
- The date and time of actions that create, modify, or delete the record.
- If applicable, the identity of the individual(s) who created, modified, or deleted the record.
- Any other information needed to maintain an audit trail of each distinct record to ensure the authenticity and reliability of the record will permit the re-creation of the original record and interim iterations of the record.
The audit trail requirement particularly applies to final records required pursuant to the rules, in lieu of drafts or iterations of records that would not otherwise be required to be maintained and preserved under Rule 17a-3 and 17a-4 or Rules 18a-5 and 18a-6. Moreover, the electronic recordkeeping system used by the firms must automatically verify the completeness and accuracy of its processes for storing and retaining records electronically.
Other Major Amendments
- Eliminates notifying the designated examining authority (DEA) for compliance representation before deploying an electronic recordkeeping system under Rule 17a-4(f)(2)(i)
- Serializes the original and duplicate units of storage media and dates the required period of retention for the information placed on such electronic storage media, if applicable
- Be able to readily download and transfer copies of a record and its audit trail (if applicable) in a human readable format.
- Uses either a backup recordkeeping system or other redundancy capabilities under 17a-4(f)(3)(iii) and 18a-6(e)(3)(iii)
- Provides access rights to the staff of the Commission and other relevant securities regulators to examinate the records via the electronic recordkeeping system.
Don’t Get Fined by SEC and FINRA!
The SEC and FINRA continue to levy steep fines on wealth management firms. As recently as 2022, SEC charged 16 Wall Street firms with widespread recordkeeping failures. The firms admitted the facts and agreed to pay combined penalties of more than $1.1 billion. In 2022 so far, there has been a record year with over 760 SEC enforcement actions representing $4 billion in fines, says Timothy D. Welsh, President, CEO and Founder at Nexus Strategy, LLC, in a webinar conducted by WealthManagement.com and Laserfiche.
Adopt a Robust Enterprise Content Management System
The Compliance landscape keeps rapidly evolving. It is imperative to choose a comprehensive solution that supports the urge to tackle the increasing compliance challenges presented by SEC and FINRA rules with powerful audit trail functionalities, document and records management capabilities and process automation toolsets to make compliance a breeze.
Want to learn more? Access our Laserfiche Records Management solution page and learn more about how you can partner with Laserfiche to simplify recordkeeping compliance in your firms.
This article was originally published on the Laserfiche Blog. Laserfiche is a leading SaaS provider of intelligent content management and business process automation.