Whats an SEC 17a-4 Distributed Paperless Office?

A distributed paperless office is converting all documents to electronic, uploading them to the cloud, sharing them among clients, employees and partners for access to data anytime from anywhere.

However, when documents are initially scanned, where should they be stored? And once uploaded to the cloud, how can they be kept in their original format? And lastly, when they are stored in the cloud, how will they be indexed so that they can be easily searched and retrieved if requested by auditors? These questions must be answered before going paperless.

  1. Dropbox. This is probably the most popular cloud solution used by small firms and its actually quite easy to make this compliant because during installation creates a local folder on each PC which can then be backed up to a third party’s SEC compliant storage. It simply requires a user who has elevated privileges to the Dropbox folder structure
  1. Google Docs. Is another useful cloud solution suited to FINRA firms. However, to make Google Docs compliant an extra step is needed. The Google Drive is free and needs to be installed on a least one PC to get direct access to records uploaded to Google Docs, then essentially a regular backup of this can be done for archiving. Also, Google Docs can host corporate email to provide a platform to include this in the archive
  1. Microsoft Office 365. Is also a popular choice for FINRA firms to integrate into their paperless office strategy, however to make it compliant an extra third party software must be purchased to allow secondary copies of data to be made. This is an extra cost of up to $500.00 per year. Also, Office 365 can host email and documents like Google for a fully hosted document storage solution
  1. ShareFile. This requires an extra add-in to make compliant. The ShareFile Sync application needs to be installed on a dedicated PC and configured to regularly make copies of data which can then be archived as per 17a-4

Supervising Cloud Data:

Once a process is in place to make secondary 17a-4 copies of cloud data, firms need to ensure they can properly supervise this data. Ideally, the same D3P that is performing the archiving of cloud data will also offer a supervisory interface which can access this data. However, this supervisory tool needs to have several key features for rule 17a-4:

  1. Indexing of Data. A method is needed to index cloud data once it’s stored with the D3P provider. This is important to make searches faster and to ensure all info is included in the archive
  1. Secure Access. Ideally, the archive will be accessed from one secure web interface. This allows compliance officers and other staff to easily share the supervisory responsibilities
  1. Downloading Sample Data. Compliance officers need to make copies of electronic records for auditors. And a proper supervisory tool will centralize the downloading of all data stored in the cloud such as emails, office documents, scanned records and key client databases
Allan Lonz
Allan Lonz
Allan Lonz, President and CEO of AdvisorVault is a veteran in the field with over 15 years experience providing data compliant solutions to the financial industry, especially for small firms. Recognizing that very few backup vendors understood the data compliance challenges of small broker-dealer firms, Allan created AdvisorVault - a remote backup company designed to provide his customers with a solution to ensure they meet all current rules from FINRA and the SEC. It includes all the hardware and software to remotely backup, archive and ensure disaster recovery of critical electronic records such as email, books and records and all other data at head office, branch offices and remote locations in accordance with rules 17a-3 and 17a-4. With Allan’s deep understanding of technology, compliance and finance he brings a unique mix of expertise that allows him to design a complete turn-key product. Priced at one small monthly fee, this "out-of-the-box " approach takes the burden off his customers shoulders and allows them to experience complete data compliance peace of mind simply and inexpensively.