Whats an SEC 17a-4 Distributed Paperless Office?
A distributed paperless office is converting all documents to electronic, uploading them to the cloud, sharing them among clients, employees and partners for access to data anytime from anywhere.
However, when documents are initially scanned, where should they be stored? And once uploaded to the cloud, how can they be kept in their original format? And lastly, when they are stored in the cloud, how will they be indexed so that they can be easily searched and retrieved if requested by auditors? These questions must be answered before going paperless.
- Dropbox. This is probably the most popular cloud solution used by small firms and its actually quite easy to make this compliant because during installation creates a local folder on each PC which can then be backed up to a third party’s SEC compliant storage. It simply requires a user who has elevated privileges to the Dropbox folder structure
- Google Docs. Is another useful cloud solution suited to FINRA firms. However, to make Google Docs compliant an extra step is needed. The Google Drive is free and needs to be installed on a least one PC to get direct access to records uploaded to Google Docs, then essentially a regular backup of this can be done for archiving. Also, Google Docs can host corporate email to provide a platform to include this in the archive
- Microsoft Office 365. Is also a popular choice for FINRA firms to integrate into their paperless office strategy, however to make it compliant an extra third party software must be purchased to allow secondary copies of data to be made. This is an extra cost of up to $500.00 per year. Also, Office 365 can host email and documents like Google for a fully hosted document storage solution
- ShareFile. This requires an extra add-in to make compliant. The ShareFile Sync application needs to be installed on a dedicated PC and configured to regularly make copies of data which can then be archived as per 17a-4
Supervising Cloud Data:
Once a process is in place to make secondary 17a-4 copies of cloud data, firms need to ensure they can properly supervise this data. Ideally, the same D3P that is performing the archiving of cloud data will also offer a supervisory interface which can access this data. However, this supervisory tool needs to have several key features for rule 17a-4:
- Indexing of Data. A method is needed to index cloud data once it’s stored with the D3P provider. This is important to make searches faster and to ensure all info is included in the archive
- Secure Access. Ideally, the archive will be accessed from one secure web interface. This allows compliance officers and other staff to easily share the supervisory responsibilities
- Downloading Sample Data. Compliance officers need to make copies of electronic records for auditors. And a proper supervisory tool will centralize the downloading of all data stored in the cloud such as emails, office documents, scanned records and key client databases