How Can FINRA Firms Make the Cloud 17a-4 Compliant?
The cloud surely is a viable option for small FINRA firms to store data. Broker-Dealers for example can effectively use it to share documents among employees, partners and customers. However, they need to understand that storing data in the cloud by default is not 17a-4 compliant simply because data can be modified at any time by anyone. Therefore extra steps need to be taken, however each cloud service has a different method to make it compliant.
For example, Dropbox creates a synchronized local folder on each PC its installed on. So it is a simple matter of transferring this data to a FINRA designated provider. ShareFile on the other hand requires that customers install a tool to connect to its cloud and synchronize data to a local folder. This tool is free and can be scheduled to run constantly and make secondary copies of cloud data for compliance.
Microsoft Office 365 on the other hand requires customers to purchase a third party tool to synchronize their data, while other cloud providers, like Livedrive simply don’t have a method to make compliant copies of data stored with them.
No matter what cloud provider FINRA firms choose to store electronic records, their data is not protected nor is it properly archived, they have to understand a couple take extra steps are needed: make secondary copies of cloud data, then choose a D3P that can properly archive this data so it is retained on 17a-4 compliant storage.