Six Features of an SEC 17a-4 Consolidated D3P
How to Choose Your FINRA (D3P)
Small FINRA firms can’t spend thousands of dollars a year trying to keep compliant with SEC rule 17a-4; they must continually find ways to keep this cost low as possible, and one way is to use a Consolidated Designated Third Party (D3P) service.
What is a D3P?
A Consolidated Designated Third Party or D3P is a solution offered by a single provider, priced at one flat monthly fee that contains everything needed to achieve all the electronic records archiving rules of SEC 17a-4 regulation. This means the D3P chosen by the FINRA firm, such as a broker-dealer does the actual data backup and archiving and performs all the other functions needed as the designated third party downloader service. By using this kind of provider, the whole compliance process is simplified, thus, making audits easier to pass with a large reduction in the cost of compliance. However, when searching for this kind of provider, FINRA firms need to ensure six key features are included.
Six Features of a 17a-4 Consolidated D3P™ Service:
1. Email Archiving. Firstly, the Consolidated D3P will perform the archiving of email. This is important because during the FINRA electronic records request, it is the first thing auditors will want to see as part of the 17a-4 electronic records supervision process. Additionally, it’s important that the provider performing the email archiving can also offer advanced email hosting features to such as virus/spam filtering, encryption, mobile device coverage, and full web based search capability of the email archive with hosted Microsoft Exchange as an option for advanced collaboration.
2. Books and Records Archiving. Once a full email archiving process is in place, FINRA members need to make sure data contained in the books and records is properly archived with the D3P.The key here also is to make sure all this data is easily stored in an SEC format compliant with the electronic records archiving rules of SEC 17a-4. Therefore, the D3P has to have an automate method to connect to all these various systems, make a copy of the data stored on them so it can be transferred to 17a-4 compliant storage. In addition, the D3P also has to offer the FINRA firm a few added features to achieve the ongoing supervisory rules of 17a4:
– Daily Alerts and Reporting. Compliance officers and key personnel need to receive regular reports of the data archiving process done by the D3P. Reports as well as regular emails showing what data has been archived will form a critical part of the FINRA firms’ supervisory process so it can be proven to regulators during an audit
– Sample Data Sets. Similarly to email, regulators will ask for a sample data set contained in the firms Books and records. FINRA firms, such as broker-dealers will be asked to provide a sample of data being archived with the D3P, this should be a simple process that compliance officers perform themselves during an audit.
– Secure Consolidated Access. The D3P should also have a secure consolidated web interface that compliance offers and other key personnel can use to search as well as download sample data sets to their computes so they can make copies of this data to DVD which can be given to auditors when requested.
3. Disaster Recovery. Because the D3P is performing the backup and archiving of critical systems and other electronic records, they should also perform disaster recovery as required by FINRA firm’s business continuity plan regulation. Firstly, the systems state of critical systems must be protected. The systems state allows for bare metal restore of systems so that applications and their configuration can easily be transferred to new servers if the current ones are completely destroyed. Secondly, any records on servers, PC on mobile devices or in the cloud must be recoverable at any time and lastly the D3P needs to have a process in place to make emails available during a disaster, either through direct download or using a secondary web access.
4. Electronic Records Supervision. To ensure full compliance with SEC rule 17a-4 FINRA firms must have a tool to perform the ongoing supervision of electronic records, and to be able to access their data archive during an audit. Therefore, the D3P should include a secure web interface which provides compliance officers and other key employees the ability to access and download electronic records to their hard drives so that sample copies of data can be made for regulators on the spot. In addition, this supervisory tool needs to have automatic indexing built into it so that searches can be done quickly and all data is included to provide full seven year access to data as required by SEC rule 17a-4 for FINRA electronic records retention compliance.
5. The 17a-4 Third Party Downloader. As part of their service, the D3P must be able to access the FINRA firm’s data archive. In addition, they need to download any data in a format readable by auditors. This is critical because archiving data as required by SEC rule 17a-4 can be a complex technical undertaking that auditors don’t want firms to miss the mark on, so as a result they need to rely on a secondary third party that has the technology to offer FINRA firms such as broker-dealers the ability to properly outsource the archiving of electronic records so they are retained and accessible in their original format.
6. Documentation. As their final obligation, the D3P must provide four compliance documents to their customers, they need to create: (1) A Service Level Agreement, (2) the 17a-4 3rd Party Storage Provider Letter, (3) the 17a-4 Broker Dealer Letter and (4) a document outlining their disaster recovery procedures.
Choosing a vendor that offers a consolidate D3P service is one of the best ways for small FINRA firms to simplify and keep the cost of achieving SEC rule 17a-4 low as possible. However, it’s important that they understand the key requirements which must be included in the solution because in the end the goal is to pass FINRA audits effectively while avoiding unnecessary fines, therefore maintaining the highest level of customer confidence at all times.
What Financial Professionals Are Saying About AdvisorVault
“AdvisorVault was at the top of the list when we looked at our entire disaster recovery/compliance/archiving/
anti-spam platform and vendors…we eventually consolidated everything with them”
“AdvisorVault was simple! They even helped us with the FINRA 17a-4 attestation letters; we immediately scraped whatever we’ve backed up so far with our other provider and started with them”
“AdvisorVault made it really simple to archive all our data. They even connected into our cloud provider and made sure this was 17a-4 compliant”
“The way AdvisorVault approaches data backup and archiving, we replaced our current backup solution fully with them to recover servers from failure”
“I’m pleased so far with how helpful and insightful they have been to work with and our firm made a good decision to switch our backup functions, email SPAM and archiving to AdvisorVault”
“Once we took a close look at AdvisorVault, we immediately engaged them for our data and email archiving. Additionally, they hosted a full Exchange email solution for records retention and supervision”
“AdvisorVault made it very easy for us to implement a compliant backup and archiving solution to archive electronic records on our PCs and on the server at head office.”
“As soon as we received FINRA approval of our BD registration, we launched AdvisorVault, they told us exactly how we should move forward with our data archiving to meet the D3P requirements”