Six Features of the SEC 17a-4 Consolidated D3P

A Consolidated Designated Third Party or D3P is a solution offered by a single provider, priced at one flat monthly fee that contains everything needed to achieve all the electronic records archiving requirements of SEC 17a-4.
 
NEW YORK - Nov. 21, 2014 - PRLog -- Introduction

By Allan Lonz, President AdvisorVault.org, www.advisorvault.org.

Small FINRA firms can't spend thousands of dollars a year trying to keep compliant with SEC rule 17a-4; they must continually find ways to keep this cost low as possible, and one way is to use a Consolidated D3P (Designated Third Party) service.

A Consolidated Designated Third Party or D3P is a solution offered by a single provider, priced at one flat monthly fee that contains everything needed to achieve all the electronic records archiving rules of SEC 17a-4 regulation. This means the D3P chosen by the FINRA firm, such as a broker-dealer does the actual data backup and archiving and performs all the other functions needed as the designated third party downloader service.  By using this kind of provider, the whole compliance process is simplified, thus, making audits easier to pass with a large reduction in the cost of compliance. However, when searching for this kind of provider, FINRA firms need to ensure six key features are included.

Six Features of a 17a-4 Consolidated D3P Service:

1. Email Archiving.
 Firstly, the Consolidated D3P will perform the archiving of email.  This is important because during the FINRA electronic records request, it is the first thing auditors will want to see as part of the 17a-4 electronic records supervision process. Additionally, it's important that the provider performing the email archiving can also offer advanced email hosting features to such as virus/spam filtering, encryption, mobile device coverage, and full web based search capability of the email archive with hosted Microsoft Exchange as an option for advanced collaboration.

2. Books and Records Archiving.  Once a full email archiving process is in place, FINRA members need to make sure data contained in the books and records is properly archived with the D3P.The key here also is to make sure all this data is easily stored in an SEC format compliant with the electronic records archiving rules of SEC 17a-4. Therefore, the D3P has to have an automate method to connect to all these various systems, make a copy of the data stored on them so it can be transferred to 17a-4 compliant storage. In addition, the D3P also has to offer the FINRA firm a few added features to achieve the ongoing supervisory rules of 17a4:

- Daily Alerts and Reporting. Compliance officers and key personnel need to receive regular reports of the data archiving process done by the D3P.  Reports as well as regular emails showing what data has been archived will form a critical part of the FINRA firms' supervisory process so it can be proven to regulators during an audit

- Sample Data Sets. Similarly to email, regulators will ask for a sample data set contained in the firms Books and records. FINRA firms, such as broker-dealers will be asked to provide a sample of data being archived with the D3P, this should be a simple process that compliance officers perform themselves during an audit.

- Secure Consolidated Access. The D3P should also have a secure consolidated web interface that compliance offers and other key personnel can use to search as well as download sample data sets to their computes so they can make copies of this data to DVD which can be given to auditors when requested.

3. Disaster Recovery.  Because the D3P is performing the backup and archiving of critical systems and other electronic records, they should also perform disaster recovery as required by FINRA firm's business continuity plan regulation. Firstly, the systems state of critical systems must be protected. The systems state allows for bare metal restore of systems so that applications and their configuration can easily be transferred to new servers if the current ones are completely destroyed.  Secondly, any records on servers, PC on mobile devices or in the cloud must be recoverable at any time and lastly the D3P needs to have a process in place to make emails available during a disaster, either through direct download or using a secondary web access.

4. Electronic Records Supervision.  To ensure full compliance with SEC rule 17a-4 FINRA firms must have a tool to perform the ongoing supervision of electronic records, and to be able to access their data archive during an audit. Therefore, the D3P should include a secure web interface which provides compliance officers and other key employees the ability to access and download electronic records to their hard drives so that sample copies of data can be made for regulators on the spot. In addition, this supervisory tool needs to have automatic indexing built into it so that searches can be done quickly and all data is included to provide full seven year access to data as required by SEC rule 17a-4 for FINRA electronic records retention compliance.

5. The 17a-4 Third Party Downloader.  As part of their service, the D3P must be able to access the FINRA firm's data archive. In addition, they need to download any data in a format readable by auditors.  This is critical because archiving data as required by SEC rule 17a-4 can be a complex technical undertaking that auditors don't want firms to miss the mark on, so as a result they need to rely on a secondary third party that has the technology to offer FINRA firms such as broker-dealers the ability to properly outsource the archiving of electronic records so they are retained and accessible in their original format.

6. Documentation.  As their final obligation, the D3P must provide four compliance documents to their customers, they need to create: (1) A Service Level Agreement, (2) the 17a-4 3rd Party Storage Provider Letter, (3) the 17a-4 Broker Dealer Letter and (4) a document outlining their disaster recovery procedures.

Summary:
Choosing a vendor that offers a consolidate D3P service is one of the best ways for small FINRA firms to simplify and keep the cost of achieving SEC rule 17a-4 low as possible.  However, it's important that they understand the key requirements which must be included in the solution because in the end the goal is to pass FINRA audits effectively while avoiding unnecessary fines, therefore maintaining the highest level of customer confidence at all times.

About AdvisorVault
AdvisorVault is the only remote backup provider that helps small financial firms achieve today's stringent data compliance requirements surrounding electronic records archiving and supervision. With our designated third-party status (D3P) we help our customers with rules 17a-3 & 17a-4, as well as the supervisory and disaster recovery demands contained in FINRA rules 3510 and 3010. For one flat monthly fee the service includes everything needed to ensure today's audits are successfully passed.

AdvisorVault Contact:
Allan Lonz, President
AdvisorVault Inc.
alonz@advisorvault.org
www.advisorvault.org
Direct: 416-985-0310
Toll free: 1-866-732-1407

Contact
AdvisorVault
***@advisorvault.org
End
Source: » Follow
Email:***@advisorvault.org Email Verified
Tags:17a-4, FINRA Archiving, SEC records retention, Broke-dealer Data Compliance
Industry:Business, Technology
Location:New York City - New York - United States
Subject:Services
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Page Updated Last on: Jan 13, 2017
AdvisorVault PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share