Rule 17a-4 Designated Third-Party Services

Services Provided

Maintain compliance with SEC Rule 17a-4 by partnering with Bluesource for D3P services.

• Bluesource will check to ensure the following tasks are in place and/or available:
  • Written, enforceable retention policies.
  • Searchable index of all data stored.
  • Data must be viewable and readily retrievable.
  • Storage of data on WORM (write once read many) electronic media.
  • Offsite storage of data
• Log in to each repository once every six months to keep access active. The customer must specify if logging in more frequently is necessary to maintain access.
• Draft and deliver a digital copy of the executed Letter of Undertaking (a.k.a. attestation letter). Customers may upload the letter to the Financial Industry Regulatory Authority (FINRA) Member Web Portal. A hard copy letter can be sent upon request.

The financial industry faces regulations under the Securities and Exchange Commission (SEC). The SEC enforces rules designed to protect investors, maintain fair markets, and promote transparency. The SEC covers everything from fraud, insider trading, pyramid schemes, and market manipulation. SEC Rule 17a-4 relates to electronic data security and states the requirement for Designated Third Party (D3P) services.

What is SEC Rule 17a-4?

Rule 17a-4 is a regulation under the Securities Exchange Act of 1934 outlining record-keeping requirements for financial institutions and broker-dealers.  Rule 17a-4 requires broker-dealers and institutions to retain their electronic records in a non-rewriteable, non-erasable format to ensure that records are retrievable for inspections and audits, even if the firm is unable or unwilling to do so. A Designated Third Party maintains access to data and can respond to requests from the SEC if the firm fails to provide the requested information.

Does SEC 17a-4 Apply To You?

SEC 17a-4 applies to broker-dealers and financial firms, including entities handling security-based swaps.

SEC 17a-4 Amendments: Audit-Trail and DEO

Amendments to SEC electronic recordkeeping rules expand the options for financial firms to maintain compliance.

Audit-trail Alternative to WORM

The new option allows broker-dealers to use an electronic recordkeeping system that maintains and preserves all versions of a record. Broker-dealers opting to follow the audit-trail requirement over the WORM requirement need to ensure there is the ability to retrieve an original record if it is modified or deleted.

Designated Executive Officer

Broker-dealers now have the option to assign a designated executive officer (DEO) to take on the same responsibilities as a designated third party. The DEO must be a member of senior management and have the knowledge, credentials, and necessary information to fulfill any records requests. While a DEO can appoint multiple officers or specialists to assist in any record retrieval, the role does add additional responsibilities.

DEO v D3P

DEOs are internal. They’re part of senior leadership. DOEs already have the knowledge of systems file organization, and access to records. They also have direct involvement and stake in a firm. There is a risk that comes with the personal connection. Internal reporting leaves room for a bias in favor of the broker-dealers, and conflicts of interest with reports and data.

A Designated Third-Party is neutral. There’s no direct connection to the firm or any deals or records. While DOEs fufill the role in addition to their job, D3Ps specialize in ensuring compliance and understanding SEC regulations.

Designated Third-Party Service Provider

As a Designated Third-Party Service Provider, Bluesource maintains access to retrieve data in response to unfulfilled SEC requests.  D3P Services ensures that financial institutions and dealer-brokers maintain compliance with SEC policies.

Stay prepared for SEC requests by testing and regularly assessing D3P access and the ability to retrieve data. Semi-regular logins ensure access remains active and ready to respond to a records request.

Failure to adhere SEC rules and regulations can result in disgorgement or repayment, suspension, and civil monetary fine of possibly millions or even hundreds of millions of dollars.