The United States Securities and Exchange Commission (SEC) 17A mandates cover overall recordkeeping for the financial services industry. Rule 17a-3 covers document retention requirements—what documents must be retained and for how long. Rule 17a-4 regulates how these documents must be retained. In combination, Rules 17a-3 and 17a-4 require preservation of records in an easily accessible manner.
General electronic document retention requirements are:
For a digital document management solution to meet these requirements, it must allow readily available access to both scanned images and digitally-archived electronic documents without permitting alteration to the underlying images. The system should be flexible enough to meet a firm’s written compliance policies, and should have instant search and retrieval functionality to locate documents requested by regulators.
If copies of documents are provided on CD or DVD to regulators, the CD or DVD should have a viewer and index included on the disc to enable viewing and searching on any computer, even if document management software isn’t installed. A digital document management system should also enable documents and indexes to be stored on any indelible and non-rewritable WORM media, such as CD or DVD, to meet disaster recovery and third party storage requirements. (Please note that SEC-registered advisory firms are not subject to third-party storage rules.)
For more detailed information about both SEC 17a-3 and 17a-4 regulations and their implications for document management, specifically digital document management solutions, click here .
Part f of Rule 17a-4 states that electronic storage media may be used, but requires you to inform your self-regulatory organization (SRO) prior to implementing any electronic recordkeeping solution, at least 90 days prior to use. If you plan on using electronic storage media, you must be able to represent on your own, either with assistance from your vendor or from a consultant of suitable expertise, that the media meets electronic document retention requirements.
With the advent of computer technology, including word processing software, spreadsheet and financial software and e-mail programs, as well as hardware devices and other media to store electronic information, the SEC updated these rules to include provisions for storage on electronic media. In 2001, the SEC released “Electronic Recordkeeping by Investment Companies and Investment Advisers,” Release Nos. IC-24991 and IA-1945, which amended electronic recordkeeping rules 31 a-1 and 204-2, expanding the ability of financial advisors to use electronic storage media to maintain and preserve records. Under the revised rules, advisors are permitted to maintain records electronically if they establish and maintain procedures to safeguard the records from loss, alteration or destruction; limit access to the records to authorized personnel; and ensure that scanned paper records are complete, true and legible.
For advisors or firms that are dually registered with FINRA, document management requirements are identical to SEC requirements. FINRA, however, requires registered representatives to submit a copy of your firm’s imaging procedures, along with the notification letter. For a sample FINRA notification letter, click here .
Why Scanning PDFs into Windows Isn’t Compliant
If you are scanning PDFs into your Windows Directory—or using a basic, cloud-based storage service—you are opening your firm to increased risk and liability for two reasons:
To access the sample letters and a worksheet that will help your firm develop your document management procedures, download your copy of the whitepaper, “ How Digital Document Management Solutions Support Compliance .”