In October 2022, the Securities and Exchange Commission (“SEC”) adopted amendments to the recordkeeping rules applicable to broker-dealers, security-based swap dealers, and major security-based swap participants. The amendments impacting broker-dealers modify requirements regarding the maintenance and preservation of electronic records, the use of third-party recordkeeping services to hold records, the prompt production of records and designated FINRA as a designee for the SEC for certain provisions of the broker-dealer record maintenance and preservation rule. The compliance date for the proposed broker-dealer amendments is May 3, 2023.
Exchange Act Rules 17a-3 and 17a-4, as well as FINRA Rule 3110(b)(4) (Review of Correspondence and Internal Communications) and FINRA Rule 4511 (General Requirements) (collectively, Books and Records Rules) require member firms to, among other things, create and preserve, in an easily accessible place, originals of all communications received and sent relating to their “business as such” (e.g., emails, instant messages, text messages, chat messages, interactive blogs). This obligation applies to all member firms, including those that permit staff to use non-firm or third-party digital communications channels to conduct firm business.
Rule 17a-4 currently requires a broker-dealer to (i) notify FINRA before employing an electronic recordkeeping system; (ii) maintain and preserve electronic records exclusively in a non-rewriteable, non-erasable format (also known as a write once, read many (“WORM”) format); and (iii) engage a third party who has access to and the ability to download information from the broker-dealer’s electronic storage media to any acceptable medium under the rule. The third party must execute, and file with FINRA, written undertakings agreeing to, among other things, promptly furnish to the SEC and other securities regulators the information necessary to download records kept on the electronic storage media to any medium acceptable under Rule 17a-4. Additionally, the current rule does not address the utilization of cloud service providers, and broker-dealers who maintain their electronic recordkeeping systems and associated electronic records on servers or other storage devices that are owned or operated by a third-party, and remain exposed to regulatory issues related to the fact the third-party cloud service providers are unable to provide the undertaking required under Rules 17a-4 and 18a-6.
Summary of Amendments
The amendments modify the recordkeeping rules, and are intended to modernize and make them more adaptable to new electronic recordkeeping technologies. The amendments include:
- Eliminating the requirement that a broker-dealer notify FINRA before employing an electronic recordkeeping system for the first time.
- An audit-trail alternative to the existing requirement that firms preserve electronic records exclusively in a WORM format. The audit-trail alternative would require that the broker-dealer’s electronic recordkeeping system preserve electronic records in a manner hat permits the recreation of an original record if it is altered, over-written, or erased.
- Adding to the existing requirement in the broker-dealer recordkeeping rule that the firm hire a third party with the ability to access the firm’s electronic records, a new provision allowing firms to designate an executive officer, rather than an independent third party, to execute an undertaking that provides regulators with access to the firm’s electronic records. Additionally, the executive officer can appoint in writing up to two employees who are direct or indirect reports to fulfill the executive officer’s obligations if the executive officer is unable to fulfill those obligations. The employees must have the same ability as the executive officer to independently access and provide the records either directly or through a specialist who reports directly or indirectly to them. However, it is important to note that any broker-dealer that elects to use an electronic recordkeeping system, must have either a third party or an executive officer provide the written undertakings.
- Allowing an alternative undertaking for cloud service providers that is tailored to how they retain electronic records. The use of this alternative undertaking is subject to certain conditions, including that the records are maintained on an electronic recordkeeping system and the broker-dealer or SBS Entity has independent access to the records meaning, among other things, the broker-dealer is the owner of the information, and can access the records without the need of any intervention of the third party.
- Requiring that broker-dealers be able to produce electronic records in a reasonably usable electronic format that allows regulators to search and sort information on the records. This ultimately means that the record will need to be produced in an electronic format that is compatible with commonly used systems for accessing and reading electronic records.
The implementation of the amendments to the Record Keeping Rules will have an impact on broker-dealers, which will need to be addressed prior to the May 3rd compliance date of the amendments. They include in part:
- The amendments modify the language of the required undertakings under Exchange Act Rule 17a-4(f). As a result, all firms that are currently relying on Rule 17a-4(f) to preserve required records electronically must file new undertakings that include the new language with the SEC, and the service provider agreements may need to be amended to reflect the new requirements. This includes all firms that elect to continue using their current third-party access arrangements.
- Firms currently utilizing third-party cloud service providers and a traditional undertaking from that provider has not been filed with the SEC, either a traditional or alternative undertaking will need to be filed, and the service provider agreements may need to be amended to reflect the new requirements.
- Performing a review of the policies and procedures to address the requirements of the amended rule, including:
- Updating the recordkeeping obligations to address the requirements of the updated rule.
- Designation of principal and designees to supervise the record retention platform of the firm in the event the firm elects to not utilize a third-party service provider.
- Procedures and controls addressing the conversion of paper records to electronic records to verify the conversion process (i.e., comparing electronic and original records) to confirm that the electronic records are accurate.
- Including red flags that may indicate a registered representative is communicating through an unapproved communication channel and follow-up procedures related to same (e.g., email chains that copy unapproved representative email addresses, references in emails to communications that occurred outside approved firm channels or customer complaints mentioning such communications).