I’ve noticed recently that the 17a-4 electronic records request is causing serious problems for small FINRA firms. Particularly, when they’re asked for a sample data set that can range from Word docs to scanned records, emails, databases or even systems state for disaster recovery. The firm then has to login to their 17a-4 archive, download this data to a disk and hand it over to the regulator on the spot. The problem is, many firms’ electronic records are now so dispersed that gaps often appear in their archive or certain data simply isn’t included because the tech department makes changes such as adding new employees without compliance knowing.
Therefore, before I put the AdvisorVault 17a-4 Remote Data Archiving solution in place as part of our FINRA designated third party (D3P) obligations, I take the time to show firms a few tricks to help them automate the archiving of electronic records to close these gaps.
Centralizing 17a-4 Data Archiving:
When it comes to achieving SEC rule 17a-4, it’s important to understand the basics of what’s expected. Despite all the confusion surrounding data compliance today, FINRA firms simply need to accomplish three things: (1) Archive data relating to books and records, emails and systems for disaster recovery, (2) store this archive with a designated third party for seven years and, (3) make sure this data can be made available to regulators during an audit. Doing these three things will solve 90 percent of a firm’s data compliance worries, the rest is simply procedures and documentation of the above.
Firstly, firms need to centralize their books and records before they archive them with their FINRA D3P. For example, when using cloud storage such as Dropbox, OneDrive or Google Drive my advice is to use the sync folder option as the default save for all registered. This option, included with all cloud storage products, places a local folder on each computer that is used to save electronic records created by each person in the firm which are then saved in the same cloud folder. By doing this, all data for 17a-4 retention is stored centrally which AdvisorVault can easily make compliant in one step.
Furthermore, this sync folder can be used to consolidate the storage of other important data that must be archived to the designated third party for 17a-4. Such as scanned electronic records, client database backup dumps or exports from the CRM, while a at the same time, helping firms create a truly compliant paperless office with access to electronic records to anyone, from anywhere. While in the end, keeping compliance officers and auditors happy.
To automate email archiving for 17a-4 records retention and supervision, I suggest using cloud email hosting from Office 356 or Gmail but with the journaling feature enabled. Journaling automatically forwards all incoming and outgoing emails from the cloud provider to AdvisorVault which are then retained for seven years in their original format; the two critical things regulators want to see. Furthermore, if any email new accounts are added, journaling automatically captures them in real-time, without the need for compliance or tech support to manually add them into their 17a-4 archive.
Finally, to automate disaster recovery as part of FINRA’s business continuity planning requirements, AdvisorVault includes ShadowProtect to schedule full image copies of customers’ physical or virtual servers. These images are then transferred to our remote 17a-4 storage each time they are created. The key here for disaster recovery is that any version of a server image can be booted or run directly from our cloud for immediate access. This in turn to helps businesses minimize downtime since their physical servers won’t be up during a disaster. As an extra measure, ShadowProtect allows for granular restores of individual files or database if needed during recovery.
Small FINRA firms are having problems today with the 17a-4 electronic records request because gaps often appear in their 17a-4 data archiving process. The solution is to centralize data before its archived by using the cloud sync option, journaling, and ShadowProtect so that their D3P has one area for archiving and retention of data as required by rule 17a-4, in the end, the compliance officer will be able to download anything requested by the regulator when they arrive for the regular electronic records request.
AdvisorVault, designed for small firms, is the only FINRA designated the third party to provide (D3P) who has created a complete solution for 17a-4 data archiving. For one flat monthly fee, we ensure the remote backup, retention, and supervision of all electronic records for 17a-4 with full disaster recovery as part of the business continuity planning requirements. A complete, turnkey compliance solution – out of the box.