<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=378468&amp;fmt=gif">

Our experts partner with compliance teams around the world to provide customizable, user-friendly software solutions designed to simplify every-day compliance processes while ensuring you meet the strictest regulatory standards.

Our system offers a host of benefits and reassurances for compliance leaders, compliance teams and technology specialists.

Automated conflict of interest detection and mitigation helps your compliance teams work better, faster and more effectively. The rigor of our reporting, surveillance, certification and security systems provides complete peace of mind for Chief Compliance Officers and board members.

Helping you to detect and prevent market abuses that could jeopardize your reputation and regulatory compliance. Actively manage insider lists and investigate employee trading in the context of current market activity and events.

Clear deals faster. Centralize deal data. Reduce your risk. Compliance Control Room lets you organize, manage, and monitor your firm's most important information flows from a single platform.

Whether for work or pleasure, it’s a mobile world. And a mobile workforce calls for mobile solutions. Introducing STAR Mobile. With STAR Mobile, employees pre-clear activity and report transactions on-the-go. Supervisors review escalated requests anywhere there’s a cell connection.

Helping you to actively manage employee trading in the context of market activity and events to guard against insider trading.

Create unlimited projects to easily manage and monitor dynamic lists of employees who have access to insider information.

Compliance Control Room's enterprise-level single platform centralizes all your firm's deal-related activity—letting you manage control room activities more efficiently and effectively.

Increase employee participation. Increase data accuracy. Increase responsiveness. STAR Mobile is a native app that makes compliance simple, easy, and convenient.

For The Record: 17a-4 Data Storage Regulation

Taking up the Rule 17a-4 data-storage challenge with people, process, and WORM tape

As federal regulations go, Rule 17a-4 sounds benign enough. But it's almost certainly been the cause of numerous ulcers for broker-dealers trying to deal with the rigorous data-retention requirements a 2003 Securities and Exchange Commission interpretation lays out.

Part of the Securities Exchange Act of 1934, Rule 17a-4 specifies how records created by broker-dealers—including financial accounting documents and communications with clients—must be kept as put down in 17a-4's companion rule, 17a-3. 17a-4 also prescribes how long those records must be kept.

Catching up somewhat belatedly to changes in technology, in 1997 the SEC amended Rule 17a-4 to allow broker-dealers to store records electronically. The amended rule didn't specify what type of media the records needed to be stored on, only that it "preserve the records exclusively in a non-rewriteable, non-erasable format."

The good old data days
At the time, this meant writing the data onto DVDs, CD-ROMS, or other optical discs—formats which, intrinsically, were unrewriteable once written on. In other words, the hardware itself was the data-integrity defender. As such, these types of media were clearly in compliance with the SEC's requirements of unalterable record storage.

But as technology continued to change, broker-dealers began asking the SEC if they could store their data on newer systems—systems that used hardware in tandem with software to make data unalterable on storage media that was otherwise built to be altered, like computer hard drives.

With the new data-storing technology, then, only software code would prevent users from making changes—something that may have started some SEC higher-ups on the road to their own ulcers. In the end, the agency's guidance on Rule 17a-4 as laid out in its 2003 interpretation was simply to set up-to-date standards non-rewriteable, non-erasable electronic storage media must meet, rather than specify the type of technology that can be used.

Not so fast
But that didn't make things suddenly straightforward for broker-dealers. Rule 17a-4 gets into plenty of specifics regarding how data must be kept, including how storage must:

  • Verify the quality and accuracy of the recording process automatically.
  • Serialize the original and, if applicable, duplicate units of storage media.
  • Time-date the required period of retention of the data stored.
  • Be able to download stored data to any medium acceptable to the SEC or enquiring SROs.

Additionally, systems that use software techniques like authentication policies, passwords, or other extrinsic security controls are not considered unalterable and are therefore noncompliant, as are systems that just create a “fingerprint” of a record based on its content. Rule 17a-4 gives broker-dealers a lot to manage from a technological and regulatory standpoint.

So let it be written, so let it be compliant
StarCompliance helps clients tackle this complex data-storage challenge by, first and foremost, taking a "save everything" approach—meaning the STAR Platform snapshots every data change on every table, and then saves the changes in a full history record. As such, it's always possible to see all data as it appeared at any point in the history of that record.

All data retained is stored in a relational database using Microsoft SQL Server. The SEC often discusses Rule 17a-4 storage requirements in terms of records being discrete documents. While this is true for some records, such as firm-client email communications, the situation is less clear for structured data that may be stored across many tables and have a number of different purposes.

Relational databases like Microsoft SQL Server are specifically designed to handle just such structured data. But even this exhaustive, data-savvy records-capture process doesn't in and of itself fully satisfy Rule 17a-4.

Up to this point in the process, it remains theoretically possible for a user with the appropriate level of access to modify data after the fact, so Star offers as an option a database backup to WORM tape. WORM is short for Write Once, Read Many. While magnetic tape is typically known as a rewriteable medium, WORM tape uses a hardware-software combination, like the kind mentioned earlier, to make a storage system that's verifiably unalterable and hence definitively Rule 17a-4 compliant.

Because of its reputation as a tamperproof data-storage system and its SEC friendliness, WORM tape has become a go-to Rule 17a-4 data-storage system.

Keep calm and carry on with your business
The STAR Platform also keeps a comprehensive index of database backups, and everything collected is encrypted, labeled, and stored in an offsite location—with all pertinent data readily retrievable if the SEC, FCA, FINRA, or other regulatory body a broker-dealer answers to comes calling.

Rule 17a-4 compliance needn't be daunting. Partner with people who know the ins and outs, and leave the ulcers to the SEC.

SHARE THIS STORY | |
With clients in more than 80 countries, StarCompliance is a global leader in financial compliance software. Our scalable, easy-to-use solutions provide a 360-degree view of employee and business activity to help firms monitor and reduce risk, meet regulatory obligations, gain efficiencies, and drive employee adoption. To see what Star can do for you, book a FREE demo now.

Search

Follow

Recent Posts

Subscribe to Blog