Xtiva launches Xtiva Vault to provide enhanced long-term data retention options
New service will provide SEC Rule 17a-4 compliant deep storage solution for investment firms to enhance long-term data retention and protection.
Records retention is an increasing priority for the SEC, FINRA and the other regulatory bodies. SEC Rule 17a-4 (part of the “Exchange Act”) spells out the records retention requirements for all broker-dealers. Regardless, if you are confident in your current retention regime, or your team continues to upgrade your program, here are some often overlooked information categories that likely meet the books and records standard under 17a-4.
In accordance with the latest regulatory guidance from FINRA, there are several new types of objects considered to be ‘communication records’. While these reflect the modern reality of text type messaging, in a more traditional sense, broker-dealers should also be aware that retaining any notations of discussions that are made ‘in application,’ or any records made within any of your business systems should also be embraced. Any relevant comments made in workflow would also fall under FINRA’s retention expectations. The term ‘digital communication’ covers an extremely broad range of data, encompassing any record objects generated from advice, analysis, or reporting functions provided by the broker-dealer. Examine all digital communications that relate to customer revenue, fees, expenses, and overrides in order to validate their retention status and avoid potential fines. If you operate under the assumption that any operations communication is at issue, it will lower your risks of a surprise finding.
These have been a headache-inducing component of the records retention process for longer than digital communications have. The regulator’s posture has been that written compensation agreements must be retained – after last use – ‘for a period of not less than three years, the first two years in an easily accessible place.’ It’s not difficult to foresee how a fast-moving organization may fail to adequately secure written records of compensation agreements, including all exception arrangements (FINRA 3103). Your compensation application or service provider should be able to offer you a preservation option for all the digital instructions and records of your compensation agreements. An audit may include not only validation of the compensation made to a registered representative, but also the commitments and directions provided to the rep by the broker-dealer. Help assure your compliance with 17a-4 by taking steps to retain all compensation agreement records. Read more on requirements for written compensation agreements in the official text for rule 17a-4 here.
Most broker-dealers have business records and trading activity spread across a number of books and records systems. While the core custodian typically manages license validation for the standard individual securities trades, direct to fund (as well as some fee and managed business) might not fall under the trade level validation of the core custodian. In this case, it is likely that some additional license validation is done during the compensation processing as a last line of defense. This can mean that licensing information, and indeed the compliance validation related to it, may happen in a variety of systems. All of these validation process results could reasonably consider as data subject to retention provisions. Many firms struggle to find, secure, and produce on-demand, adequate license validation records data as part of their data retention program. Ensure that your compensation system produces adequate validation records and commit those records to your retention regime.
Don’t under scope the breadth of your records retention obligations. Err on the side of a broader retention posture to mitigate your risk.