Back to Blog

17a-3 & 17a-4 Cheat Sheet

Marketing Team

It may not grab the most headlines, but rules 17a-3 and 17a-4 (under the US Securities Exchange Act 1934) cannot be ignored by firms. These rules are symptomatic of post-crisis regulation, with stacks of legislation introduced by regulators around the world since 2008 and a greater requirement for thorough records to be made and maintained. In particular, rules 17a-3 and 17a-4 include a lot of specific requirements in what data is recorded by regulated firms and how. Firms should familiarize themselves with the full text of these rules, but in order to quickly ascertain what is required, we’ve created this concise cheat sheet on these rules. We support regulated firms across the financial services spectrum fulfil their record keeping responsibilities, so we hope you find our breakdown on these rules – and our insight – helpful.

Who do these rules apply to?

All persons engaged in trading securities as a broker/dealer, and persons associated with the business.

What do these rules demand?

The rules demand that broker/dealers employ electronic record-keeping, and may use any digital storage platform that strictly prohibits overwriting or erasure of their records. These records need to be kept for at least six years.

From June 2020, what’s different?

The SEC is introducing Regulation Best Interest (or Reg BI) which requires broker-dealers act in the best interest of retail customers. Reg BI includes a lot of new requirements but it’s important to know this will also impact recordkeeping rules 17a-3 and 17a-4.

What do you need to keep records of?

The records that brokers and dealers must keep include any and all “communications with the public” that are “relating to business as such.” All online communications, including websites and social media, are subject to FINRA’s general rules on communicating with the public. As such, financial services firms must retain records of all online communications that qualify as “business as such” activity.

Firms need to consider how they are recording:

• Trade tickets

• Copies of confirmations and notices

• Puts, calls, spreads, and proof of money balances

• Customer account profile information

• Corporate documents, trial balances, written agreements

• Compliance, supervisory, and procedures manuals

• Originals of all communications received by broker/dealers relating to its business

• Copies of all communications sent by broker/dealers relating to its business

How does this information need to be stored?

All records must also be time-stamped with a unique and sequential identification number, organized and indexed correctly, with duplicate copies stored separately from the originals. Indexes should also be duplicated and stored independently from the original index.

The new requirement under Reg BI

Specifically, for each retail customer to whom a recommendation is provided, a broker-dealer must create a record of all information collected from and provided to the retail customer (pursuant to Reg BI) and the identity of each registered representative responsible for the account. Like existing requirements under 17a-3 and 17a-4, these records must be retained for at least six years and in the same thorough and secure manner as already prescribed.

“Regulation Best Interest establishes a new standard of conduct for broker-dealers and their associated persons when making a recommendation of any securities transaction or investment strategy involving securities to a retail customer.

“Collectively, these regulatory actions bring the legal requirements and mandated disclosures for broker-dealers and investment advisers in line with reasonable investor expectations, while preserving retail investor access to a variety of investment services and products.”

- Jay Clayton, Chairman, SEC

I’m considering a tech solution, what does this need to be able to do?

Recently, FINRA laid out its priorities and within this special attention was paid to how firms use technology. Specifically, FINRA laid out plans to review whether firms have adequate governance in place to implement technology platforms and whether they have developed procedures and adequate controls to comply with relevant rules and regulations (including rules 17a-3 and 17a-4).

(A) allow storage of records in a non-rewriteable and non-erasable format,

(B) verify automatically the quality and accuracy of the storage media recording process,

(C) serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of

retention the information placed on such electronic storage media, and

(D) have the capacity to readily download indexes and records preserved on the electronic storage media.

Aside from tech, what else can be done to meet 17a-3 and 17a-4?

• Separate personal and business communications, e.g. by requiring associated persons to use separate messaging applications for business and private communications.

• Create a detailed social media policy. This policy should cover all aspects of social media communication – from which persons are authorized to update the company’s profile to the methods of archiving social media inquiries and complaints from their clients.

• Establish supervision requirements that include designated team members to monitor real-time client communications on interactive channels such as Twitter and Facebook posts.

Archive and monitor your web channels with MirrorWeb.

The MirrorWeb Platform allows you to archive your web and social media channels all in one place. Through the platform, you can set up automated archiving or capture snapshots of individual pages as they’re published. Plus, our technology also allows you to archive your approvals workflow, ensuring you maintain the highest standards in record-keeping compliance.

Request a demo and a member of our team will be in touch to show you:

• How to archive your online channels and search, filter and replay them at any time.

• How every archive is captured in a legally admissible format and time-stamped to prove authenticity.

• How to archive websites based on location and device type.

More from the Blog

Whatsapp Compliance, Self-Reporting, and Ripping off the Band-Aid

The SEC has incentivized firms to self-report on off-channel violations. We look into the process and its benefits.

Read Story

FINRA Report 2024: Recordkeeping Takeaways

Key recordkeeping teakeaways from the 2024 FINRA Annual Regulatory Oversight Report.

Read Story

How MirrorWeb Evolves with Demand

Adaptability is vital in the world of communications surveillance. This blog looks at MirrorWeb’s journey as a company, and why it's helped us be agile and reactive to a challenging regulatory landscape.

Read Story

See what we can do for you.

Let us show you why MirrorWeb is trusted by organizations across the globe for their compliance and digital preservation needs.