Back to Blog

A Complete Summary of SEC 17a-3 and 17a-4

Marketing Team


Like all regulators, the Securities & Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) are determined to keep regulatory breaches and oversights to an absolute minimum. And, especially in the years following the financial crisis, they have introduced stacks of new regulations to help them do this.

Two key regulations that show just how seriously the SEC are taking their mandate, and how high a standard they are holding regulated firms to, are 17a-3 and 17a-4 (nestled in subsection 17a of the US Securities Exchange Act 1934). If you’re a broker/dealer, or tied to the regulation in another form of capacity, you need to know them inside out.

These SEC rules are around the need for broker/dealer books and record requirements (think of them as a more extensive version of the FINRA 4511 rule).

Keeping records is a part of the day-to-day in every business but the demand within financial services is much higher and these regulations require broker/dealers to create and preserve comprehensive records of each securities trade.

This includes documents, emails, fax messages, instant messages and other types of written and digital communications. Not only do these records need to be easily accessible and absolute (as dictated by 17a-3), but they need to be retained for at least six years and time-stamped (with 17a-4 giving guidance on how these records need to be retained).

The latter regulation requires that data be stored in formats that can't be rewritten or erased, and duplicate copies of messages must be stored in separate locations.

Short on time? We’ve created a comprehensive cheatsheet on 17a-3 and 17a-4 to help you understand everything about these crucial rules and how to meet them. To grab your copy, simply click here.

Additionally, all data must be indexed and ready for an audit at any time by the SEC, with audit logs that document access to messages. These regulations have been updated over the years to keep up with how the industry is evolving and since 2017 have included new rules on text messaging and social media communications.

The penalties behind 17a-3 and 17a-4


All regulations are important but these two directives carry additional emphasis as they are integral to the SEC’s investor protection function.

Having an undeniable record of everything can not only help firms keep track of their business activities, but provide clarification in times of confusion, ensure trades are being carried out responsibly on the investors’ behalf and allow the regulators to monitor the marketplace. Concise and reliable records could also be invaluable in the event of an investigation or dispute.

Falling foul of 17a-3 and 7a-4 is a serious matter, with fines upwards of $150,000 and potential bans and suspensions for individuals and companies alike.

In 2017, FINRA fined BOK Financial Securities $175,000 for failures linked to these regulations and later that same year fined Raymond James & Associates $150m for failing to maintain reasonably designed supervisory systems and procedures for reviewing communications. The following year, BGC Financial agreed to pay a $1.25m civil penalty over charges from the SEC it had failed to preserve proper records (the firm denied any wrongdoing via this settlement).

The message is clear – the broker/dealers will either have to invest in complying with 17a-3 and 17a-4 or spend the money on penalties instead.


How challenging is it meeting these regulations?

Complying with 17a-3 and 17-a4 is easier said than done.

In such a crowded and efficient market as the US, there are hundreds of thousands of trades being executed every single day. While technology has dramatically enhanced the speed and efficiency of doing business, it has also reduced the margin for error and firms have to ensure they are operating at maximum capacity (to not only give their clients some competitive advantage but to also stay ahead themselves).

The regulations in subsection 17a require records of each of these trades including all the digital communications pertaining to them. As discussed, the scope of these regulations has widened and broker/dealers are now expected to keep tabs on a greater number of information points while keeping ahead of an increasingly competitive marketplace.

The SEC doesn’t want firms to simply pay lip service to 17a-3 and 17a-4. The thorough level of data they expect to see recorded could make a crucial difference in the event of a breach or significant market event. With such serious penalties at the regulator’s disposal, firms can’t afford to get this wrong.

From June 2020, what's different?

The SEC is introducing Regulation Best Interest (or Reg BI) which requires broker-dealers act in the best interest of retail customers. Reg BI includes a lot of new requirements but it’s important to know this will also impact record-keeping rules 17a-3 and 17a-4.


What records do you need to keep?


The records that brokers and dealers must keep include any and all “communications with the public” that are “relating to business as such.” All online communications, including websites and social media, are subject to FINRA’s general rules on communicating with the public. As such, financial services firms must retain records of all online communications that qualify as “business as such” activity.

Firms need to consider how they are recording:

  • Trade tickets
  • Copies of confirmations and notices
  • Puts, calls, spreads, and proof of money balances
  • Customer account profile information


Please note, this isn't an exhaustive list. To see further detail along with the most up to date information, please take a look at our SEC 17a-3 and 17a-4 cheat sheet here.


How can firms meet these regulations?

Satisfying 17a-3 and 17a-4 comes down to two main things: internal systems and technology.

With the first, firms have to ensure – like with all regulations – they know what is required and have processes and systems in place to meet them. Regulations are a fact of life in financial services so it is helpful for everyone to understand them, know what they need to do to stay compliant and embrace them in the day-to-day business activity.

With the second, technology is now an unavoidable part of compliance and can enhance a firm’s efficiency in meeting its regulatory responsibilities. The SEC has provided additional guidance to how technology can help firms achieve 17a-4 compliance in the snappily named release ‘34-47806, 17 CFR Part 241’ or ‘Electronic Storage of Broker-Dealer Records.’ In summary, technology used to support 17a-4 must:

(A) allow storage of records in a non-rewriteable and non-erasable format,
(B) verify automatically the quality and accuracy of the storage media recording process,
(C) serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media, and
(D) have the capacity to readily download indexes and records preserved on the electronic storage media.

Fortunately, there is an area of RegTech that has been around for some time that is able to satisfy this record-keeping requirement: web and social media archiving.

How archiving solves 17a-3 and 17-a4


The expert archivers out there will be well acquainted with just how powerful digital archiving can be to address compliance and brand preservation challenges. However, for those newer to the world of archiving, we’ll quickly dive into the process.

Web archiving is the process of capturing an authentic record of your website’s entire digital footprint, and as you’ve probably guessed, social media archiving is the same process but for each of your social media channels.

Web pages typically have a shelf life of 90 days, but with modern-day websites the content is often dynamic and refreshed more regularly. This means a business may not only have hundreds of web pages, but they also have personalised content that changes based on different users visiting.

Learn how to capture and store immutable records of your website and social content with our guide.

As you can imagine, capturing and archiving these pages can become a nightmare for compliance and marketing teams who need to retain records of all promotions and communications delivered internally and externally.

With so much data to monitor and retain, an archiving platform captures this information and ensures a complete and accurate record is safely stored in a legally admissible format. Teams can then utilise the platform for auditing purposes with the ability to revisit the archives from any date and time.

It’s not just for compliance either, brands are archiving for brand preservation and to capture their digital history (something which many brands are at risk of losing). This also allows marketing teams to uncover insights by analysing their digital footprint from any point in time.

Leading financial services firms are using the MirrorWeb Archiving Platform to help solve these challenges. The platform enables you to capture, archive and monitor electronic communications to meet the compliance requirements of MiFID II, FCA, GDPR and FINRA.



More from the Blog

Whatsapp Compliance, Self-Reporting, and Ripping off the Band-Aid

The SEC has incentivized firms to self-report on off-channel violations. We look into the process and its benefits.

Read Story

FINRA Report 2024: Recordkeeping Takeaways

Key recordkeeping teakeaways from the 2024 FINRA Annual Regulatory Oversight Report.

Read Story

How MirrorWeb Evolves with Demand

Adaptability is vital in the world of communications surveillance. This blog looks at MirrorWeb’s journey as a company, and why it's helped us be agile and reactive to a challenging regulatory landscape.

Read Story

See what we can do for you.

Let us show you why MirrorWeb is trusted by organizations across the globe for their compliance and digital preservation needs.