Electronic Storage of Books and Records FAQs
SEC Rule Reference 17a-3 and 17a-4

Summary:  Most firms are aware that some books and records may be stored in electronic format. What records need to be preserved? In a word: everything. For how long? Six years for securities blotters, financial ledgers and bank and brokerage accounts of the firm, all brokerage transactions for all customers and the firm, and securities ledgers; three years for most everything else.

Am I required to store records electronically? 
No, but if you use paper storage, you must be able to immediately produce any stored records requested by a regulator.

If I select electronic storage, what are the criteria?
Whatever type of medium is selected for storage, it must meet the following criteria:

What exactly is “micrographic format” and “electronic storage media”? 
Micrographic format includes microfilm and microfiche, and electronic storage media includes, but is not limited to, CD-ROMs, optical discs, DVDs and tape backups, whether maintained by the firm or an outside vendor. 

What must my backup system be capable of?
In addition to not being able to be overwritten, the system must index the information with times and dates that the information was stored. It also must be duplicated, with the copies stored separately from the original, along with a duplicate index. Further, the backup system must be tested and audited to ensure:

…and you must preserve the audit results for examination by regulatory staff.
           
Firms must have in place an audit system providing for accountability regarding inputting of records pursuant to Rule 17a-3

In the SEC’s view, storage systems that use software programs that attempt to mitigate tampering with electronically stored records are not compliant with the Rule.  For example, systems with passwords or authentication codes do not maintain records in a manner that is non-rewriteable and non-erasable as they do not entirely prevent a record from being changed or deleted. For further discussion of this, please see SEC Interpretive Release 34-47806

When and how do I have to notify FINRA that I am using electronic storage? 
You must notify FINRA 90 days in advance by filing notification through the CRD Gateway system and include a representation that the electronic storage medium meets the guidelines of 17a-4(f)(2) as well as a Third Party Access Representation if your firm is going to be using a third party for exclusive storage of records.

For further information please refer to FINRA’s online tutorial at http://apps.finra.org/tutorials/portal/esm/htm

Can an affiliated company or parent company provide my storage for me?
No. If you use an outside vendor for storage, it must be an unaffiliated company. For further information see NASD NtM April 2003, pg. 225

Can I use paper AND electronic storage? 
Yes, but if you switch exclusively to electronic storage, you must notify FINRA 90 days in advance.

What about Blackberry or PDA emails and text messages, am I required to store those?  If so, how?
Yes you are required to store ALL communication from EVERY source. The easiest way is to route your Blackberry messages through your company’s email server and prohibit text messaging as there is no way to capture text messaging.

Emails sent through Bloomberg and other systems should also be sent through your email system, either through blind copies or a third-party service, to ensure that they are being captured and retained in accordance with your policies and applicable rules.

What about my firm’s financial information – how does it need to be stored and backed up?
Again, if you are using electronic storage, everything needs to be backed up:

For more information on electronic storage or assistance in finding a third-party provider to assist with your back-up or download requirements, please contact your Compliance Partners account manager at 603-434-3594.

Back to top

Back to Newsletter