.jpg)
Several trade associations have asked the Securities and Exchange Commission (SEC) to update its broker-dealer electronic retention Rule 17a-4 by eliminating an outdated recordkeeping requirement known as WORM (write once, read many), examining authority notification, and third-party downloader requirements. In their place, the Associations proposed a rigorous retention standard that is technology-neutral and consistent with current business record management principles. The amendments would also harmonize the SEC rules with the correlating principles-based CFTC rules adopted in May 2017 which eliminated the WORM standard and third-party downloader requirements from CFTC.
“The 20-year old standards are outdated, costly, and no longer effectively provide investor protections,” said Melissa MacGregor, SIFMA Managing Director and Associate General Counsel. “Updating the Rule would align with the SEC’s FinTech initiatives by fostering innovation and investor access to markets, as well as promoting the industry’s technological advancement and competitive opportunities. In addition, harmonizing recordkeeping rules across the SEC and the CFTC would modernize electronic storage requirements.”
“A principles-based standard would enable broker-dealers to adopt appropriate technology solutions for their customers’ needs, while ensuring regulators have prompt access to records. The U.S. regulatory framework also would be improved because a harmonized standard would be efficient, effective, and appropriately tailored,” said Felicia Smith, FSR Vice President and Senior Counsel for Regulatory Affairs.
“Technology is continually evolving. By updating this Rule, the SEC would demonstrate they are responsive to these changes in technology that impact the industry,” said David Bellaire, the Financial Services Institute’s (FSI) Executive Vice President & General Counsel. “The updates would make the rule more effective and efficient in the current technological landscape and provide a solution to an issue FSI members have been facing for some time.”
Absent the SEC requirement, firms would not use WORM storage because it is inefficient and its only purpose is to satisfy this rule requirement. WORM storage is not an effective business continuity or cybersecurity defense tool because the nature of current complex records makes such use of the outdated technology impractical if not impossible. The Associations’ proposed retention standard would allow firms to take advantage of the most current retention technology available to a broad array of businesses and data types, more effectively secure regulatory records, and improve investor protection.
The Associations are also asking the SEC to eliminate a requirement to hire a third-party who has the access and the ability to download information from a broker-dealer’s electronic storage system. This presents a serious cybersecurity threat, as any time a firm allows unfettered access to another entity, the cyber risk increases. There are also privacy concerns about third-party access to customer data. Broker-dealers have internal resources to access their data whenever necessary, and are also registered entities that are required to provide information to regulators on demand, making paying a third-party costly and redundant.
The letter to the SEC is available at the following link: https://www.sifma.org/resources/submissions/sec-electronics-recordkeeping-requirements/
