Are You Meeting SEC Record Retention Requirements?
Your financial services firm has to keep business records a certain way for a particular time. That’s because the Financial Industry Regulatory Authority (FINRA) and U.S. Securities and Exchange Commission (SEC) require it. But knowing these regulations is only the first hurdle. The second is implementing them. Does your document management service make it easy?
Who Has to Follow SEC Rules?
You’re likely well aware of whether FINRA or SEC rules apply to you. But as a refresher, 17 CFR §240.17a-4 applies to:
- Members of a national securities exchange who transact a business in securities directly with others than members of a national securities exchange
- Brokers or dealers who transact a business in securities through the medium of a member of a national securities exchange
- Brokers or dealers, including an OTC derivatives dealer
- Security-based swap dealers that are also brokers or dealers and
- Major security-based swap participants that are also brokers or dealers
Which Records Do You Have to Retain?
Record retention requirements apply to the records described in 17 CFR §240.17a-3, which include but aren’t limited to:
- Asset and liability, income, and other ledgers
- Securities records
- Memorandum of brokerage orders
- Memorandum of the purchase or sale of a security
- Puts, calls, spreads, straddles, and other options
- Money balances
- Confirmations and notices
- Canceled checks
- Customer account profile information
- Employment applications
- Employee records
- Email communications
- Website copy
- Social media posts
- Advertisements and marketing materials
- Audio and visual materials
If you’re in doubt about whether to retain a particular document, consider whether the record relates to your core business functions or to any of the services you provide your clients or customers. If it does, keep it. You’ll face compliance issues for failing to retain relevant records, There are no penalties for keeping superfluous ones, but that being said, you don’t want to keep everything forever. That strategy could lead to redundant, outdated, and trivial data and discovery challenges in the future.
Timelines for SEC Record Retention
You’ll find how long you have to keep particular records in 17 CFR §240.17a-4. The rule is detailed, and you—or, more likely your compliance officer—should work through it carefully.
You have to keep records identified in §240.17a-3(a)(1) through (3), (5), (21), and (22) for at least six years. These include blotters, asset and liability ledgers, securities records or ledgers, a record of people who can explain the records the firm keeps, and a record of each professional at a firm responsible for establishing regulatory compliance policies and procedures.
There’s a three-year requirement for other records, including but not limited to:
- Records related to §240.17a-3(a)(4), (6) through (11), (16), (18) through (20), and (25) through (31)
- Checkbooks, bank statements, canceled checks, cash reconciliations
- Bills receivable and payable
- Business communications
- Trial balances, computations of aggregate indebtedness and net capital, financial statements, branch office reconciliations, and internal audit working papers
- Guarantees of accounts and powers of attorney
- Written business agreements
- Documents related to securities; and
- Notices related to an internal broker-dealer system
All stored records must be easily accessible for the first two years, whether you have to keep them for at least three or six years.
Under §240.17a-4(c), you also have to keep any account cards or records related to the terms and conditions of the opening or maintenance of an account for six years after closing a customer’s account.
Most SEC record retention requirements are three or six years. However, a firm can find itself in trouble maintaining certain records for three years instead of six if there’s a misunderstanding or human error in its information governance program.
More Record Retention Requirements
The SEC requires you to keep records a certain way. They must be immutable, which means no one can alter, delete, or shorten the life of the file.
Another requirement is to store duplicates of the original records in a separate location. That way, if something happens to one facility or piece of equipment, you haven’t lost anything.
Additionally, authorized users have to be able to find records quickly. This requirement means you must index everything and provide users with an efficient search function.
And finally, you have to make someone a designated third party (D3P) for independent access to your records. Your D3P is an entity that can retrieve the records for a regulatory audit or by court order without your cooperation.
NetDocuments Makes SEC Compliance Easy
Financial services firms turn to NetDocuments, a leading Cloud document and email management service because it provides firms specific functions and features firms can use to comply with FINRA and SEC record retention requirements:
- Customizable retention periods
- Write Once, Read Many (WORM) repositories
- Multiple layers of encryption
- A robust document search feature with customizable access rights
- Data duplication across three geographically separate and highly secure data centers and
- NetDocuments’ D3P capability
If your firm is ready to partner with a FINRA-focused DMS, check out our guide to Finding the Right DMS for Your Firm.
"Great company, great products, great leadership, great people, great culture!"
"I love my team and peers. We are family, and we respect each other."
"NetDocuments encourages a good work/family balance."
"I feel respected and valued by leadership and my team."
"We work together and support/encourage each other to do our best work every day."
"From start to finish, my leaders are willing to guide me and let me try new things. This keeps work fresh, exciting, and fun so I don't burn out or get bored."
"I have clear direction in my work tasks and priorities. I also feel encouraged to put my family first and maintain a healthy work life balance."
"I work with highly motivated individuals who are smart and allow me to learn from them!"
"NetDocuments is committed to exceeding customer expectations by building leading products hosted in rock-solid environments."
"I'm empowered to try new things and think through processes and campaigns strategically. I can lean on my boss for support, but I'm not micromanaged, which is appreciated."