The Do's and Don'ts of Record Retention (B2BC) Tuesday ... · PDF fileFINRA Annual Conference...

© 2016 Financial Industry Regulatory Authority, Inc. All rights reserved. 1

The Do's and Don'ts of Record Retention (B2BC) Tuesday, May 24 1:45 p.m. – 2:45 p.m. Designed for compliance professionals who are new to the financial industry, this Back to Basics Compliance session covers the fundamentals of recordkeeping obligations, issues to consider when deciding whether to outsource recordkeeping functions, record retention requirements relating to electronic communications and the use of electronic storage and encryption. The session will also spotlight timely issues facing compliance professionals in this area, including the use of social media, web conferencing and cloud storage. Join panelists as they identify requirements for member firms under FINRA and SEC rules and share effective practices to help firms in their compliance efforts. Moderator: Afshin Atabaki Associate General Counsel FINRA Office of General Counsel Panelists: Evan Charkes

Managing Director and Associate General Counsel Bank of America

Meredith Cordisco Assistant General Counsel FINRA Office of General Counsel

Harry Striplin Chief Compliance Officer Umpqua Investments, Inc.


The Do's and Don'ts of Record Retention (B2BC) Panelist Bios: Moderator: Afshin Atabaki is Associate General Counsel in FINRA’s Office of General Counsel, Regulatory Practice and Policy. In this capacity, he renders legal advice and support to FINRA management and staff in connection with regulatory initiatives and develops and interprets FINRA rules. His areas of regulatory expertise include recordkeeping requirements. Mr. Atabaki graduated Phi Beta Kappa, cum laude, from the University of Maryland, College Park, with a B.A. in History and received his law degree from Cleveland-Marshall College of Law. Panelists: Evan Charkes is Managing Director and Associate General Counsel for Bank of America, and supports the US Merrill Lynch Wealth Management Advisory business. In that role, Evan provides advice on securities laws, rules, and regulation to the management teams and Financial Advisors for those businesses. Mr. Charkes has spent a significant portion of his career supporting wealth management businesses, including at Citi, where he was a Managing Director and Deputy General Counsel. Mr. Charkes has also spent a portion of his career supporting banking related businesses for global banks, including as a Director of Financial Holding Company Compliance for Morgan Stanley, and as a Deputy General Counsel for Citi’s Commercial Business Group. Mr. Charkes started his career as a litigation associate in private practice in New York City. He is currently the co-chair of the SIFMA Compliance and Regulatory Policy Committee and former co-chair of the SIFMA Self-Regulation and Supervisory Practices Committee. He is also a former member of the FINRA Compliance Advisory Committee and FINRA International Committee. Mr. Charkes is a frequent contributor to the New York Law Journal and Wall Street Lawyer, and is a graduate of Georgetown University Law Center and Columbia College. Meredith Cordisco is Assistant General Counsel with FINRA’s Office of General Counsel. In this capacity, she provides legal guidance on policy initiatives, rule changes and interpretations in various areas, including regarding new issues and spinning, private securities transactions and outside business activities. Before joining FINRA, Ms. Cordisco was counsel in the Securities Litigation and Enforcement group at WilmerHale, where she focused her practice on complex securities enforcement investigations. Ms. Cordisco received her B.S., summa cum laude, in International Business and French from Mount St. Mary’s University in Emmitsburg, Maryland, and her J.D., summa cum laude, and M.B.A., cum laude, from Villanova University. Following her studies, Ms. Cordisco clerked for the Honorable Eduardo C. Robreno on the U.S. District Court for the Eastern District of Pennsylvania. Harry Striplin is the Chief Compliance Officer for Umpqua Investments, Inc., a small firm headquartered in Portland, Oregon. He has been with Umpqua Investments for six years. Mr. Striplin has more than 33 years of experience working at small firms and more than 23 years serving as a Chief Compliance Officer in the small firm environment. He has served as a member of FINRA’s District 3 Committee, the Securities Industry Regulatory Council on Continuing Education and has been a panelist at FINRA securities conferences. Mr. Striplin has been a member of the Securities Industry Continuing Education Content Committee for over 17 years. Mr. Striplin serves as an arbitrator for FINRA Dispute Resolutions and has achieved his Certified Regulatory and Compliance Professional™ (CRCP™) certification through the FINRA Institute at Wharton.

FINRA Annual Conference

May 23–25, 2016 • Washington, DC

The Do’s and Don’ts of Record Retention

May 24, 2016 at 1:45 p.m. – 2:45 p.m.

FINRA Annual Conference © 2016 FINRA. All rights reserved.

Moderator

Afshin Atabaki, Associate General Counsel, FINRA Office of General Counsel

Panelists

Evan Charkes, Managing Director and Associate General Counsel, Bank of America

Meredith Cordisco, Assistant General Counsel, FINRA Office of General Counsel

Harry Striplin, Chief Compliance Officer, Umpqua Investments, Inc.

1

Introduction


Click on the schedule icon on the home screen

Choose The Do’s and Don’ts of Record Retention

session

In the lower right there is an icon:

iPhone – Bubble with a bar graph

Android – Thumbs up

– Click on that to see polling questions and responses.

2

To Access Polling


Recordkeeping Fundamentals

Types of records, retention periods and permissible retention formats

Outsourcing

Issues to consider, including due diligence requirements, obligations of third-party recordkeeping service, termination of the relationship

Electronic Communications and Records

Archiving electronic communications, use of cloud storage, security and related issues, web conferencing, social media and other non-email electronic communications

3

Program Overview


Broker-dealers may have a variety of business-related books and records (e.g., corporate travel documents).

But only a finite number are required books and records under the federal securities laws and self-regulatory organization (SRO) rules (e.g., trade blotters).

Sources of required books and records:

Federal securities laws: Section 17(a)(1) of Exchange Act and associated rules, including SEA Rules 17a-3 and 17a-4

SRO rules: For example, FINRA Rule 4511 (General Requirements), MSRB Rules G-8 and G-9

4

Recordkeeping Fundamentals


Required Securities and Exchange Commission (SEC) records include:

Trade blotters, asset and liability ledgers, income ledgers, customer account ledgers, securities records, order tickets, trade confirmations, trial balances, various employment-related documents, customer account records and communications relating to a broker-dealer’s “business as such.”

Required SRO records include:

Specified communications with the public (e.g., retail and institutional communications), representations relating to initial public offering (IPO) allocations, records of public appearances by research analysts.

5

Recordkeeping Fundamentals (cont’d)


Broker-dealer communications include:

Originals of communications received and copies of

communications sent by a broker-dealer (including internal

communications) relating to its business as such, including

communications with the public subject to SRO rules and sales

scripts.

6



Retention periods for required books and records vary depending on the type.

For example:

– Exception reports must be retained for at least 18 months after the date the reports were generated

– Order tickets must be retained for at least 3 years

– Specified records relating to customer accounts must be retained for at least 6 years

FINRA Rule 4511 provides a default 6-year retention period for those FINRA books and records that do not otherwise have a specified retention period under FINRA rules or the Exchange Act.

7



Recordkeeping Formats

Firms may store required books and records in one of three

formats:

– Paper;

– Micrographic media (microfilm, microfiche or any similar medium); or

– Electronic storage media (ESM).

8



Recordkeeping Formats (cont’d)

Books and records may also be converted from one

permissible format to another.

– For example, an original paper record may be converted to an electronic

record for retention on ESM.

– When converting from a paper record to an electronic record, the broker-

dealer should have procedures to verify the conversion process (i.e.,

compare the electronic copy with the original to ensure that the electronic

copy is accurate, complete and readable).

9




SEA Rule 17a-4(f) sets forth specific conditions applicable to

micrographic media and electronic storage media (ESM).

The following apply to ESM: (1) firm notification; (2) ESM

representation; (3) audit system; (4) ability to access records

and indexes; (5) third-party access representation; (6) retrieval

facility; (7) facsimile enlargement; (8) duplicate copy; and (9)

organized and available indexes.

Items 6 through 9 also apply to micrographic media.

10




Firm Notification:

– Notify Designating Examining Authority (DEA) before first use

– If non-optical disk technology, notify DEA at least 90 days before first use

– Optical disk is a direct-access disk written and read by light, such as a

CD-ROM

11




ESM Representation – ESM meets the following conditions:

– Preserve records in non-rewritable, non-erasable format (also referred to as "Write-Once, Read-Many" or "WORM" format)

– Verify automatically the quality and accuracy of the recording process (i.e., verify that the records are accurately recorded to the storage media, and that there are no errors in the recording process)

– Serialize (e.g., sequentially label) the ESM unit(s) and time-date records

– Have capacity to readily download stored records and indexes to an acceptable medium

The ESM representation may come from the broker-dealer, a storage medium vendor or other third-party with appropriate level of expertise.

12




Third-Party Access Representation

– A firm that maintains the official or primary copy of some or all of its required records exclusively on its own ESM must have an independent third party file an undertaking with the firm’s DEA that provides that the third party can provide access to records stored on the firm’s ESM.

– The third-party access representation is designed to ensure that required records remain accessible by providing that a third party with the appropriate knowledge and expertise will have access and ability to download information at regulators’ request.

– The third party need not have day-to-day direct access to the member’s records, but it must represent that it will standby to assist in accessing the member’s records as needed.

– If the third party is no longer in business, the representation is invalidated because the third party will not be available to assist the regulators in accessing the firm’s records.

13



In-House vs. Outsourced

Decision Point – The choice will determine what rules apply.

Important to remember: Outsourcing does not relieve broker-

dealer of responsibility; ultimate responsibility rests with the

firm.

All retention periods and formats attach as if the function was

performed by the firm.

15

Outsourcing


Firm must conduct due diligence analysis of vendor.

Firm’s supervisory system and written supervisory procedures

must address the outsourcing of recordkeeping, including

specific policies and procedures that monitor the service

provider’s compliance with the terms of any agreements and

assess the service provider’s continued fitness and ability to

perform activity.

If recordkeeping service is employing ESM, it must be

compliant with SEA Rule 17a-4(f)’s conditions (e.g., WORM

format).

16

Outsourcing (cont’d)


Representations and Disclosures (regardless of

format)

Recordkeeping Representation – Recordkeeping service must:

– File a separate representation, as set forth in SEA Rule 17a-4(i), with the

SEC that records are property of broker-dealer; must be surrendered

promptly upon request.

– Undertake to permit examination of records by SEC and furnish records

promptly.

17



Firm Notification and ESM Representation – If the recordkeeping service is using ESM to store a member’s records, the member must file the relevant notices and representations pursuant to SEA Rule 17a-4(f) with FINRA.

Disclosure – Member must provide the appropriate disclosures regarding such an arrangement on its Form BD.

Recordkeeping Obligations of Introducing Firms

An introducing firm is not required to prepare or maintain records of transactions that are customarily prepared and maintained by a carrying and clearing firm, provided that the carrying and clearing firm meets specified net capital requirements.

18



However, introducing firms must prepare and maintain for the retention periods specified in the recordkeeping rules those required records that carrying and clearing firms are not customarily preparing or maintaining on their behalf (e.g., general ledgers, account opening records and customer order tickets).

A carrying and clearing firm may act as a recordkeeping service for those books and records that must be prepared and maintained by the introducing firm.

FINRA Rule 4311 requires that the carrying agreement specify the responsibility of each firm with respect to the maintenance of books and records.

19



Termination of Recordkeeping Relationship

Books and records must be returned to broker-dealer to be

retained for the remainder of retention period (either by broker-

dealer or another recordkeeping service).

Recordkeeping service cannot dispose of a broker-dealer’s

books and records as a result of payment disputes or contract

termination.

20



Archiving Electronic Communications

Firms are not required to store electronic communications to ESM on an immediate and real-time basis.

However, firms must protect the integrity of records from the time the record is created or received throughout the applicable retention period.

Firms that choose not to store electronic communications on ESM on an immediate and real-time basis must ensure that the communications are not altered or deleted before being transferred to ESM for retention purposes.

Inadequate to rely on each employee to retain his or her own electronic communications.

21

Electronic Communications and Records


In the Cloud

Members may use a cloud storage system that prevents the overwriting, erasing or otherwise altering of a record during its required retention period through the use of integrated hardware and software control codes. This would be consistent with the WORM requirement.

A cloud storage system that only mitigates the risk that a record will be overwritten or erased is inadequate. For example, systems that use software applications to protect electronic records, such as authentication and approval policies, passwords or other extrinsic security controls.

Firms that use integrated hardware and software control codes to comply with the WORM requirement should have, among other procedures, senior management level approval of how the storage media complies with this requirement.

22

Electronic Communications and Records (cont’d)


Security and Related Issues

Firms have a regulatory obligation to keep customer data

secure and implement appropriate systems to do so.

Firms are also required to adopt policies and procedures that

are reasonably designed to ensure the security and

confidentiality of customer records and information.

23



Security and Related Issues (cont’d)

Encrypt and Decrypt

– While firms may use an encrypted format to store required records for

data security purposes, it is prudent for them to have, among other

measures, procedures for encryption key management.

– Encryption key management will allow firms to provide readable records

to regulators in a timely manner.

24




Cybersecurity - In light of risks of cyberattacks, it is prudent for members to, among other steps:

– Establish and implement a cybersecurity governance framework that includes defined risk management policies, processes and structures;

– Perform cybersecurity risk assessments and develop cybersecurity controls tailored to the nature of the risks that firm faces;

– Develop, implement and test incident response plans;

– Exercise strong due diligence over relationships with recordkeeping service providers; and

– Effectively train staff on cybersecurity and cyberattacks.

25




Wi-Fi, Bluetooth, Remote Access (e.g., VPN) - These and similar technologies may raise concerns regarding the security of customer information.

Before permitting associated persons to use these types of technologies, firms must implement appropriate measures to secure customer information. In doing so, firms should consider whether:

– Policies and procedures adequately address the technology currently in use;

– The firm has taken appropriate technological precautions to protect customer information;

– The firm is providing adequate training to employees;

– The firm is conducting, or should conduct, periodic audits to detect potential vulnerabilities in systems.

26



Web Conferencing

Firms may use web conferencing, which provides for live interaction

with participants, to communicate with customers and internally.

In general, web conferencing with the public, including with

customers, is treated similarly to a public appearance for purposes

of FINRA rules relating to communications with the public.

27



Web Conferencing (cont’d)

For record retention purposes, firms are not required to retain a recording of the live interaction. Firms should note, however, that records used in connection with a web conference (e.g., use of a sales script) may be treated differently.

In addition, firms that use web conferencing to satisfy other regulatory requirements should ensure that they comply with the underlying requirements of those rules. For example, firms that use web conferencing for the annual compliance meeting must ensure that associated persons attend the meeting and are able to interact with the presenter(s).

28



To Tweet or Not to Tweet

Firms that allow communications through social media must first ensure they can retain records as required by SEC and SRO rules. The recordkeeping requirements apply to all communications received by a firm or its associated persons relating to its business as such.

Content is determinative, not the form, and the determination depends on facts and circumstances.

29



To Tweet or Not to Tweet (cont’d) The recordkeeping requirements apply to third-party posts to a firm’s or

an associated person’s social media sites, even if the firm or the individual has not adopted or become entangled with the post.

A firm or associated person cannot sponsor a social media site or use a communication device that includes technology that automatically erases or deletes the content.

A firm’s policies and procedures must include training and education regarding the differences between business and non-business communications and measures required to ensure that required business communications are retained, retrievable and supervised.

30


© 2016 Financial Industry Regulatory Authority, Inc. All rights reserved.

- 1 -

Filing Notifications and Representations Using FINRA’s Electronic Storage Media Form (*For firms that have FINRA as their Designated Examining Authority)

(The form can be accessed through FINRA’s Firm Gateway)

SEA Rule Description Filed By Authored By File With When to File How to File

Rule 17a-4(f)(2)(i) Firm Notification

Broker-Dealer

Broker-Dealer FINRA Optical Disk Storage Media: must be filed before first use. Non-Optical Disk Storage Media: must be filed at least 90 days before first use.

Step 1: The member must provide a description of the electronic storage media that it intends to use, including whether the electronic storage media is optical disk or non-optical disk. Step 2: The member must provide the date it intends to employ the electronic storage media. Members that intend to employ non-optical disk storage media should make sure that this date is at least 90 days in the future.


- 2 -


Rule 17a-4(f)(2)(i) Electronic Storage Media Representation

Broker-Dealer

Broker-Dealer; Storage Medium Vendor; or Other Third Party with Appropriate Level of Expertise

FINRA Same as above.

Step 1: On the form, the member must indicate (by marking the appropriate circle) whether the Electronic Storage Media Representation is authored by the member itself, a Storage Medium Vendor, or Other Third Party with Appropriate Level of Expertise.

Step 2: The Electronic Storage Media Representation must include the following language: [Broker-Dealer Name] will use the following type(s) of electronic storage media to retain required records: [Specific Type(s) of Electronic Storage Media (e.g., CD-ROM)]. [Broker-Dealer Name, Name of Storage Medium Vendor or Name of Third Party with Appropriate Level of Expertise] represents that [Broker-Dealer Name]’s electronic storage media meets the conditions set forth in Rule 17a-4(f)(2)(ii) under the Securities Exchange Act of 1934.

Step 3: The member must attach the Electronic Storage Media Representation electronically as indicated on the form.


- 3 -


Rule 17a-4(f)(3)(vii) Third-Party Access Representation

Broker-Dealer (but only if the broker-dealer stores the official or primary copy of some or all of its required records exclusively on its own electronic storage media)

Independent Third-Party (that has access to and the ability to download information from the broker-dealer’s electronic storage media)

FINRA Same as Above.

Step 1: The Third-Party Access Representation must include the following language: [Name of Independent Third-Party] hereby undertakes to furnish promptly to the U.S. Securities and Exchange Commission (“Commission”), its designees or representatives, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer, upon reasonable request, such information as is deemed necessary by the staffs of the Commission, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer to download information kept on the broker's or dealer's electronic storage media to any medium acceptable under Rule 17a-4. Furthermore, [Name of Independent Third-Party] hereby undertakes to take reasonable steps to provide access to information contained on the broker's or dealer's electronic storage media, including, as appropriate, arrangements for the downloading of any record required to be maintained and preserved by the broker or dealer pursuant to Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 in a format acceptable to the staffs of the Commission, any self-regulatory organization of which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer. Such arrangements will provide specifically that in the event of a failure on the part of a broker or dealer to download the record into a readable format and after reasonable notice to the broker or dealer, upon being provided with the appropriate electronic storage medium, [Name of Independent Third-Party] will undertake to do so, as the staffs of the Commission, any self-regulatory organization of


- 4 -


which it is a member, or any State securities regulator having jurisdiction over the member, broker or dealer may request. Step 2: The member must attach the Third-Party Access Representation electronically as indicated on the form.


The Do's and Don'ts of Record Retention (B2BC) – General Overview1

I. Introduction

Section 17(a)(1) of the Securities Exchange Act of 1934 (“Exchange Act” or “SEA”) requires registered broker-dealers to make, keep, furnish and disseminate records and reports prescribed by the Securities and Exchange Commission (“SEC”). The SEC books and records rules applicable to broker-dealers, SEA Rules 17a-3 and 17a-4, specify minimum requirements with respect to the records that broker-dealers must make, how long those records and other documents relating to a broker-dealer’s business must be kept and in what format they may be kept. The SEC requires that broker-dealers create and maintain certain records so that, among other things, the SEC, self-regulatory organizations (“SROs”) and state securities regulators may conduct effective examinations of broker-dealers.

FINRA also has specific recordkeeping rules. In addition, FINRA is responsible for, among other things, enforcing compliance by its members and their associated persons with the SEC books and records rules applicable to broker-dealers, the Municipal Securities Rulemaking Board (“MSRB”) recordkeeping rules, as well as the recordkeeping rules of FINRA.

Maintaining complete and accurate books and records is required in order to operate in the securities industry. There are numerous rules and requirements in this area as well as firm-specific guidance that dictate the capture and retention of electronic communications, such as email and instant messages, as well as hard copy records. Registered representatives, supervisors and compliance officers need to understand these regulations and adhere to them and their firm’s guidance when conducting their business.

II. What Are Books and Records?

In general, books and records are the books, accounts, records, memoranda, correspondence and other documentation or information that firms have to make and preserve in accordance with the federal securities laws, MSRB rules, FINRA rules and all other applicable

1 This information is for general educational and informational purposes. The books and records

requirements discussed, including the lists of books and records in Attachment A, are not

intended to be exhaustive. Rather, the information provides background on some of the

applicable SEC and FINRA books and records requirements. In addition, the rules may change

from time to time; thus, you always should review the actual text of the rules for compliance

purposes and specific guidelines.

Further, firms should be aware that depending on their business, in addition to SEC and FINRA

books and records requirements applicable to broker-dealers, they may be subject to other books

and records requirements, including, but not limited to, MSRB Rule G-8 (Books and Records to

be Made by Brokers, Dealers, Municipal Securities Dealers, and Municipal Advisors), anti-

money laundering recordkeeping requirements and registered investment adviser books and

records requirements.


laws, rules and regulations. The recordkeeping rules require firms to retain, among other records, communications relating to their “business as such,” and include trade blotters, asset and liability ledgers, income and expense ledgers, capital account ledgers, customer account ledgers, securities records, order tickets and trade confirmations. These recordkeeping requirements are intended, in part, to provide regulators with the ability to access and review such records. As noted, this overview only focuses on some of the applicable SEC and FINRA books and records requirements.

A. General Requirements

FINRA Rule 4511 (General Requirements) requires firms to: (1) make and preserve books and records as required under the rules of FINRA, the SEA and the applicable SEA rules; and (2) preserve the books and records required to be made pursuant to the FINRA rules in a format and media that complies with SEA Rule 17a-4. In addition, FINRA Rule 4511 requires firms to preserve for a period of at least six years those FINRA books and records for which there is no specified retention period under the FINRA rules or applicable SEA rules. This six-year retention period is a default retention period for those FINRA rules that require firms to preserve certain books and records, but do not specify a retention period, and where there is no retention period specified under the SEA rules. In the absence of contrary guidance in a rule, if the books and records pertain to an account, the retention period is for six years after the date the account is closed; otherwise, the retention period is for six years after such books and records are made.

1. Integrity of Books and Records

Firms are required to store legible, true, accurate and complete copies of their books and records and to protect the integrity of the books and records from the time the books and records are created or received throughout the applicable retention period. Alteration, falsification and destruction of required books and records are serious violations.

2. Recordkeeping Format or Medium

Firms may store their books and records in one of three formats or media:

• paper form;

• on micrographic media (microfilm, microfiche or any similar medium); or

• on electronic storage media.

Micrographic media and electronic storage media are subject to specific conditions, which are discussed under SEA Rule 17a-4(f).

3. Retention Period

The retention period for firms’ books and records varies. All firms must have policies and procedures that address recordkeeping obligations, including retention periods. You must follow the SEC and FINRA books and records requirements, and your individual firm’s policies, which may require longer retention periods.

4. SEC and FINRA Books and Records Requirements

SEA Rules 17a-3 and 17a-4 contain some of the books and records that broker-dealers are required to create and retain.

In addition to the recordkeeping requirements of FINRA Rule 4511, the following are some of the other FINRA recordkeeping rules:


• FINRA Rule 2210: Communications with the Public

• FINRA Rule 2241(d)(3): Research Analysts and Research Reports; Disclosure in Public Appearances

• FINRA Rule 2360(b)(23)(C)(iii): Options; Requirements; Tendering Procedures for Exercise of Options; Allocation of Exercise Assignment Notices

• FINRA Rule 5130(b): Restrictions on the Purchase and Sale of Initial Equity Public Offerings; Preconditions for Sale

B. Supervision

FINRA Rules 3110 (Supervision) and 3120 (Supervisory Control System) require firms to establish, maintain and enforce supervisory systems and written supervisory procedures reasonably designed to comply with their recordkeeping obligations. In addition, firms are required to periodically review and update their recordkeeping written supervisory procedures and to have appropriate written supervisory control procedures to test and verify that those recordkeeping supervisory procedures are reasonably designed to comply with applicable recordkeeping laws and regulations and FINRA rules and to update or amend them if necessary.

C. Consequences

Failure to meet FINRA, SEC and firm recordkeeping requirements may result in serious consequences for firms and their associated persons, including fines and other disciplinary actions.

III. Electronic Storage Media (“ESM”)

A. SEA Rule 17a-4(f) Compliant ESM

The records required to be maintained and preserved pursuant to SEA Rules 17a-3 and 17a-4 may be immediately produced or reproduced on micrographic media (microfilm or microfiche, or any similar medium) or ESM (any digital storage medium or system) that meet the conditions set forth in SEA Rule 17a-4(f) and may be maintained and preserved for the required time on such media.

ESM must meet the following conditions:

1. Firm Notification

The broker-dealer must notify its Designated Examining Authority (“DEA”) that it will use ESM before using ESM for the first time. If the broker-dealer plans to use ESM that is not optical disk technology, SEA Rule 17a-4(f) requires the broker-dealer to notify its DEA at least 90 days before its first use of such storage media. An optical disk is a direct-access disk written and read by light, such as a CD-ROM.

2. ESM Representation

The broker-dealer must provide to its DEA a representation that the selected ESM meets the following conditions:

• preserves the records exclusively in a non-rewriteable, non-erasable format;

• verifies automatically the quality and accuracy of the storage media recording process;


• serializes the original and, if applicable, duplicate units of the storage media and also time-dates for the required retention period the information stored on it; and

• has the capacity to readily download stored records and indexes to any medium acceptable under SEA Rule 17a-4(f) as required by the SEC or SROs of which the broker-dealer is a member.

This representation may come from the broker-dealer or from a storage medium vendor or other third party with the appropriate level of expertise.

3. Audit System

The broker-dealer must have an audit system that identifies when original and duplicate records are input on to the storage medium and when any changes to existing records are made. In addition, SEC and SRO staffs must be able to examine the results of such audit system, and the broker-dealer must retain the audit results for the same amount of time required for the audited records.

4. Access to Records and Indexes

The broker-dealer is required to retain, keep current and surrender upon request by the SEC or SRO staffs all the information needed to download stored records and indexes. Alternatively, the broker-dealer may place in escrow and keep current a copy of the physical and logical file format of the storage medium, the field format of all different information types written on the storage medium and the source code, together with the appropriate documentation and information necessary to access records and indexes.


5. Third-Party Access Representation

If the broker-dealer stores some or all of its required records exclusively on ESM, the broker-dealer also must have a third-party file an undertaking (exactly as specified in SEA Rule 17a-4(f)(3)(vii)) with the broker-dealer’s DEA to the effect that the third party can provide access to records stored on the broker-dealer’s ESM.

In addition, both ESM and micrographic media must meet conditions 6 through 9 below:

6. Retrieval Facilities

The broker-dealer must have available facilities that allow SEC and SRO staffs to locate or readily access the appropriate records, read them and produce or download them.

7. Facsimile Enlargements

The broker-dealer must be able to immediately provide any facsimile enlargement of the record that the SEC, SRO or state securities regulator may request. For instance, if a record is stored in a scaled-down size, the broker-dealer must be able to provide an exact enlargement of the record upon request.

8. Duplicate Copy

The broker-dealer must store a duplicate copy of the record separately from the original. The duplicate copy may be stored on any of the three formats or media acceptable under SEA Rule 17a-4 (i.e., paper form, micrographic media or electronic storage media). The duplicate copy must be stored for the same amount of time as the original record.

9. Indexes

The broker-dealer must accurately organize and index all information maintained on both the original and any duplicate storage media. The broker-dealer must be able to have such indexes available for examination by the SEC and SRO staffs. The broker-dealer also must store a duplicate copy of the index separately from each original index. The original and duplicate indexes must be stored for the same amount of time as the underlying indexed record.

IV. Outsourcing

A broker-dealer may use a recordkeeping service to maintain the broker-dealer’s required records. However, firms have a continuing responsibility to oversee, supervise and monitor the recordkeeping service’s performance of covered activities, and they must have in place specific policies and procedures to monitor the recordkeeping service’s compliance with the terms of any agreements and assess the service’s continued fitness and ability to perform the activities being outsourced. Firms should also ensure that their policies and procedures provide for the due diligence analysis of the recordkeeping service provider to determine whether the recordkeeping service is capable of performing these functions, particularly in light of the risks of cyberattacks. Further, ultimate responsibility lies with the firm. For a detailed discussion of additional outsourcing issues and cybersecurity practices, see Notice to Members 05-48 (July 2005) (Members’ Responsibilities When Outsourcing Activities to Third-Party Service Providers) and FINRA Report on Cybersecurity Practices (February 2015).

In addition, if a broker-dealer’s required records are maintained by a recordkeeping service, the recordkeeping service must file with the SEC a written undertaking pursuant to SEA Rule 17a-4(i) and the broker-dealer must provide the appropriate disclosures regarding such an arrangement on its Form BD (Uniform Application for Broker-Dealer Registration).


V. Electronic Communications

Books and Records Rules Pertaining to Electronic Communications

SEA Rule 17a-4(b)(4) requires that a broker-dealer retain originals of all communications received and copies of all communications sent by the broker-dealer relating to its “business as such” for at least three years, the first two years in an easily accessible place. See FINRA Rule 3110.09 (Retention of Correspondence and Internal Communications). This requirement applies to all electronic communications relating to the firm’s business, including emails and instant messages. See Notice to Members 03-33 (July 2003) (Clarification for Members Regarding Supervisory Obligations and Recordkeeping Requirements for Instant Messaging).

Significantly, this requirement covers both external and internal electronic communications relating to the firm’s business. An email between registered representatives in the same firm is one example of an internal electronic communication. Furthermore, the requirement equally applies whether the electronic communication was received or sent through a member’s or a third-party’s platform or system. Firms may not permit the use of any type of electronic communication if they are unable to satisfy the applicable recordkeeping requirements with respect to that particular type of electronic communication.

In general, FINRA and SEC rules do not prohibit the use of non-firm email systems or accounts to conduct firm business provided that the firm captures and retains the emails as it would with emails emanating from its own email system or account.

Firms also have an obligation to supervise electronic communications relating to their business and ensure the privacy of such communications. See Notice to Members 05-49 (July 2005) (Safeguarding Confidential Customer Information); Regulatory Notices 10-06 (January 2010) (Guidance on Blogs and Social Networking Web Sites) and 11-39 (August 2011) (Guidance on Social Networking Websites and Business Communications); and FINRA Report on Cybersecurity Practices (February 2015).


The Do's and Don'ts of Record Retention (B2BC) -- Attachment A

List of SEC Books and Records Requirements [Note: This is not an exhaustive list.] The following are some of the books and records that broker-dealers are required to create and retain in accordance with Rules 17a-3 and 17a-4 under the Securities and Exchange Act of 1934 (“SEA”). This is not a complete list of books and records requirements.

SEA Rule 17a-3 SEA Rule 17a-3(a)(1): Blotters or Similar Records

Blotters (or other records of original entry) containing an itemized daily record of:

All purchases and sales of securities.

All receipts and deliveries of securities (including certificate numbers).

All receipts and disbursements of cash and all other debits and credits.

Such records must show:

Account for which each such transaction was effected.

Name and amount of securities.

Unit and aggregate purchase or sale price (if any).

Trade date.

Name or other designation of the person from whom purchased or received, or to whom sold

or delivered.

Retention Period: Six years (the first two years in an easily accessible place); Source: SEA

Rule 17a-4(a).

SEA Rule 17a-3(a)(2): Firms’ General Ledgers

Ledgers (or other records) reflecting:

All assets and liabilities.

Income and expense.

Capital accounts.


Rule 17a-4(a).


SEA Rule 17a-3(a)(3): Customers’ Accounts

Ledger accounts (or other records) itemizing separately as to each cash and margin account of every

customer and of the broker-dealer and partners thereof:

All purchases, sales, receipts and deliveries of securities and commodities for such accounts.

All other debits and credits to such account.


Rule 17a-4(a).

SEA Rule 17a-3(a)(4): Secondary or Subsidiary Records (not records of original entry)

Ledgers (or other records) reflecting the following:

Securities in transfer.

Dividends and interest received.

Securities borrowed and securities loaned.

Monies borrowed and monies loaned (together with a record of the collateral therefor and any

substitutions in such collateral).

Securities failed to receive and failed to deliver.

All long and short securities record differences arising from the examination, count,

verification and comparison pursuant to SEA Rules 17a-5, 17a-12, 17a-13 (by date of

examination, count, verification and comparison showing for each security the number of long

or short count differences).

Repurchase and reverse repurchase agreements.

Retention Period: Three years (the first two years in an easily accessible place); Source: SEA

Rule 17a-4(b).

SEA Rule 17a-3(a)(5): Securities Record or Ledger (Position Records)

A securities record or ledger reflecting separately for each security as of the clearance dates all “long” or

“short” positions (including securities in safekeeping and securities that are the subjects of repurchase or

reverse repurchase agreements) carried by the broker or dealer for its account or for the account of its

customers or partners or others and showing the location of all securities long and the offsetting position

to all securities short, including long security count differences and short security count differences

classified by the date of the physical count and verification in which they were discovered, and in all

cases the name or designation of the account in which each position is carried.


Rule 17a-4(a).

SEA Rule 17a-3(a)(6): Memoranda of Brokerage Orders (Order Tickets)

Order Tickets must:

Set out the terms and conditions of the order and any modifications or cancellations.

Identify the account for which the order is entered.

Identify the associated person, if any, responsible for the account and any other person who

entered or accepted the order, or if a customer entered the order on an electronic system, a

notation of that entry.

Describe whether the order was entered subject to discretionary authority.


Include, to the extent feasible, the time of execution or cancellation.

Identify the time the order was received, the time of entry and the price at which it was

executed.

SEA Rule 17a-3(a)(6) applies to broker transactions. Also, no order ticket needs to be made for a

purchase, sale or redemption of a security on a subscription way basis directly from or to the issuer, if the

broker-dealer maintains a copy of the customer’s subscription agreement regarding a purchase, or a copy

of any other document required by the issuer regarding a sale or redemption.


Rule 17a-4(b).

SEA Rule 17a-3(a)(7): Memoranda of Purchases and Sales

A Memorandum of each purchase and sale for the account of the broker-dealer showing:

Price, and to the extent feasible, time of execution.

Where the purchase or sale is with a customer other than a broker or dealer, a memorandum of each

order received, showing:

Time of receipt.

Terms and conditions of the order and of any modification thereof.

Account for which it was entered.

Identity of each associated person, if any, responsible for the account.

Identity of any other person who entered or accepted the order on behalf of the customer or,

if a customer entered the order on an electronic system, a notation of that entry.

SEA Rule 17a-3(a)(7) applies to dealer transactions. An order with a customer other than a broker-dealer

entered pursuant to the exercise of discretionary authority by the broker-dealer, or associated person

thereof, must be so designated.


Rule 17a-4(b).

SEA Rule 17a-3(a)(8): Confirmations and Notices

Copies of confirmations of all purchases and sales of securities, including all repurchase and reverse

repurchase agreements, and copies of notices of all other debits and credits for securities, cash and other

items for the account of customers and partners of such broker-dealer.


Rule 17a-4(b).

SEA Rule 17a-3(a)(9): Records Regarding Cash and Margin Accounts

A record in respect of each cash and margin account with such broker-dealer indicating:

Name and address of the beneficial owner of such account, and

Except with respect to exempt employee benefit plan securities as defined in SEA Rule 14a-

1(d), but only to the extent such securities are held by employee benefit plans established by

the issuer of the securities, whether or not the beneficial owner of securities registered in the

name of such brokers or dealers, or a registered clearing agency or its nominee objects to

disclosure of his or her identity, address and securities positions to issuers.


In the case of a margin account, the signature of such owner, provided, that, in the case of a

joint account or an account of a corporation, such records are required only in respect of the

person or persons authorized to transact business for such account.


Rule 17a-4(b).

SEA Rule 17a-3(a)(10): Puts, Calls, Spreads, Straddles and Other Options

A record of all puts, calls, spreads, straddles and other options in which such broker-dealer has any direct

or indirect interest or which such broker-dealer has granted or guaranteed, containing at least:

Identification of the security.

Number of units involved.

An OTC derivatives dealer must also keep a record of all eligible OTC derivative instruments as defined in

SEA Rule 3b-13 in which the OTC derivatives dealer has any direct or indirect interest or which it has

written or guaranteed, containing, at a minimum:

An identification of the security or other instrument.

Number of units involved.

Identity of the counterparty.


Rule 17a-4(b).

SEA Rule 17a-3(a)(11): Monthly Trial Balances and Net Capital Computations

A record of the proof of money balances of all ledger accounts in the form of trial balances, and a record

of the computation of aggregate indebtedness and net capital, as of the trial balance date, pursuant to

SEA Rule 15c3-1 (the Net Capital Rule). Such trial balances and computations must be prepared

currently at least once a month.

SEA Rules 17a-3(a)(11) and 17a-4(b)(5) are related provisions and subject to the same retention period.


Rule 17a-4(b).

SEA Rule 17a-3(a)(12)(i): Employment Applications

A questionnaire or application for employment executed by each “associated person” (as defined in SEA

Rule 17a-3(h)(4)) of the broker-dealer, which questionnaire or application must be approved in writing by

an authorized representative of the broker-dealer and must contain at least the following information with

respect to the associated person:

Name, address, social security number, date of birth and the starting date of employment or

other association with the broker-dealer.

Complete, consecutive statement of business connections for at least the preceding ten

years, including whether the employment was part-time or full-time.

A record of any denial of membership or registration, and of any disciplinary action taken, or

sanction imposed, by any federal or state agency, or by any national securities exchange or

national securities association, including any finding that the associated person was a cause

of any disciplinary action or had violated any law.

A record of any denial, suspension, expulsion or revocation of membership or registration of

any broker-dealer with which the associated person was associated in any capacity when

such action was taken.


A record of any permanent or temporary injunction entered against the associated person or

any broker-dealer with which the associated person was associated in any capacity at the

time such injunction was entered.

A record of any arrest or indictment for any felony, or any misdemeanor pertaining to

securities, commodities, banking, insurance or real estate (including, but not limited to, acting

as or being associated with a broker-dealer, investment company, investment adviser, futures

sponsor, bank or savings and loan association), fraud, false statements or omission, wrongful

taking of property or bribery, forgery, counterfeiting or extortion and the disposition of the

foregoing.

A record of any other name or names known or used.

Provided, however, that if such associated person has been registered as a registered representative of

such broker-dealer with, or the associated person’s employment has been approved by, FINRA or one of

the national exchanges, then retention of a full, correct and complete copy of any and all applications for

such registration or approval will be deemed to satisfy the requirements of SEA Rule 17a-3(a)(12)(i).

Retention Period: Until three years (in an easily accessible place) after the associated person’s employment and any other connection with the broker-dealer has terminated; Source: SEA Rule 17a-4(e)(1).

SEA Rule 17a-3(a)(12)(ii): Associated Person Records

Broker-dealers must maintain a record listing each associated person, which contains the following

information for each:

Every office where the associated person regularly conducts a securities business (or the

business of handling funds).

The individual’s CRD number (if any), and every internal identification number or code

assigned to the individual by the broker-dealer.

Retention Period: Until three years (in an easily accessible place) after the associated person’s employment and any other connection with the broker-dealer has terminated; Source: SEA Rule 17a-4(e)(1).

SEA Rule 17a-3(a)(13): Fingerprint Records

Records required to be maintained pursuant to SEA Rule 17f-2(d), which includes: the processed

fingerprint card or any substitute record when such card is not returned after processing, together with

any information received from the Attorney General or its designee.

Retention Period: Until three years (in an easily accessible place) after the termination of employment or association of those persons required by SEA Rule 17f-2 to be fingerprinted; Source: SEA Rule 17a-4(e)(2).

SEA Rule 17a-3(a)(14): Records of Lost, Stolen, Missing or Counterfeit Securities

Copies of all SEA Forms X-17F-1A filed pursuant to SEA Rule 17f-1, all agreements between reporting

institutions regarding registration or other aspects of SEA Rule 17f-1, and all confirmations or other

information received from the SEC or its designee as a result of inquiry.

Retention Period: Three years (in an easily accessible place); Source: SEA Rule 17a-4(e)(4).


SEA Rule 17a-3(a)(15): Fingerprint Exemption Notices

Records required to be maintained pursuant to SEA Rule 17f-2(e), which requires: broker-dealers that

claim one or more of the exemptions in SEA Rule 17f-2(a)(1) to make and keep current a statement

entitled “Notice Pursuant to Rule 17f-2” containing the information specified in SEA Rule 17f-2(e)(1).

Retention Period: Life of the enterprise (in an easily accessible place); Source: SEA Rule 17a-

4(e)(3).

SEA Rule 17a-3(a)(16): Internal Broker-Dealer System Records

The following records regarding any internal broker-dealer system of which the broker-dealer is the

sponsor:

A record of the broker-dealer’s customers that have access to an internal broker-dealer

system sponsored by the broker-dealer (identifying any affiliations between such customers

and the broker-dealer).

-dealer system, including:

Securities for which transactions have been executed through use of such system.

Transaction volume (separately stated for trading occurring during hours when

consolidated trade reporting facilities are and are not in operation):

Equity securities: Stated in number of trades, number of shares and total U.S. dollar

value.

Debt securities: Stated in total settlement value in U.S. dollars.

Other securities: Stated in number of trades, number of units of securities and in

dollar value, or other appropriate commonly used measure of value of such

securities.

Time-sequenced records of each transaction effected through the internal broker-dealer

system, including date and time executed, price, size, security traded, counterparty

identification information and method of execution (if internal broker-dealer system allows

alternative means or locations for execution, such as routing to another market, matching

with limit orders, or executing against the quotations of the broker-dealer sponsoring the

system).


Rule 17a-4(b).


SEA Rule 17a-3(a)(17): Records Relating to Customer Accounts

SEA Rule 17a-3(a)(17)(i)(A): Customer Account Records

A record must be created for each customer or owner (natural person) of an account, which includes:

Customer or owner’s name.

Tax identification number.

Address.

Telephone number.

Date of birth.

Employment status (including occupation and whether customer is an associated person of a

broker-dealer).

Annual income.

Net worth (excluding primary residence).

Account’s investment objectives.

Personal information must be obtained for EACH owner of the account (however, it is acceptable to

combine the financial information for joint owners). The account record must indicate whether it has been

signed by the associated person responsible for the account, if any, and approved or accepted by a

principal of the broker-dealer.

SEA Rule 17a-3(a)(17)(i)(B)(1): Furnishing Customer Account Records

Record indicating that the broker-dealer has furnished the customer or owner a copy of the account

record information required by SEA Rule 17a-3(a)(17)(i)(A) (the broker-dealer may choose to exclude any

tax identification number and date of birth from the account record information furnished to the customer

or owner).

The broker-dealer has to furnish the required information within 30 days of the opening of the account.

Thereafter, the broker-dealer is required to furnish the information at least every 36 months.

The account record information provided to each customer or owner must include an explanation of any

terms regarding investment objectives. It also must include or be accompanied by prominent statements

that the customer or owner should make any corrections and return the document to the broker-dealer,

and that the customer or owner should notify the broker-dealer of any future changes to information

contained in the account record.


SEA Rule 17a-3(a)(17)(i)(B)(2): Name or Address Change

Record indicating that, for each account record updated to reflect a change in the name or address of the

customer or owner, the broker-dealer has furnished a notification of that change to the customer’s or

owner’s old address, or to each joint owner, and the associated person, if any, responsible for that

account.

The notification must be furnished within 30 days after the date the broker-dealer received notice of the

change.

SEA Rule 17a-3(a)(17)(i)(B)(3): Change in Investment Objectives

Record indicating that, for each change in the account’s investment objectives, the broker-dealer has

furnished to each customer or owner, and the associated person, if any, responsible for that account a

copy of the updated customer account record or alternative document with all information required to be

furnished by SEA Rule 17a-3(a)(17)(i)(B)(1).

The updated information must be furnished within 30 days after the date the broker-dealer received notice

of any change, or, if the account was updated for some reason other than the firm receiving notice of a

change, after the date the account record was updated.

SEA Rule 17a-3(a)(17)(i)(C): Neglect, Refusal, or Inability of a Customer to Provide Required Information

The neglect, refusal, or inability of a customer or owner to provide or update any account record information required under SEA Rule 17a-3(a)(17)(i)(A) will excuse the broker-dealer from obtaining that required information.

SEA Rule 17a-3(a)(17)(i)(D): Exception

The requirements of SEA Rules 17a-3(a)(17)(i)(A) and 17a-3(a)(17)(i)(B)(1) only apply to accounts for

which the broker-dealer is, or has within the past 36 months been, required to make a suitability

determination under the federal securities laws or under the requirements of an SRO of which it is a

member.

SEA Rule 17a-3(a)(17)(ii): Discretionary Accounts

For discretionary accounts, a record containing the dated signature of each customer or owner granting

discretionary authority and dated signature of each natural person to whom discretionary authority is

granted.

SEA Rule 17a-3(a)(17)(iii): Furnishing Agreements

A record for each account indicating that each customer or owner was furnished with a copy of each

written agreement entered into on or after May 2, 2003 pertaining to the account and that, if requested by

the customer or owner, the customer or owner was furnished with a fully executed copy of each

agreement.

Retention Period: In an easily accessible place, until six years after the earlier of the date the

account was closed or the date on which the information was replaced or updated; The six-year

period begins either at the time the account is closed or when the information is replaced or

updated; Source: SEA Rule 17a-4(e)(5).

SEA Rule 17a-3(a)(18)(i): Customer Complaints

A record, as to each associated person, of each written customer complaint received by the broker-dealer

(including those received electronically) concerning the associated person, which must include:

The complainant’s name, address and account number.

The date the complaint was received.


The name of each associated person identified in the complaint.

A description of the nature of the complaint.

The disposition of the complaint.

Instead of the record described above, the broker-dealer may maintain a copy of each original complaint

in a separate file by the associated person named in the complaint along with a record of the disposition

of the complaint.


Rule 17a-4(b).

SEA Rule 17a-3(a)(18)(ii): Notice of Customer Complaint Contact Information

A record indicating that each customer has been provided with a notice of the address and telephone

number of the department of the firm to which complaints may be directed.


Rule 17a-4(b).

SEA Rule 17a-3(a)(19): Compensation Records

Firms must make a record concerning each associated person with the following information:

List of each purchase and sale of a security attributable to the associated person for

compensation purposes.

Amount of compensation (if monetary).

Description of the compensation (if nonmonetary).

Copy of all agreements pertaining to the relationship between the associated person and the

broker-dealer, including summary of the compensation plan or arrangement.


Rule 17a-4(b).

SEA Rule 17a-3(a)(20): Communications Supervision Records

Firms are required to make a record documenting that they have complied with, or adopted policies and

procedures reasonably designed to establish compliance with applicable federal and SRO rules and

regulations requiring principal approval of advertisements, sales literature or other communications with

the public.


Rule 17a-4(b).

SEA Rule 17a-3(a)(21): Records Identifying Individuals Who Can Explain Types of Records

A record for each office listing, by name or title, each person at that office who, without delay, can explain

the types of records the firm maintains at that office and the information contained in those records.


Rule 17a-4(a).

SEA Rule 17a-3(a)(22): Principal Responsible for Establishing Policies and Procedures

A record listing each principal of a broker-dealer responsible for establishing policies and procedures that

are reasonably designed to ensure compliance with any applicable federal requirements or rules of a self-

regulatory organization of which the broker-dealer is a member that requires acceptance or approval of a

record by a principal.



Rule 17a-4(a).

SEA Rule 17a-3(a)(23): Credit, Market, and Liquidity Risk Management Controls

A record documenting the credit, market, and liquidity risk management controls established and

maintained by the broker-dealer to assist it in analyzing and managing the risks associated with its

business, provided that the records need only be made if the broker-dealer has more than:

$1,000,000 in aggregate credit items as computed under SEA Rule 15c3-3a; or

$20,000,000 in capital, which includes debt subordinated in accordance with SEA Rule 15c3-

1d.

Retention Period: Three years after the termination of the use of the risk management controls

documented therein; Source: SEA Rule 17a-4(e)(9).

SEA Rule 17a-3(g): Office Records

The following records must be created and kept current as to each office:

Blotters or Similar Records (SEA Rule 17a-3(a)(1)).

Memoranda of Brokerage Orders (Order Tickets) (SEA Rule 17a-3(a)(6)).

Memoranda of Purchases and Sales (SEA Rule 17a-3(a)(7)).

Employment Applications and Associated Person Records (SEA Rule 17a-3(a)(12)).

Records Relating to Customer Accounts (SEA Rule 17a-3(a)(17)).

Customer Complaints (SEA Rule 17a-3(a)(18)(i)).

Compensation Records (SEA Rule 17a-3(a)(19)).

Communications Supervision Records (SEA Rule 17a-3(a)(20)).

Records Identifying Individuals Who Can Explain Types of Records (SEA Rule 17a-3(a)(21)).

Principal Responsible for Establishing Policies and Procedures (SEA Rule 17a-3(a)(22)).

SEA Rule 17a-3(h)(1): Definition of Office

The term office means any location where one or more associated persons regularly conduct the

business of handling funds or securities or effecting any transactions in, or inducing or attempting to

induce the purchase or sale of, any security.

SEA Rule 17a-4

SEA Rule 17a-4(b)(2): Banking Documents

All check books, bank statements, cancelled checks and cash reconciliations.


Rule 17a-4(b).

SEA Rule 17a-4(b)(3): Bills

All bills receivable or payable (or copies thereof), paid or unpaid, relating to the broker-dealer’s business as such.


Rule 17a-4(b).


SEA Rule 17a-4(b)(4): Communications Relating to Broker-Dealer’s Business As Such

Originals of all communications received and copies of all communications sent (and any approvals thereof) by the broker-dealer (including inter-office memoranda and communications) relating to its business as such, including all communications that are subject to rules of a self-regulatory organization of which the broker-dealer is a member regarding communications with the public. The term communications includes sales scripts.


Rule 17a-4(b).

SEA Rule 17a-4(b)(4) requires that a broker-dealer retain originals of all communications received and

copies of all communications sent by the broker-dealer relating to its “business as such” for at least three

years, the first two years in an easily accessible place. See FINRA Rule 3110.09 (regarding the retention

of internal communications and correspondence of associated persons relating to the member’s

investment banking or securities business). This requirement applies to all electronic communications

relating to the firm’s business, including emails and instant messages. See Notice to Members 03-33

(July 2003) (Clarification for Members Regarding Supervisory Obligations and Recordkeeping

Requirements for Instant Messaging).

Significantly, this requirement covers both external and internal electronic communications relating to the

firm’s business. An email between registered representatives in the same firm is one example of an

internal electronic communication.

Furthermore, the requirement equally applies whether the electronic communication was received or sent through a member’s or a third-party’s platform or system. Firms may not permit the use of any type of electronic communication if they are unable to satisfy the applicable recordkeeping requirements with respect to that particular type of electronic communication. SEA Rule 17a-4(b)(5): Trial Balances and Other Specified Financial Documents

All trial balances, computations of aggregate indebtedness and net capital (and working papers in connection therewith), financial statements, branch office reconciliations and internal audit working papers, relating to the broker-dealer’s business as such. (See also SEA Rule 17a-3(a)(11): Monthly Trial Balances and Net Capital Computations).

Retention Period: Three years (the first two years in an easily accessible place); Source: SEA Rule 17a-4(b).

SEA Rule 17a-4(b)(6): Guarantees, Powers of Attorney and Other Specified Account Authorization

Documents

All guarantees of accounts and all powers of attorney and other evidence of the granting of any discretionary authority given in respect of any account, and copies of resolutions empowering an agent to act on behalf of a corporation.


Rule 17a-4(b).

SEA Rule 17a-4(b)(7): Written Agreements

All written agreements (or copies thereof) entered into by the broker-dealer relating to its business as such, including agreements with respect to any account.


Rule 17a-4(b).


SEA Rule 17a-4(b)(8): Documents in Support of FOCUS Reports

Records that contain the following information in support of amounts included in the report prepared as of

the audit date on SEA Form X-17A-5 Part II or Part IIA or Part IIB and in annual audited financial

statements required by SEA Rules 17a-5(d) and 17a-12(b):

Money balance position, long or short, including description, quantity, price and valuation of

each security including contractual commitments in customers’ accounts, in cash and fully

secured accounts, partly secured accounts, unsecured accounts and in securities accounts

payable to customers;

Money balance and position, long or short, including description, quantity, price and valuation

of each security including contractual commitments in noncustomers’ accounts, in cash and

fully secured accounts, partly secured and unsecured accounts and in securities accounts

payable to noncustomers;

Position, long or short, including description, quantity, price and valuation of each security

including contractual commitments included in the Computation of Net Capital as

commitments, securities owned, securities owned not readily marketable and other

investments owned not readily marketable;

Amount of secured demand note, description of collateral securing such secured demand

note including quantity, price and valuation of each security and cash balance securing such

secured demand note;

Description of futures commodity contracts, contract value on trade date, market value, gain

or loss and liquidating equity or deficit in customers’ and noncustomers’ accounts;

Description of futures commodity contracts, contract value on trade date, market value, gain

or loss and liquidating equity or deficit in trading and investment accounts;

Description, money balance, quantity, price and valuation of each spot commodity position or

commitments in customers’ and noncustomers’ accounts;

Description, money balance, quantity, price and valuation of each spot commodity position or

commitments in trading and investment accounts;

Number of shares, description of security, exercise price, cost and market value of put and

call options including short out of the money options having no market or exercise value,

showing listed and unlisted put and call options separately;

Quantity, price, and valuation of each security underlying the haircut for undue concentration

made in the Computation for Net Capital;

Description, quantity, price and valuation of each security and commodity position or

contractual commitment, long or short, in each joint account in which the broker or dealer has

an interest, including each participant’s interest and margin deposit;

Description, settlement date, contract amount, quantity, market price and valuation for each

aged failed to deliver requiring a charge in the Computation of Net Capital pursuant to SEA

Rule 15c3-1;

Detail relating to information for possession or control requirements under SEA Rule 15c3-3

and reported on the schedule in Part II or IIA of SEA Form X-17A-5;

Detail of all items, not otherwise substantiated, that are charged or credited in the

Computation of Net Capital pursuant to SEA Rule 15c3-1, such as cash margin deficiencies,

deductions related to securities values and undue concentration, aged securities differences

and insurance claims receivable; and


Other schedules that are specifically prescribed by the SEC as necessary to support

information reported as required by SEA Rules 17a-5 and 17a-12.


Rule 17a-4(b).

SEA Rule 17a-4(b)(9): Procedures Relating to Compliance with Possession and Control Requirements and Specified Records Relating to Security Futures Products The records required to be made pursuant to SEA Rules15c3-3(d)(5) and (o).


Rule 17a-4(b).

SEA Rule 17a-4(b)(10): Records Relating to Internal Risk Management Control Systems for OTC

Derivatives Dealers

The records required to be made pursuant to SEA Rule 15c3-4 and the results of the periodic reviews conducted pursuant to SEA Rule 15c3-4(d).


Rule 17a-4(b).

SEA Rule 17a-4(b)(11): Notices Relating to Internal Broker-Dealer System

All notices relating to an internal broker-dealer system provided to the customers of the broker-dealer that sponsors such internal broker-dealer system, as defined in SEA Rule 17a-3(a)(16)(ii)(A). Notices, whether written or communicated through the internal broker-dealer trading system or other automated means, must be preserved under SEA Rule 17a-4(b)(11) if they are provided to all customers with access to an internal broker-dealer system, or to one or more classes of customers. Examples of notices to be preserved under SEA Rule 17a-4(b)(11) include, but are not limited to, notices addressing hours of system operations, system malfunctions, changes to system procedures, maintenance of hardware and software and instructions pertaining to access to the internal broker-dealer system.


Rule 17a-4(b).

SEA Rule 17a-4(b)(12): Record of Credit Rating Basis and Credit Risk Weight Basis

The records required to be made pursuant to SEA Rules 15c3-1e(c)(4)(vi)(D) and (E).


Rule 17a-4(b).

SEA Rule 17a-4(c): Customer Account Cards

Account cards or records that relate to the terms and conditions with respect to the opening and maintenance of a customer account.

Retention Period: Until six years after the closing of the customer’s account; Source: SEA Rule

17a-4(c).

SEA Rule 17a-4(d): Organizational Records, Records of Formation and Broker-Dealer Registration

Documents

All partnership articles or, in the case of a corporation, all articles of incorporation or charter, minute books and stock certificate books (or, in the case of any other form of legal entity, all records such as articles of organization or formation, and minute books used for a purpose similar to those records required for corporations or partnerships), all SEC Forms BD and BDW and all amendments to these


forms, all licenses or other documentation showing the registration of the broker-dealer with any securities regulatory authority.

Retention Period: Life of the enterprise and of any successor enterprise; Source: SEA Rule 17a-4(d).

SEA Rule 17a-4(e)(6): Regulatory Reports Each report that a securities regulatory authority has requested or required the broker-dealer to make and furnish to it pursuant to an order or settlement, and each securities regulatory authority examination report.

Retention Period: In an easily accessible place, until three years after the date of the report;

Source: SEA Rule 17a-4(e)(6).

SEA Rule 17a-4(e)(7): Compliance, Supervisory and Procedures Manuals

Each compliance, supervisory and procedures manual, including any updates, modifications and revisions to the manual, describing the policies and practices of the broker-dealer with respect to compliance with applicable laws and rules, and supervision of the activities of each natural person associated with the broker-dealer.

Retention Period: In an easily accessible place, until three years after the termination of the use

of the manual; Source: SEA Rule 17a-4(e)(7).

SEA Rule 17a-4(e)(8): Unusual Activity or Exception Reports

All reports produced to review for unusual activity in customer accounts. Instead of maintaining the reports, the broker-dealer may produce promptly the reports upon request by a representative of a securities regulatory authority. If a report was generated in a computer system that has been changed in the most recent eighteen-month period in a manner such that the report cannot be reproduced using historical data in the same format as it was originally generated, the report may be produced by using the historical data in the current system, but must be accompanied by a record explaining each system change that affected the reports. If a report is generated in a computer system that has been changed in the most recent eighteen-month period in a manner such that the report cannot be reproduced in any format using historical data, the broker-dealer must promptly produce upon request a record of the parameters that were used to generate the report at the time specified by a representative of a securities regulatory authority, including a record of the frequency with which the reports were generated.

Retention Period: In an easily accessible place, until eighteen months after the date the report was generated; Source: SEA Rule 17a-4(e)(8).

SEA Rule 17a-4(f): Electronic Storage Media and Micrographic Media

The records required to be maintained and preserved pursuant to SEA Rules 17a-3 and 17a-4 may be immediately produced or reproduced on micrographic media (microfilm or microfiche, or any similar medium) or electronic storage media (any digital storage medium or system) that meet the conditions set forth in SEA Rule 17a-4(f) and may be maintained and preserved for the required time on such media.

The electronic storage media must meet the following conditions:

Firm Notification The broker-dealer must notify its Designated Examining Authority (“DEA”) that it will use an

electronic storage media before using the electronic storage media for the first time. If the

broker-dealer plans to use an electronic storage media that is not optical disk technology,

SEA Rule 17a-4(f) requires the broker-dealer to notify its DEA at least 90 days before its

first use of such storage media. An optical disk is a direct-access disk written and read by

light, such as a CD-ROM.

Electronic Storage Media Representation The broker-dealer must provide to its DEA a representation that the selected electronic

storage media meets the following conditions:


(1) preserves the records exclusively in a nonrewriteable, nonerasable format;

(2) verifies automatically the quality and accuracy of the storage media recording process; (3) serializes the original and, if applicable, duplicate units of the storage media and also

time-dates for the required retention period the information stored on it; and

(4) has the capacity to readily download stored records and indexes to any medium

acceptable under SEA Rule 17a-4(f), upon request of the SEC or SROs of which the

broker-dealer is a member.

This representation may come from the broker-dealer or from a storage medium vendor or

other third party with the appropriate level of expertise.

Audit System The broker-dealer must have an audit system that identifies when original and duplicate

records are input on to the electronic storage media and when any changes to existing

records are made. Additionally, SEC and SRO staffs must be able to examine the results

of such audit system, and the broker-dealer must retain the audit results for the same

amount of time required for the audited records.

Access to Records and Indexes The broker-dealer is required to retain, keep current and surrender upon request by the

SEC or SRO staffs all the information needed to download stored records and indexes.

Alternatively, the broker-dealer may place in escrow and keep current a copy of the

physical and logical file format of the electronic storage media, the field format of all

different information types written on the electronic storage media and the source code,

together with the appropriate documentation and information necessary to access records

and indexes.

Third-Party Access Representation If the broker-dealer stores some or all of its required records exclusively on electronic

storage media, the broker-dealer also must have a third-party file an undertaking (exactly

as specified in SEA Rule 17a-4(f)(3)(vii)) with the broker-dealer’s DEA to the effect that the

third party can provide access to records stored on the broker-dealer’s electronic storage

media.

In addition, both the electronic storage media and micrographic media must meet the following conditions:

Retrieval Facilities

The broker-dealer must have available facilities that allow SEC and SRO staffs to locate or

readily access the appropriate records, read them and produce or download them.

Facsimile Enlargements The broker-dealer must be able to immediately provide any facsimile enlargement of the

record that the SEC, SRO or state securities regulator may request. For instance, if a

record is stored in a scaled-down size, the broker-dealer must be able to provide an exact

enlargement of the record upon request.


Duplicate Copy The broker-dealer must store a duplicate copy of the record separately from the original.

The duplicate copy may be stored on any of the three formats or media acceptable under

SEA Rule 17a-4 (i.e., paper form, micrographic media or electronic storage media). The

duplicate copy must be stored for the same amount of time as the original record.

Indexes The broker-dealer must accurately organize and index all information maintained on both the original and any duplicate storage media. The broker-dealer must be able to have such indexes available for examination by the SEC and SRO staffs. The broker-dealer also must store a duplicate copy of the index separately from each original index. The original and duplicate indexes must be stored for the same amount of time as the underlying indexed record.

SEA Rule 17a-4(g): Preserving Records After Ceasing Business If a firm ceases to do business, records must be maintained for the remainder of the applicable retention period. SEA Rule 17a-4(i): Records Stored with Third Party If a firm’s required records are prepared or maintained by a recordkeeping service, that recordkeeping service must file with the SEC a written undertaking pursuant to SEA Rule 17a-4(i) to the effect that the records in question constitute records of, and are the property of, the broker-dealer, and such records will be surrendered promptly on request of the respective broker-dealer. The recordkeeping service also must undertake to permit examination of the records by the SEC, and to furnish them promptly to the SEC. In addition, the undertaking must be signed by a duly authorized person, include the exact language specified in SEA Rule 17a-4(i) and be in a form acceptable to the SEC. SEA Rule 17a-4(i) further provides that an agreement with an outside entity does not relieve the broker-dealer from the responsibility to prepare and maintain required records. A broker-dealer that uses another person, firm or organization to maintain its records also must provide the appropriate disclosures regarding such an arrangement on its Form BD (Uniform Application for Broker-Dealer Registration). In addition, for a detailed discussion of obligations regarding outsourcing, see Notice to Members 05-48 (July 2005) (Members’ Responsibilities When Outsourcing Activities to Third-Party Service Providers). SEA Rule 17a-4(j): Production of Records Firms must furnish promptly to the SEC legible, true, complete and current copies of required records, or any other records of the firm subject to examination that are requested by the SEC.


SEA Rule 17a-4(l): Location of Office Records and Other Specified Records For the most recent two-year period, specified records (records made pursuant to SEA Rules 17a-3(g), 17a-4(b)(4) (communications) and 17a-4(e)(7)) must be maintained at the office to which they relate. If an office is a private residence where only one associated person (or multiple associated persons who reside at that location and are members of the same immediate family) regularly conducts business, and it is not held out to the public as an office nor are funds or securities of any customer of the firm handled there, the firm need not maintain records at that office, but the records must be maintained at another location within the same state as that office as the firm chooses. Rather than maintain the records at each office, the firm may choose to produce the records “promptly” at the request of a representative of a securities regulatory authority at the office to which they relate or at another location agreed to by the representative. The word “promptly” has deliberately not been defined in the rule. However, the SEC has stated that, in general, requests for records that are readily available at the office (either on-site or electronically) should be filled on the day the request is made. If a request is unusually large or complex, then the firm should discuss with the regulator a mutually agreeable time frame for production. Additionally, while the firm must maintain specified records for its foreign office, it is not required to maintain or produce those records at the foreign office. Instead, those records would be maintained at the firm’s main office.

FINRA Rules

In addition to the recordkeeping requirements of FINRA Rule 4511 (General Requirements), the following are some of the other FINRA recordkeeping rules: [Note: This is not an exhaustive list.] FINRA Rule 2210(b)(4): Communications with the Public; Approval, Review and Recordkeeping

Firms must maintain all retail communications and institutional communications for the retention period required by SEA Rule 17a-4(b) and in a format and media that comply with SEA Rule 17a-4. The records must include:

A copy of the communication and the dates of first and (if applicable) last use of such communication;

The name of any registered principal who approved the communication and the date that approval was given;

In the case of a retail communication or an institutional communication that is not approved prior to first use by a registered principal, the name of the person who prepared or distributed the communication;

Information concerning the source of any statistical table, chart, graph or other illustration used in the communication; and

For any retail communication for which principal approval is not required pursuant to paragraph (b)(1)(C), the name of the member that filed the retail communication with the Department, and a copy of the corresponding review letter from the Department.

Members must maintain all correspondence in accordance with the recordkeeping requirements of FINRA Rules 3110.09 and 4511.

Retention Period: Three years from the date of last use; Source: FINRA Rule 2210(b)(4)(A) and

SEA Rule 17a-4(b).

FINRA Rule 2241(d): Research Analysts and Research Reports; Disclosure in Public Appearances Firms must maintain records of public appearances by research analysts sufficient to demonstrate compliance by those research analysts with the applicable disclosure requirements under Rule 2240(d).


Retention Period: Three years from the date of the public appearance; Source: FINRA Rule 2240(d)(3).

FINRA Rule 2360(b)(23)(C)(iii): Options; Requirements; Tendering Procedures for Exercise of Options; Allocation of Exercise Assignment Notices A firm is required to preserve sufficient work papers and other documentary materials relating to the allocation of exercise assignment notices to establish the manner in which allocation of such exercise assignment notices is in fact being accomplished.

Retention Period: Three years; Source: FINRA Rule 2360(b)(23)(C)(iii)

FINRA Rule 5130(b): Restrictions on the Purchase and Sale of Initial Equity Public Offerings; Preconditions for Sale A firm is required to maintain a copy of all records and information relating to whether an account is eligible to purchase new issues in its files.

Retention Period: Until three years after the member’s last sale of a new issue to that account; Source: FINRA Rule 5130(b)

FORM BD

PAGE 3 ApplicantName:______________________________________________________________________

Date:____________________ Firm CRD No.: _______________

OFFICIAL USE OFFICIAL

USE ONLY

8. Does applicant have any arrangement with any other person, firm, or organization under which: YES NO

A. any books or records of applicant are kept or maintained by such other person, firm or organization? ...................

B. accounts, funds, or securities of the applicant are held or maintained by such other person, firm, or organization?

C. accounts, funds, or securities of customers of the applicant are held or maintained by such other person, firm or organization? ...................................................................................................................................................................

For purposes of 8B and 8C, do not include a bank or satisfactory control location as defined in paragraph (c) of Rule 15c3-3 under the Securities Exchange Act of 1934 (17 CFR 240.15c3-3).

if “Yes” to any part of Item 8, complete appropriate items on Schedule D, Page 1, Section IV.

9. Does any person not named in Item 1 or Schedules A, B, or C, directly or indirectly:

A. control the management or policies of the applicant through agreement or otherwise? ............................................

B. wholly or partially finance the business of applicant? ...................................................................................................

Do not answer “Yes” to 9B if the person finances the business of the applicant through: 1) a public offering of securities made pursuant to the Securities Act of 1933; 2) credit extended in the ordinary course of business by suppliers, banks, and others; or 3) a satisfactory subordination agreement, as defined in Rule 15c3-1 under the Securities Exchange Act of 1934 (17 CFR 240.15c3-1).

If “Yes’’ to any part of Item 9, complete appropriate items on Schedule D, Page 1, Section IV.

10. A. Directly or indirectly, does applicant control, is applicant controlled by, or is applicant under common control with,any partnership, corporation, or other organization that is engaged in the securities or investment advisory business? .........................................................................................................................................................................

If “Yes” to Item 10A, complete appropriate items on Schedule D, Page 2, Section V.

B. Directly or indirectly, is applicant controlled by any bank holding company, national bank, state member bank of the Federal Reserve System, state non-member bank, savings bank or association, credit union, or foreign bank? ..

If “Yes” to Item 10B, complete appropriate items on Schedule D, Page 3, Section VI.

11. Use the appropriate DRP for providing details to “yes” answers to the questions in Item 11. Refer to the Explanation ofTerms section of Form BD Instructions for explanations of italicized terms.

CR

IMIN

AL

DIS

CL

OS

UR

E

A. In the past ten years has the applicant or a control affiliate:

(1) been convicted of or pled guilty or nolo contendere (“no contest’’) in a domestic, foreign or military court to any felony? ...........................................................................................................................................................

(2) been charged with any felony? ...............................................................................................................................

B. In the past ten years has the applicant or a control affiliate:

(1) been convicted of or pled guilty or nolo contendere (“no contest’’) in a domestic, foreign or military court to a misdemeanor involving: investments or an investment-related business, or any fraud, false statements or omissions, wrongful taking of property, bribery, perjury, forgery, counterfeiting, extortion, or a conspiracy to commit any of these offenses? ...........................................................................................................................

(2) been charged with a misdemeanor specified in 11B(1)? .......................................................................................

REG

ULA

TOR

Y AC

TIO

N D

ISC

LO

SU

RE

C. Has the U.S. Securities and Exchange Commission or the Commodity Futures Trading Commission ever:

(1) found the applicant or a control affiliate to have made a false statement or omission? .......................................

(2) found the applicant or a control affiliate to have been involved in a violation of its regulations or statutes? ......

(3) found the applicant or a control affiliate to have been a cause of an investment-related business having its authorization to do business denied, suspended, revoked, or restricted? ...........................................................

(4) entered an order against the applicant or a control affiliate in connection with investment-related activity? ......

(5) imposed a civil money penalty on the applicant or a control affiliate, or ordered the applicant or a control affiliate to cease and desist from any activity? .......................................................................................................

Schedule D of FORM BD Page 1 Applicant Name:_____________________________________________

Date:____________________ Firm CRD No.: _______________

OFFICIAL USE OFFICIAL

USE ONLY

Use this Schedule D Page 1 to report details for items listed below. Report only new information or changes/updates to previously submitted details. Do not repeat previously submitted information.

This is an INITIAL AMENDED detail filing for the Form BD items checked below:

SECTION I Other Business Names

(Check if applicable) Item 1C(2) List each of the “other’’ names and the jurisdiction(s) in which they are used.

1. Name Jurisdiction 2. Name Jurisdiction

3. Name Jurisdiction 4. Name Jurisdiction

SECTION ll Other Business

(Check one) Item 12Z Item 13B Applicant must complete a separate Schedule D Page 1 for each affirmative response in this section.

Briefly describe any other business (ITEM 12Z); or any other non-securities business (ITEM 13B). Use reverse side of this sheet for additional comments if necessary.

SECTION III Successions

(Check if applicable) Item 5 Date of Succession MM DD YYYY

/ /

Name of Predecessor

Firm CRD Number IRS Employer Identification Number (if any) SEC File Number (if any)

Briefly describe details of the succession including any assets or liabilities not assumed by the successor. Use reverse side of this sheet for additional comments if necessary.

SECTION IV Introducing and Clearing Arrangements / Control Persons / Financings

(Check one) Item 7 Item 8A Item 8B Item 8C Item 9A Item 9B

Applicant must complete a separate Schedule D Page 1 for each affirmative response in this section including any multiple responses to any item. Complete the “Effective Date’’ box with the Month, Day and Year that the arrangement or agreement became effective. When reporting a change or termination of an arrangement or agreement, enter the effective date of the change. Firm or Organization Name CRD Number (if any)

Business Address (Street, City, State/Country, Zip+4 Postal Code) Effective Date

MM DD Y YYY

/ /

Termination Date

MM DD Y YYY

/ /

Individual Name (if applicable) (Last, First, Middle) CRD Number (if any)

Business Address (if applicable) (Street, City, State/Country, Zip+4 Postal Code) Effective Date

MM DD Y YYY

/ /

Termination Date

MM DD Y YYY

/ /

Briefly describe the nature of reference or arrangement (ITEM 7 or ITEM 8); the nature of the control or agreement (ITEM 9A); or the method and amount of financing (ITEM 9B). Use reverse side of this sheet for additional comments if necessary.


The Do's and Don'ts of Record Retention (B2BC) Tuesday, May 24 1:45 p.m. – 2:45 p.m. Resources FINRA Rules

FINRA Regulatory Notice 11-39, Social Media Websites and the Use of Personal Devices for Business Communications (August 2011)

www.finra.org/sites/default/files/NoticeDocument/p124186.pdf

FINRA Regulatory Notice 10-06, Social Media Web Sites (January 2010)


Notice to Members 05-49, Safeguarding Confidential Customer Information (July 2005)


Notice to Members 05-48, Outsourcing (July2005)


Notice to Members 03-33, Instant Messaging (July 2003)


https://www.finra.org/sites/default/files/NoticeDocument/p124186.pdf


http://www.finra.org/sites/default/files/NoticeDocument/p014772.pdf


http://www.finra.org/sites/default/files/NoticeDocument/p003249.pdf

The Do's and Don'ts of Record Retention (B2BC) Tuesday ... · PDF fileFINRA Annual Conference...

Documents

Transcript of The Do's and Don'ts of Record Retention (B2BC) Tuesday ... · PDF fileFINRA Annual Conference...