Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Revised: July 3, 2013
Web: https://mover.io
Phone: +1-415-704-0901
Eric Warnke
CEO
eric@mover.io
Mark Fossen
CIO
mark@move...
Notice
• This information is offered purely as a summary of our research, and not as legal advice.
• We have striven to be...
https://mover.io Revised: July 3, 2013
What is SEC Rule 17a?
Set of rules governing the archiving and security of
broker-d...
https://mover.io Revised: July 3, 2013
Why is Rule 17a Relevant?
• Historically, Rule 17a was not well adhered to, as it r...
https://mover.io Revised: July 3, 2013
Rule 17a (3-4):
• Retain emails for 3-6 years based on type of record.
First 2 year...
https://mover.io Revised: July 3, 2013
Designated Third Parties
For cloud companies, there is an opportunity in the
rule o...
https://mover.io Revised: July 3, 2013
Third Party Requirements
Broker-dealers are now being held accountable to
Rule 17a ...
https://mover.io Revised: July 3, 2013
Third Party Access
• Historically, the SEC saw broker-dealers storing their informa...
https://mover.io Revised: July 3, 2013
How Providers are Reacting
• Most cloud storage services have not adopted SEC/FINRA...
https://mover.io Revised: July 3, 2013
Storage Provider Compliance
• Some companies do not fully state they are compliant,...
Revised: July 3, 2013
Web: https://mover.io
Phone: +1-415-704-0901
Eric Warnke
CEO
eric@mover.io
Mark Fossen
CIO
mark@move...
Upcoming SlideShare
Loading in …5
×

SEC Rule 17a and the Cloud, by Mover.io

3,598 views

Published on

We created an overview of how the SEC's Rule 17a affects cloud storage. You can review the entire white paper at: https://docs.google.com/a/mover.io/document/d/1XNJwJkAxWsR2tXdS5Qu8ae2pWmykM2SWj6O8et8WBG4/

Published in: Technology, Business
  • Be the first to comment

SEC Rule 17a and the Cloud, by Mover.io

  1. 1. Revised: July 3, 2013 Web: https://mover.io Phone: +1-415-704-0901 Eric Warnke CEO eric@mover.io Mark Fossen CIO mark@mover.io SEC and the Cloud created by
  2. 2. Notice • This information is offered purely as a summary of our research, and not as legal advice. • We have striven to be accurate and we hope this document is useful. • If you have any questions, concerns, or corrections, please let us know so we can improve this document for others. • View the full whitepaper: – https://docs.google.com/document/d/1XNJwJkAxWsR2tXdS5Qu8ae2pWmykM2SWj6O8et8WBG4
  3. 3. https://mover.io Revised: July 3, 2013 What is SEC Rule 17a? Set of rules governing the archiving and security of broker-dealer records • Created in 1997 by the Securities and Exchange Commission to ensure brokers follow correct procedures in handling financial information • The rules focus primarily on archiving non-rewriteable records on easily accessible storage sites for a number of years • Enforced by the Financial Industry Regulatory Authority (FINRA): a self-regulating organization for stockbrokers and brokerage firms
  4. 4. https://mover.io Revised: July 3, 2013 Why is Rule 17a Relevant? • Historically, Rule 17a was not well adhered to, as it required broker-dealers to create backups of backups, and the SEC never tested their compliance • These were only ever needed during things such as bankruptcies and investigations, things that most institutions did not consider realistic for themselves • In the last few years, broker-dealers have been tested on their SEC regulations. Those without the proper protocols in place are fined heavily
  5. 5. https://mover.io Revised: July 3, 2013 Rule 17a (3-4): • Retain emails for 3-6 years based on type of record. First 2 years stored in readily available location • Preserve all electronic records in non-rewriteable non- erasable format (eg Write-Once Read-Many) • Automatically verify the quality and accuracy of the storage media recording process • Establish an audit system for accountability to any changes made to any original or duplicate record maintained and preserved • Organize and index all original and duplicate copies of records • Store duplicate copy of records separately from originals for specified retention period • Have all information needed to access records and indexes readily available • Ensure a third-party is in place who can access and download firm’s records
  6. 6. https://mover.io Revised: July 3, 2013 Designated Third Parties For cloud companies, there is an opportunity in the rule on having third party access to records • These 3rd parties have “the ability to independently download electronically- stored information to another acceptable medium for the SEC’s review” • This was introduced to ensure that SEC/FINRA would have access to the information in the event of the broker going out of business and/or refusing to cooperate with SEC/FINRA
  7. 7. https://mover.io Revised: July 3, 2013 Third Party Requirements Broker-dealers are now being held accountable to Rule 17a through this third party requirement • Broker-dealers are required to have a service agreement and a “Letter of Undertaking” with their designated third party, as well as test reports for proof of third party access to their files. This must all be readily available if requested. Regulatory bodies will then review them to ensure standards are met • Since 2007, FINRA has begun checking for these documents, and levying heavy fines on dealers that have not been compliant
  8. 8. https://mover.io Revised: July 3, 2013 Third Party Access • Historically, the SEC saw broker-dealers storing their information on portable media such as optical disks. Third parties were then expected to be able to take this media and access the data at their own facilities • With newer technology, SEC moved to having the information stored onsite in the dealers’ hard drive storage systems – Third parties could access the media several ways: through portable media at their own facility, from the broker- dealer’s on-site storage, or through remote access/VPN • Most recently, broker-dealers are moving towards cloud-based applications to help streamline the process of knowing what data is stored, where it is stored, and exactly how to access it
  9. 9. https://mover.io Revised: July 3, 2013 How Providers are Reacting • Most cloud storage services have not adopted SEC/FINRA compliance • The strict formatting requirements may be restricting cloud vendors from approaching this space and adopting compliance • As FINRA continues levying fines however; storage providers may see more demand for SEC compliance in their offerings and adjust accordingly
  10. 10. https://mover.io Revised: July 3, 2013 Storage Provider Compliance • Some companies do not fully state they are compliant, but appear to have the standards in place to be compliant. Many companies do not specify if they are or are not SEC Compliant • Egnyte Indirect SEC Compliance • Amazon • Dropbox Not SEC Compliant • Box • Google • Microsoft • SugarSync • Yandex
  11. 11. Revised: July 3, 2013 Web: https://mover.io Phone: +1-415-704-0901 Eric Warnke CEO eric@mover.io Mark Fossen CIO mark@mover.io SEC and the Cloud created by

×