Popular on EntSun
- From Speech Therapy to 300+ Episodes: Brother Marcus Turns His Voice Into a Movement Launching a 24/7 Inspiration Radio Network on Day 100 of the Year - 494
- Acuvance Appoints Sandeep Sabharwal to Board of Directors, Strengthening Leadership to Support Continued Platform Growth - 147
- Raquel Riley Thomas' AOAGWLLC and Hazel Simpson's Sis to Sis Productions Ink Major Co-Production Deal, Launching Strategic Creative Alliance - 142
- Pacific Emblem Company Launches "Happy 250th Birthday America" Collection and Proud Supporter of the Gary Sinise Foundation - 140
- Century City Alumnae Chapter Of Delta Sigma Theta Sorority, Inc. Presents The 2026 Entertainment Career Summit At Emerson College Los Angeles - 140
- Charging Into the $30 Billion Heart Failure Market with Late-Stage Momentum, Breakthrough Data, & Strong Financial Backing: Cardiol Therapeutics $CRDL - 139
- Matter Studio Gallery Presented "Evolving Matter," a Pop-Up Exhibition Examining Material Transformation and Contemporary Form - 133
- Bold Beauty Project Celebrates Anniversary with Collaborative Exhibition at FIU's Miami Beach Urban Studios - 132
- Joseline Hernandez To Host Exclusive Viewing Party For New Show Get Money Girls Miami - 128
- Contracting Resources Group and Aalis Management Consulting Launch ARG Joint Venture Under SBA Mentor-Protégé Program - 120
Similar on EntSun
- ICTPBX Released: White-Label, Multi-Tenant Open Source PBX Platform for ITSPs
- Umbrella Becomes First FinOps Platform to Support AWS Billing Transfer Onboarding
- RECYCLEXPERT FZE Strengthens Leadership in Data Destruction UAE and GCC with Certified Secure ITAD Services
- SUMOFIBER Fuels Explosive Growth With netElastic vBNG
- imggpt Launches AI-Powered GPT Image Generator and Photo Editor for Creative Teams
- Freedomtech Solutions creates 'Global Data Centre Network (IDCN)'
- Xtel Communications Appoints David Appleman as VP of Strategic Sales
- 50 Years of Small Business Wisdom, Supercharged by AI: Shelly Berman Launches The Business Health Check
- UK AltNet FullFibre Solves IPv4 Shortage With netElastic BNG And CGNAT Networking Software
- SilverBow Strategies Launches RFPArchon™, the First Product in Its Artemis AI Solutions™ Suite
Avoiding the 17a-4 Quagmire - AdvisorVault's Guide for Small FINRA Firms
EntSun News/10833023
AdvisorVault, today's experts on solving the data archiving demands of SEC rule 17a-4, announces new guidelines for small FINRA firms. By Allan Lonz, President - AdvisorVault
NEW YORK - EntSun -- I've been saying for years that data compliance is a necessary evil, and money spent trying to appease regulators does nothing for the bottom line and surely adds nothing to "operational efficiencies". Also, firms can go years without ever being audited, but worse, when it does happen, no one knows what to expect when the regulator shows up. Sadly, it's a crapshoot for compliance officers when they're eventually asked to reproduce a sample set of electronic records from up to seven years back - which may not even be reviewed at all.
Also, I've been lecturing firms that they must constantly seek ways to keep data compliance costs as low as possible yet keep regulators happy. This is no easy task given all the confusion today, however, the best start is to understand the basics about SEC rule 17a-4. This doesn't mean downloading and reading the whole 65-page document with its dozens of updates and amendments but, instead, understanding how to choose the most efficient technology while passing the electronic records request – the test a regulator will do during the audit where they'll ask for a sample data set from the archive, whatever that may be.
Lots of Questions, Few Answers:
Now, I know – likely more than anyone today - that small firms don't have the money to pay in-house compliance or tech staff so they have to figure it out themselves. At the same time new questions are coming up all the time, for instance: What kind of hard drive is needed to store data? Is the cloud 17a-4 compliant? Can everyone in the company simply store all their files in Dropbox? How about OneDrive? Is data in the cloud indexed? What about Office 365 or Gmail? Do they archive emails for 17a-4? If a small firm moved its office virtual, who does the disaster recovery? Does the cloud provider have to give them their business continuity planning procedure or is there another third-party add-on? Do FINRA firms even have to archive data in the cloud?
Unfortunately, there are few answers readily available, and FINRA is no help in this area; they are far behind, as they don't have the in-house expertise to guide members in "best practice for electronic records retention," yet they're the first ones through the door handing out fines. Further, their on-site auditors aren't up to date either: they still tell firms they must use worm disk for data storage. Where, in reality, that was changed in 2003 when rule 17a-4 was amended by the SEC to allow the use of software to retain data, independent of hard disk. Essentially this means vendors of 17a-4 can archive data simply by allowing a specified expiry or retention period to block record deletion or alteration within their software programming. Then, after the expiry is reached or the retention period has lapsed, data can be deleted from the archive, thereby freeing space for reuse. A win-win for everyone, otherwise there will be piles of useless worm disks wasting space and money. Yet few firms are aware of this.
More on EntSun News
The Basics of 17a-4:
Nonetheless, despite all this confusion, there are a few basic things I've learned over the years about 17a-4 that I want to share that will explain how to keep costs low as possible yet reduce the risk.
First, when it comes to data security, there is no mystery in proving to FINRA that you're keeping hackers off your system. It's a simple matter of applying proper permissions and strong password policies to anything accessed from outside such as VPN connections, servers, and cloud systems. For example, making sure there's a single user with admin permissions only and the password for this user is complex with frequent changes will keep regulators happy, no need to call in James Bond. Also, there's this confusion among FINRA firms that putting data in the cloud automatically makes it non-compliant, that's not true – in fact, FINRA has now migrated all their systems to the cloud themselves.
The reality is FINRA doesn't care where data is stored. Their only concern is that it's properly retained, which means: (1) a designated third party makes secondary copies of this data, (2), retains it for seven years in its original format, and (3) can reproduce this data if requested - the three essentials of rule 17a-4. AdvisorVault customers are moving to the cloud all the time and keeping compliant. They are going with Office 365, with OneDrive, Google Drive or Dropbox, then we simply plugs into whatever they choose and transfers it over to its 17a-4 compliant system, therefore acting as its customers D3P at the same time.
Another big mistake I notice is firms thinking they need to archive everything or risk failing the audit. Again, rule 17a-4 is vague on this by saying firms must retain all communications including books and records, which leaves lots of interpretation these days; meanwhile, vendors take advantage of this confusion, trying to inflate their bottom line by selling archiving products that aren't needed. It's essentially a scare tactic. For instance, there's this crazy idea going around that all social media used by reps must be archived such as Twitter posts, Facebook and LinkedIn pages; essentially it's believed that every website a rep decides to put their smiley face on should be backed up. It's not the case. You can simply avoid this quagmire by creating an IT communication policy that clearly outlines what compliance is allowing people to communicate with, then just say it's only going to be email – and Bob's your uncle.
More on EntSun News
Finally, when small FINRA firms are trying to keep data compliance costs as low as possible to avoid those nasty fines, there must be seamless checks in place to make sure no gaps appear as the firm grows. For example, when a new employee is added, any files that they create will automatically be captured in the 17a-4 archive, this applies to their email as well. Incidentally, the best way to accomplish this is using the cloud because archiving software can automatically detect new sites, folders, or email accounts within cloud services: another great reason to move your office to the cloud since this option isn't available with in-house email or file storage systems.
About AdvisorVault:
AdvisorVault is the only designated third party focusing on solving the data archiving demands of SEC rule 17a-4. Our service is designed specifically for small firms that need one vendor to help them satisfy today's demands surrounding data archiving and supervision. We have created a centralized archiving option that captures data and emails no matter where they are stored - in-house or in the cloud: total peace of mind - out of the box.
AdvisorVault Contact:
Allan Lonz, President
alonz@advisorvault.org
www.advisorvault.org
Direct: 416-985-0310
Toll-free: 1-866-732-1407 ex 1
Also, I've been lecturing firms that they must constantly seek ways to keep data compliance costs as low as possible yet keep regulators happy. This is no easy task given all the confusion today, however, the best start is to understand the basics about SEC rule 17a-4. This doesn't mean downloading and reading the whole 65-page document with its dozens of updates and amendments but, instead, understanding how to choose the most efficient technology while passing the electronic records request – the test a regulator will do during the audit where they'll ask for a sample data set from the archive, whatever that may be.
Lots of Questions, Few Answers:
Now, I know – likely more than anyone today - that small firms don't have the money to pay in-house compliance or tech staff so they have to figure it out themselves. At the same time new questions are coming up all the time, for instance: What kind of hard drive is needed to store data? Is the cloud 17a-4 compliant? Can everyone in the company simply store all their files in Dropbox? How about OneDrive? Is data in the cloud indexed? What about Office 365 or Gmail? Do they archive emails for 17a-4? If a small firm moved its office virtual, who does the disaster recovery? Does the cloud provider have to give them their business continuity planning procedure or is there another third-party add-on? Do FINRA firms even have to archive data in the cloud?
Unfortunately, there are few answers readily available, and FINRA is no help in this area; they are far behind, as they don't have the in-house expertise to guide members in "best practice for electronic records retention," yet they're the first ones through the door handing out fines. Further, their on-site auditors aren't up to date either: they still tell firms they must use worm disk for data storage. Where, in reality, that was changed in 2003 when rule 17a-4 was amended by the SEC to allow the use of software to retain data, independent of hard disk. Essentially this means vendors of 17a-4 can archive data simply by allowing a specified expiry or retention period to block record deletion or alteration within their software programming. Then, after the expiry is reached or the retention period has lapsed, data can be deleted from the archive, thereby freeing space for reuse. A win-win for everyone, otherwise there will be piles of useless worm disks wasting space and money. Yet few firms are aware of this.
More on EntSun News
- HRC Fertility Celebrates Beverly Hills Grand Opening, Spotlighting Fertility Care as Women's Health Month Begins
- HRC Fertility's Dr. Christo G. Zouves Appointed to San Mateo County Medical Association Board of Directors
- HealthBook+ and Stonebrook Risk Solutions Partner to Bring Predictive Intelligence to Healthcare Risk
- Umbrella Becomes First FinOps Platform to Support AWS Billing Transfer Onboarding
- Bolivian Metal Legends HATE S.A. Join Particle Collider Records
The Basics of 17a-4:
Nonetheless, despite all this confusion, there are a few basic things I've learned over the years about 17a-4 that I want to share that will explain how to keep costs low as possible yet reduce the risk.
First, when it comes to data security, there is no mystery in proving to FINRA that you're keeping hackers off your system. It's a simple matter of applying proper permissions and strong password policies to anything accessed from outside such as VPN connections, servers, and cloud systems. For example, making sure there's a single user with admin permissions only and the password for this user is complex with frequent changes will keep regulators happy, no need to call in James Bond. Also, there's this confusion among FINRA firms that putting data in the cloud automatically makes it non-compliant, that's not true – in fact, FINRA has now migrated all their systems to the cloud themselves.
The reality is FINRA doesn't care where data is stored. Their only concern is that it's properly retained, which means: (1) a designated third party makes secondary copies of this data, (2), retains it for seven years in its original format, and (3) can reproduce this data if requested - the three essentials of rule 17a-4. AdvisorVault customers are moving to the cloud all the time and keeping compliant. They are going with Office 365, with OneDrive, Google Drive or Dropbox, then we simply plugs into whatever they choose and transfers it over to its 17a-4 compliant system, therefore acting as its customers D3P at the same time.
Another big mistake I notice is firms thinking they need to archive everything or risk failing the audit. Again, rule 17a-4 is vague on this by saying firms must retain all communications including books and records, which leaves lots of interpretation these days; meanwhile, vendors take advantage of this confusion, trying to inflate their bottom line by selling archiving products that aren't needed. It's essentially a scare tactic. For instance, there's this crazy idea going around that all social media used by reps must be archived such as Twitter posts, Facebook and LinkedIn pages; essentially it's believed that every website a rep decides to put their smiley face on should be backed up. It's not the case. You can simply avoid this quagmire by creating an IT communication policy that clearly outlines what compliance is allowing people to communicate with, then just say it's only going to be email – and Bob's your uncle.
More on EntSun News
- RECYCLEXPERT FZE Strengthens Leadership in Data Destruction UAE and GCC with Certified Secure ITAD Services
- Steal the Scene in a Timeless Ride: USA Movie Cars Debuts ClassicCarForRent.com
- Clean Comedy Kings Comes To Brea Improv Sunday May 17
- Assymetrix Launches the Deepest Independent Prediction Market Data API
- CCHR: 'Plant-Based' Psychedelics Push Masks Synthetic Drugs and Billion-Dollar Profits
Finally, when small FINRA firms are trying to keep data compliance costs as low as possible to avoid those nasty fines, there must be seamless checks in place to make sure no gaps appear as the firm grows. For example, when a new employee is added, any files that they create will automatically be captured in the 17a-4 archive, this applies to their email as well. Incidentally, the best way to accomplish this is using the cloud because archiving software can automatically detect new sites, folders, or email accounts within cloud services: another great reason to move your office to the cloud since this option isn't available with in-house email or file storage systems.
About AdvisorVault:
AdvisorVault is the only designated third party focusing on solving the data archiving demands of SEC rule 17a-4. Our service is designed specifically for small firms that need one vendor to help them satisfy today's demands surrounding data archiving and supervision. We have created a centralized archiving option that captures data and emails no matter where they are stored - in-house or in the cloud: total peace of mind - out of the box.
AdvisorVault Contact:
Allan Lonz, President
alonz@advisorvault.org
www.advisorvault.org
Direct: 416-985-0310
Toll-free: 1-866-732-1407 ex 1
Source: AdvisorVault
0 Comments
Latest on EntSun News
- Viasat, Galaxy 1 Communications and L2 Aviation to bring avionics integration to Advanced Air Mobility
- Fulton County DA Fani Willis Officially Endorses Dr. Heavenly Kimes + Black Economic Agenda
- Bellwether Farm Presents Kerry Hill Lamb to His Majesty King Charles III During Historic U.S. State Visit
- Woodward Sports Co-Founder Joey Namou Acquires Majority Stake, Named CEO
- New Study Finds Americans Judge Vacations on Value, Not Price — Signaling a Permanent Shift in How Travel Gets Booked
- Pomona Organic Launches New Website, Surpasses 10 Million Bottles Sold, and Opens Affiliate Program to Creators
- Lila Nikole Presents the Amazonia Fashion Show and Immersive Experience During Miami Swim Week 2026
- Postmortem Pathology Opens Sacramento Office Offering Private Autopsies for Families and Healthcare Investigations
- Postmortem Pathology, a leading provider of private autopsies, has announced its expansion into the Las Vegas market
- Best IPTV Subscription 2026: SmartSGI Leads as #1 IPTV Provider in USA with 34,000+ Channels & 4K Streaming
- Kick'em Out Quick® Evictions Announces a New Endorsed Eviction Attorney in Atlanta / Fulton County, GA
- HISTORY IN THE MAKING: PerfectvilleUSA Redefines Reality Television: G-StatusATL Evolution S3
- The Beanie Factory™ Officially Registered as a U.S. Trademark by the USPTO
- Why Athletic Recovery Begins in the Nervous System
- A Hidden Magical World Awaits in Ashley Gayheart's Upcoming Young Adult Fantasy, Rosewood Academy: The Awakening
- Scott Ritsema of Bisnar Chase Selected for 2026 National Traumatic Brain Injury Association
- Flint Youth Film Festival Shifts Gears, Becomes Vehicle City Film Festival
- 62% of Gen X have no estate planning documents — Trust & Will research identifies "the Sandwich Gap"
- Nayarit's Jungle Coast Redefines Luxury Travel on Mexico's Pacific Now More Accessible Than Ever
- RUNWAY® Magazine Launches Official Merchandise Collection Amid Devil Wears Prada 2 release