Popular on EntSun
- Female Motorsports Sponsorship & Expansion; Acquisition Agreement of UAE-Based Sports Incubator by Online Lottery & Sports Game Provider: Lottery.com - 243
- Experience Trembling Firsthand with the New AgeMan® Tremor Simulator - 222
- Edtech Startup Young Commanders Launches 'Visionaries Without Sight' Collection Celebrating Blind and Visually Impaired Historical Figures - 216
- IRF Builders Forum Brings Global Leaders to Washington, D.C. to Advance Religious Freedom Through Cooperative Engagement - 207
- BillBoards Inc. Hits the Road with God Bless America Tour and Reality Series Now Streaming on Tubi TV - 157
- Token-Operated Sake Service Opens at Tobu Nikko Station - 134
- Honoring Black History, Culture, and Community in Fall River - 131
- databahn Launches GenAI Sales Intelligence Platform to Revolutionize Fortune 500 and Global 2000 Account Research - 125
- Byrd Davis Alden & Henrichson Launches Independence Day Safe Ride Initiative with 500 Free Uber Credits - 117
- Agreement to Supply US-Based Defense Provider with Thin-Film Solar Tech for Orbital Application; Ascent Solar Technologies, Inc. (N A S D A Q: ASTI) - 111
Similar on EntSun
- Vinnetwork Unveils Decentralized AI Platform with Vinnetwork(VIN) Token to Challenge Tech Giants' Data Monopoly
- BIYA Forecasts 2025 Surge with ¥300M ($41.8 M USD) in Revenue and ¥25M Profit from Cloud Based HR Solutions: Baiya Intl. Group (N A S D A Q: BIYA)
- Robin Launches Legal Intelligence Platform to solve intelligence gap in Fortune 500 legal teams
- Bio-Inspired Technology-Dynamic and Adaptable for unknown real-world environments
- $12.8 Million Net Revenue for 2024 for Cloud-Based Crowdsourcing Recruitment and SaaS-Enabled HR Solutions Provider: Baiya International Group Inc
- Inked & Maxim Model Teisha Mechetti Turns Heads—And Builds Community Impact
- Hamvay-Lang and Lampone.hu Join Forces with AIMarketingugynokseg.hu to Elevate Hungarian Lifestyle Brands on the Global Stage
- Make Innovation Matter: Support H.R.1's R&D Expensing Relief for American Small Businesses
- databahn Launches GenAI Sales Intelligence Platform to Revolutionize Fortune 500 and Global 2000 Account Research
- The ITeam Ranked on Channel Partners 2025 MSP 501—Tech Industry's Most Prestigious List of Managed Service Providers Worldwide
Six Features a D3P Needs to Make the Cloud 17a-4 Compliant
EntSun News/10861357
FINRA now allows member firms to use the cloud but cloud providers will not act as your designated third party (D3P). So firms need to outsource to a D3P with six key features built into their software before moving to the cloud.
NEW YORK - EntSun -- FINRA now allows member firms to use the cloud to store electronic records and emails, however if you are a compliance officer and have done your homework, you have noticed that cloud providers will not act as your designated third party (D3P). Reason being, they can't guarantee data stored with them will be retained for 7 years. In other words, they can't prevent anyone from deleting anything from their cloud account at anytime – a big no-no for regulators. Especially when they show up for the electronic records request during the audit and see huge gaps in your data archive. Therefore, if you are a FINRA firm, such as a broker-dealer, RIA or any other registered firm and want to use the cloud you need to find a D3P that will connect into it and make it 17a-4 compliant.
Here are six things you should look for in a D3P to help you make the cloud 17a-4 compliant.
1. Direct Cloud Connector:
The first thing firms need in a cloud D3P provider is a connector built into their software that logs directly into all popular cloud services and archives data. Furthermore, this connector will copy data seamlessly to their system, automatically each night as opposed to using a sync tool to access the cloud. The sync tool is a problem because it adds an extra step to the cloud archiving process which may end up causing gaps.
Similarly, when choosing a cloud provider avoid the less popular ones such as ShareFile, SugarSync or iCloud because they are proprietary and don't allow direct connections with cloud archiving services. Instead use Office 365, Dropbox, Google Suite or OneDrive. However, for small firms I don't recommend SharePoint for file storage because its too complex. The best cloud storage combinations are Office 365 hosted email with OneDrive or the G Suite email including electronic records stored in google personal drives or team drives.
2. Automatic Detection of New Cloud Data:
Also, the D3P's software must automatically detect new cloud data sets as they are created. For example, as the firm adds new users in Office 365, SharePoint, or OneDrive sites, its automatically added to the 17a-4 archive. This applies to G Suite as well where user accounts are frequently added including their personal or team drives. If the D3P has automatic detection, they don't need to be notified every time new employees are added to the cloud.
More on EntSun News
3. Electronic Records Retention:
Once the provider has the cloud data transferred to their system, it must be retained properly as per 17a-4. Now, here is where it gets dicey because if you've actually read the rule, you'll find an overly complicated laundry list of retention stipulations. For example, the rule states that exception reports must be kept at least 18 months, order tickets 3 years, records relating to customer accounts (first two years in an easily accessible place); for 6 years or default 6-year retention period for those FINRA books and records that don't otherwise have a specified retention period.
My advice: Ignore the rule here and simply ensure the D3P applies a 7-year blanket retention rule to ALL data relating to the business. With this policy you're done separating different data types then trying to apply a unique retention policy to each set, which is impossible to maintain, especially for a small firm without an IT dept.
4. Downloading Data:
At the end of the day, the reason you hire a D3P at all is to access archived electronic records or emails when needed. Aside from disaster recovery, the main reason you need a D3P is during the electronic records request when FINRA asks for a sample data set that can go back seven years.
First, its important the D3P has a secure Web portal to access the 17a-4 data archive. What's key here is data must be downloadable in a format regulators can read, especially when they are breathing down your neck during the audit. Here are the guidelines: emails must be downloadable in pst format, office docs in their native format, and customer data bases should be exported in file formats that can be accessed such a csv or text. Finally, these electronic record downloads from the 17a-4 archive must be copied instantly to a DVD so the regulator can take it back to their office for review.
Secondly, the D3P must retain cloud data for users that have been removed and keep them in an archive state so they can be retrieved. This includes Office 365 mailboxes or G suite users that have been removed and OneDrive sites or Dropbox accounts that get deleted. Keeping electronic records from users that have been removed from the cloud will also help with compliance since old employee data is often requested during audits.
5. Security:
Of course, security is something firms need to worry about every time they make a change in their technology, and the compliance officer will surely get called in if data is compromised. But, security breaches rarely occur on the D3P's end. This is because they host their systems in secure data centers that are locked down, protected by firewalls, and monitored closely. Instead, most hackers launch their attacks from the end user's PC. What this means is compliance officers that are concerned with protecting electronic records to meet 17a-4 need to understand that hackers will try to exploit systems from inside the office. Therefore, the best defence against security threats is strong passwords, understanding how to limit administrator rights to cloud systems, locking or logging off computers that have access to the cloud and keeping virus programs up to date to prevent people from downloading malicious malware that will hack into cloud systems.
More on EntSun News
6. Pricing:
Finally, when choosing a D3P to archive your cloud data, its important their price structure is based on raw data, not per user license. You want to find one that uses raw data only pricing because it will be cheaper to archive cloud data backup sets since products like Dropbox, G Suite and Office 365 are based on individual user accounts that can increase exponentially as the firm grows but contain little data. Having pricing based on raw data amounts will average out the cost across all cloud users no matter how many you add, therefore the price will only increase as more data is added. Thus, giving your firm more flexibility to control data archiving costs as you grow.
Summary:
Since cloud providers are not 17a-4 compliant as a compliance officer for a FINRA firm you need to outsource to a designated third party (D3P) that can make the cloud compliant before you begin storing electronic records and emails there. There are six things you need to look for in a D3P that will ensure no gaps appear in the data archiving process, that electronic records can be accessed during an audit, and costs are kept low as possible.
About AdvisorVault:
AdvisorVault is the only D3P that has designed their software to help small FINRA firms archive cloud data to meet 17a-4 - focusing on solving this unique problem, our consolidated solution gives firms one vendor to help them satisfy today's demands surrounding data archiving and supervision. We have created a centralized archiving option that captures data and emails no matter where they are stored - in-house or in the cloud: total peace of mind - out of the box.
AdvisorVault Contact:
Allan Lonz, President
alonz@advisorvault.org
www.advisorvault.org
Direct: 416-985-0310
Toll-free: 1-866-732-1407 ex 1
Here are six things you should look for in a D3P to help you make the cloud 17a-4 compliant.
1. Direct Cloud Connector:
The first thing firms need in a cloud D3P provider is a connector built into their software that logs directly into all popular cloud services and archives data. Furthermore, this connector will copy data seamlessly to their system, automatically each night as opposed to using a sync tool to access the cloud. The sync tool is a problem because it adds an extra step to the cloud archiving process which may end up causing gaps.
Similarly, when choosing a cloud provider avoid the less popular ones such as ShareFile, SugarSync or iCloud because they are proprietary and don't allow direct connections with cloud archiving services. Instead use Office 365, Dropbox, Google Suite or OneDrive. However, for small firms I don't recommend SharePoint for file storage because its too complex. The best cloud storage combinations are Office 365 hosted email with OneDrive or the G Suite email including electronic records stored in google personal drives or team drives.
2. Automatic Detection of New Cloud Data:
Also, the D3P's software must automatically detect new cloud data sets as they are created. For example, as the firm adds new users in Office 365, SharePoint, or OneDrive sites, its automatically added to the 17a-4 archive. This applies to G Suite as well where user accounts are frequently added including their personal or team drives. If the D3P has automatic detection, they don't need to be notified every time new employees are added to the cloud.
More on EntSun News
- Josh and Heidi Follow Up the Much Anticipated and Successful Launch of the "Spreading the Good BUZZ" Podcast with a Personal Request
- The Battle for the Enchanted Forest Brings Fantasy, Fun, and Fundraising!
- Revolutionary Blockchain Platform Okh Finance Announces Okh Finance(OKKH) Token Launch to Transform Global Asset Leasing Market
- Cover Girl Finalist Teisha Mechetti Questions Legitimacy of Inked Originals Competition, Demands Transparency
- Easton & Easton, LLP Files Suit Against The Dwelling Place Anaheim & Vineyard USA Over Abuse Allegations
3. Electronic Records Retention:
Once the provider has the cloud data transferred to their system, it must be retained properly as per 17a-4. Now, here is where it gets dicey because if you've actually read the rule, you'll find an overly complicated laundry list of retention stipulations. For example, the rule states that exception reports must be kept at least 18 months, order tickets 3 years, records relating to customer accounts (first two years in an easily accessible place); for 6 years or default 6-year retention period for those FINRA books and records that don't otherwise have a specified retention period.
My advice: Ignore the rule here and simply ensure the D3P applies a 7-year blanket retention rule to ALL data relating to the business. With this policy you're done separating different data types then trying to apply a unique retention policy to each set, which is impossible to maintain, especially for a small firm without an IT dept.
4. Downloading Data:
At the end of the day, the reason you hire a D3P at all is to access archived electronic records or emails when needed. Aside from disaster recovery, the main reason you need a D3P is during the electronic records request when FINRA asks for a sample data set that can go back seven years.
First, its important the D3P has a secure Web portal to access the 17a-4 data archive. What's key here is data must be downloadable in a format regulators can read, especially when they are breathing down your neck during the audit. Here are the guidelines: emails must be downloadable in pst format, office docs in their native format, and customer data bases should be exported in file formats that can be accessed such a csv or text. Finally, these electronic record downloads from the 17a-4 archive must be copied instantly to a DVD so the regulator can take it back to their office for review.
Secondly, the D3P must retain cloud data for users that have been removed and keep them in an archive state so they can be retrieved. This includes Office 365 mailboxes or G suite users that have been removed and OneDrive sites or Dropbox accounts that get deleted. Keeping electronic records from users that have been removed from the cloud will also help with compliance since old employee data is often requested during audits.
5. Security:
Of course, security is something firms need to worry about every time they make a change in their technology, and the compliance officer will surely get called in if data is compromised. But, security breaches rarely occur on the D3P's end. This is because they host their systems in secure data centers that are locked down, protected by firewalls, and monitored closely. Instead, most hackers launch their attacks from the end user's PC. What this means is compliance officers that are concerned with protecting electronic records to meet 17a-4 need to understand that hackers will try to exploit systems from inside the office. Therefore, the best defence against security threats is strong passwords, understanding how to limit administrator rights to cloud systems, locking or logging off computers that have access to the cloud and keeping virus programs up to date to prevent people from downloading malicious malware that will hack into cloud systems.
More on EntSun News
- AI Visibility: The Key to Beating Google's AI Overviews and Regaining Traffic
- Stuck Doing Math or Figuring Out Life's Numbers? Calculator.now Makes It Stupidly Simple
- Colbert Packaging Announces WBENC Recognition
- DivX Empowers Media Enthusiasts with Free Expert Guides for Advanced MP4 Management
- Bay Street Yard to host "Love Island" finale watch party July 13
6. Pricing:
Finally, when choosing a D3P to archive your cloud data, its important their price structure is based on raw data, not per user license. You want to find one that uses raw data only pricing because it will be cheaper to archive cloud data backup sets since products like Dropbox, G Suite and Office 365 are based on individual user accounts that can increase exponentially as the firm grows but contain little data. Having pricing based on raw data amounts will average out the cost across all cloud users no matter how many you add, therefore the price will only increase as more data is added. Thus, giving your firm more flexibility to control data archiving costs as you grow.
Summary:
Since cloud providers are not 17a-4 compliant as a compliance officer for a FINRA firm you need to outsource to a designated third party (D3P) that can make the cloud compliant before you begin storing electronic records and emails there. There are six things you need to look for in a D3P that will ensure no gaps appear in the data archiving process, that electronic records can be accessed during an audit, and costs are kept low as possible.
About AdvisorVault:
AdvisorVault is the only D3P that has designed their software to help small FINRA firms archive cloud data to meet 17a-4 - focusing on solving this unique problem, our consolidated solution gives firms one vendor to help them satisfy today's demands surrounding data archiving and supervision. We have created a centralized archiving option that captures data and emails no matter where they are stored - in-house or in the cloud: total peace of mind - out of the box.
AdvisorVault Contact:
Allan Lonz, President
alonz@advisorvault.org
www.advisorvault.org
Direct: 416-985-0310
Toll-free: 1-866-732-1407 ex 1
Source: AdvisorVault
0 Comments
Latest on EntSun News
- Heritage at South Brunswick Offers Immediate Townhome Appointments and Special Mortgage Incentive Fast-Moving Sales
- American Made Ivey Abitz Bespoke Clothing Travels for Summer
- NASA Collaborative Agreement for Supply of Thin-Film Solar Tech for Orbital Application to Advance Development of Thin-Film PV Power Beaming: $ASTI
- Exciting New Era of Sports, Entertainment & Gaming Innovation Spotlighted by Rebrand of Expanding AI Driven, Online Fan Engagement Company: SEGG Media
- Service Ninjas Debuts First-of-Its-Kind "Membership" Platform for Home Service Pros
- Bruce In The USA Brings Immersive Bruce Springsteen Celebration to Frederick This October
- BIYA Forecasts 2025 Surge with ¥300M ($41.8 M USD) in Revenue and ¥25M Profit from Cloud Based HR Solutions: Baiya Intl. Group (N A S D A Q: BIYA)
- Paul E. Saperstein Co. Announces Geographic Expansion of Auction Services
- Florida Broker Bent Danholm Featured in the Daily Mail's U.S. Real Estate Coverage
- Robin Launches Legal Intelligence Platform to solve intelligence gap in Fortune 500 legal teams
- Melissa B. Releases Digitally Independent: Empowering Music Artists with AI and Brand Strategy
- Mental: Elderly Abuse a Documentary
- Consumer Accountability Alliance Issues Formal Notice Alleging Proximate Liability for Medical Harm
- Rising to New Heights in the Mile High City with Destination: Scientology, Denver
- The City's Largest and Most Elegant Dinner Party Returns on September 13, 2025
- Utah Metal Fabricator Titan Forge Builds Momentum with Custom Steel Projects and Spiral Staircases
- Jason Koch: Pioneering the Future of Real Estate Development in New Jersey
- Voting Opens Tonight for the 2025 Spin Awards Honoring Excellence in Christian Gospel Radio
- Introducing LK Blue: The Cool-Girl Denim Brand That's Redefining LA Style Launches E-Commerce
- Bach and Beyond: Cellists Return to the Beach for 2nd Annual Bethany Beach Cellofest