Achieving SEC regulation 17a 4 compliance
For financial industry firms affected by Rule 17a 4 of the Securities Exchange Act (SEA), achieving 17a 4 compliance requires sophisticated solutions for protecting, archiving and managing access to financial documents, including email.
Specifically, SEC 17a 4 compliance requires brokers, dealers and other regulated companies to retain originals and copies of all communications related to the business for up to six years. Communications may include written documents as well as email, instant messages, fax messages and other communications. Data may be stored electronically, but it must be preserved in a non-rewritable, non-erasable format, with duplicate copies stored in separate locations, and all data must be indexed and made available for examination by the SEC.
Because email has become the primary form of communication for most businesses, including financial firms, 17a 4 compliance necessarily requires solutions to retain, secure and control access to vast amounts of email data. For financial firms that want a simple and easy-to-use solution for achieving 17a 4 compliance, Mimecast provides a cloud-based, subscription service.
Mimecast solutions for 17a 4 compliance
Mimecast provides thousands of organizations around the world with SaaS-based solutions for email security, archiving and continuity. As a cloud-based service, Mimecast can be implemented quickly and cost-efficiently, with no hardware to purchase and no software to install. Easy-to-use tools accessible from a single web-based console help to streamline management of business email, while state-of-the-art defenses and powerful continuity solutions help to promote cyber resilience and security for email data.
To help financial organizations achieve 17a 4 compliance, Mimecast provides a powerful email retention and archiving solution in the Mimecast Cloud Archive. As a centralized repository of email, files and IM conversations, Mimecast Cloud Archive simplifies 17a 4 compliance by retaining three tamper-proof encrypted copies of every email, stored in separate, geographically dispersed data centers. Mimecast retains the original email along with detailed metadata and a copy of the email if it was changed through enforcement of company content control policy.
To simplify compliance inquiries and litigation readiness, Mimecast provides lightning fast search capabilities along with case management and eDiscovery tools that significantly reduce the administrative burden on IT teams tasked with managing legal and compliance requirements. And by giving administrators powerful yet easy-to-use tools for managing email retention, Mimecast helps to streamline 17a 4 compliance as well as compliance with a wide variety of other regulatory frameworks.
Benefits of managing 17a 4 compliance with Mimecast
When using Mimecast to manage 17a 4 compliance, you can:
- Dramatically reduce the time and cost of email retention and compliance-related tasks, as well as managing litigation hold in Office 365.
- Implement a 17a 4 compliance solution quickly and easily with Mimecast's SaaS-based solution.
- Improve email security and continuity with Mimecast's all-in-one solution.
In addition to 17a 4 compliance, Mimecast is a HIPAA compliant email technology.
Learn more about handling 17a 4 compliance with Mimecast, and about Mimecast solutions for government cyber security.
SEC 17a-4 FAQs
What is SEC rule 17a-4?
SEC rule 17a-4 puts guidelines in place for data management at companies brokering financial securities, including stocks, bonds, and futures. The rule states that companies must retain records of certain transactions and grant immediate access for six months, with delayed access for at least two years. Companies must also keep duplicate records at an off-site location for the same period.
What are the basic necessities for rule 17a-4?
The necessities for compliance with rule 17-a4 include:
- Working with a Designated Third Party consultant (D3P).
- Documented, enforceable retention policies.
- Data that are stored in a searchable index that's easily retrievable and viewable.
- Data that are stored on write once read many (WORM) electronic media.
- Data that are stored off-site.
Ultimately, broker-dealers should have systems in place to store digital content which is protected from tampering and loss.
What are the major consequences of SEC 17a-4 non-compliance?
Companies that fail to comply with SEC 17a-4 will face financial penalties that increase depending on the severity of the event. Companies should also be aware of non-financial penalties, which could include suspension of company operations or certain individuals.
