Regulatory Compliance – 10 Tips for Choosing a Designated Third Party for Data Archiving

Prepare for Disasters with a Serious Business Continuity Plan
June 25, 2013
Show all

Regulatory Compliance – 10 Tips for Choosing a Designated Third Party for Data Archiving

Compliance with rules and regulations, like the SEC Rule 17a-4, means businesses have mission critical record keeping obligations requiring the use of a designated third party (D3P). SEC Rule 17a-4, commonly referred as the Exchange Act, outlines requirements for data retention, indexing, and accessibilitfor companies dealing in the trade or brokering of financial securities such as stocks, bonds, and futures. Realizing an impartial third party is often better positioned to provide proper record keeping and reporting capabilities, regulators created the requirement to ensure data will be accessible to auditors and stored in an unalterable format.

Securities and Exchange Commission – SEC Rule 17a-4

In summary under rule 17a-4, the Securities and Exchange Commission (SEC) requires that, “electronic records are preserved exclusively in a non-rewritable and non-erasable format. This interpretation clarifies that broker-dealers may employ a storage system that prevents alteration or erasure of the records for their required retention period.”

Finding a trusted data management provider that specializes in rule 17a-4 archiving can be a daunting task. To prepare you, here are 10 tips to consider when selecting a Designated Third Party provider.

  1. Security
    Using a D3P safeguards and protects your electronically stored information. Data should be preserved on WORM Optical, an unalterable format that satisfies SEC guidelines for archiving data and reviewing records. The D3P should have ironclad security, closely monitoring the network to ensure the data is always secure.
  2. Granular Search Capabilities
    Third parties who specialize in managing electronically stored information will build proper indexing schemes that assure data is readily available and easy to find.  The provider should be capable of ingesting all sorts of data from back office reports such as trade tickets and statements, as well as email and social media. We find having all of your data under one platform enhances productivity and retrieval time.
  3. Accessibility
    The third party provider should be able to provide permission-based hierarchies, ensuring the data is secure and only available to authorized users. User hierarchies help establish pre-defined rules used to identify the types of files users have access to and the time required to review the information.
  4. Knowledge Transfer
    Change within an organization is constant. Personnel retire or leave, often taking their knowledge and expertise with them. Using a D3P ensures that no matter who comes or goes, your business will always be able to access critical records. Choose a provider with expertise in legacy file formats, as older formats often lose support over time.
  5. Controls
    Third parties maintain high quality standards and implement control plans to ensure data is preserved, complete, uncorrupted, accurate, secure and available. Make sure your D3P of choice undergoes yearly SSAE16 SOC2 Type2 certification with an independent third party as a validation of their security controls.
  6. Reputation
    Check out the Designated Third Party’s reputation. You want to be sure your records will be safe and the provider is known for quickly responding to client needs. Ask to speak to some of their clients to hear about their experiences and check out some review sites. Inquire about additional charges for support. The monthly fee may be minimal but find out if there are additional fees for migration, regulatory filings, audit, and eDiscovery support.
  7. Business Continuity
    A D3P will protect your data in the event of an emergency and shield your business from the ramifications of a loss of accessibility due to external incidents. Even if, your network is down, your data should remain accessible and secure A reputable D3P will geographically disperse their data centers, keep redundant data sets, and will be prepared for disaster.
  8. Scalability
    Technology is constantly evolving, and so is the need for archiving data.  For example, right now you may only need to archive email but tomorrow you may also need to archive files. Make sure the provider is scalable and capable of ingesting all forms of Electronically Stored Information (ESI); otherwise you could be going through this process again or end up needing multiple providers to store your information.
  9. Expertise
    Make sure the service comes with a dedicated Account Manager and support is not outsourced. When regulators are requesting information, you want a lifeline that knows your business, knows data, and knows how to get you what you need when you need it.
  10. Customization
    Businesses are unique and an out of the box solution often requires businesses to adapt to the solution. Find a provider that customizes solutions to adapt to your needs.

Choose Patrina as Your Designated Third Party

These tips are a good starting point to find a Designated Third Party who will best suit your needs. Patrina has 20 years of experience providing data management solutions to meet 17a-4 requirements. Our unparalleled expertise as a D3P, make us a perfect choice for all industries needing to satisfy compliance rules and regulations. We process over a billion records monthly and manage more than 100 TB of client data. The Patrina platform consolidates data across systems and data types to provide a streamlined, efficient, and compliant archiving solution.

Does your business lack the resources needed to manage data and require a Designated Third Party to meet regulatory guidelines? Reach out to us today for a free consultation and learn more about what the Patrina platform can do for your business.