Compliance Laws – SEC 17a-4
SEC 17a-4 (US Securities and Exchange Commission)
SEC 17a-4 and NASD 3010 were enacted to protect investors from fraudulent or misleading claims by securities dealers. SEC 17a-4 was amended in 1997 to provide procedures for the storage of electronic records. 17a-4 and NASD 3010 apply to all individuals and organizations involved in trading securities including securities firms, stock brokerage firms and banks. Firms that have violated these regulations have faced fines in excess of a million dollars. The regulations require security dealers to implement specific, enforceable retention procedures which include the following:
- Section 17a-4(f)(2) Archived messages must be time/date stamped and serialized. Each message must be assigned a unique, sequential identification number as a safeguard against tampering or deletion.
- While most of the NASD regulations are covered under 17a-4, Section 3010 requires that supervisors have the ability to review outgoing email for noncompliant language such as a word guarantee.
- A searchable index must be maintained with the archive and be available if requested by the regulators as spelled out in 17a-4(f)(3).
- SEC 17a-4 (f)(3) Archived messages must be stored in duplicate. One copy must be stored in an online archive and a second copy must be stored offline on permanent, tamperproof media.
Athena Archiver assists companies in complying with SEC 17a-4 regulations in the following ways:
- Verify the integrity of the archive: as email comes into the system we time stamp, serialize and create a unique signature for each message.
- Provides two copies of the archive in an network-connected storage device with another copy on a WORM (Write Once Read Many) device for unalterable compliant storage.
- Maintains a secure encrypted index along with the archive which can easily be provided to regulators if requested.
- Audit manager allows administrators to sample outgoing email, classified by keyword, user or department for quarantine and review.