I won't call it a reversal

...but it seems like one.

Oh, I'm talking about electronic storage rules again. When I die, will someone please make sure my tombstone says something about my dedication to this cause? ...says something...not necessarily flattering.

Okay, so in the last two days I've run into situations where it appeared that 3rd party electronic storage vendors would not provide the representation letters generally expected under 17a-4(f)(2)(i)--you know the letter--the one that says the media will do the things listed under (f)(2)(ii), as follows:

(A) Preserve the records exclusively in a non-rewriteable, non-erasable format;

(B) Verify automatically the quality and accuracy of the storage media recording process;

(C) Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; and

(D) Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.

Since way back, when this subject was just a shadow across compliance officers' desks, the expectation--and instructions from then-NASD, I might add--was that, if the firm used a 3rd party vendor to store its electronic records, it was the 3rd party vendor who was required to make those representations in writing, on their letterhead, to the regulators. The firm would engage the vendor to store information (such as e-mails), would request the letter, would get the letter, and would mail it to Susan DeMando's office. Later, firms had to submit it to FINRA online.

Firms storing their own records electronically would make the representations themselves, in writing to FINRA.

What I just learned from a helpful and trusted FINRA staff member is this: the format representations letter does NOT have to come from the 3rd party vendor. Quoting (f)(2)(i) of the Rule: "...the member, broker, or dealer must provide its own representation or one from the storage medium vendor or other third party with appropriate expertise that the selected storage media meets the conditions set forth in this paragraph (f)(2)." The staff member said that the BD would make the representations 'unless they don't have the knowledge' to make them.

My opinion is this: most firms are hiring out because they don't have that knowledge or anything close to it. But hey, I've been wrong--or at least misled--before.

Most 3rd party vendors, in my experience, give those letters to their clients for delivery to FINRA. I would expect it if I were you. If the vendor wants to charge you for the letter, save your money and write the letter yourself.

Here's the thing , though: make sure you, the BD, get solid, written clarity from your 3rd party vendor before writing and submitting your letter to FINRA. You have to be sure the media meets the criteria. You're hiring the vendor because you can't or don't want to store the records yourself... you'll need to rest assured that the records meet the regulator's expectations, right? Otherwise, why pay their prices??

Oh, and remember: you always have to submit an 'access letter' to FINRA-complying with 17a-4(f)(3)(vii)--and that letter has to come from an independent third party (any old third party will do--as long as they know what they're talking about and they're not an affiliate or relative). Your third party storage vendor will write that letter for you--if they don't, fire them.

Thanks to Davis for his inspiration... he knows that nothing gets me going like ESM.

>

Little more input on audit function under electronic r/k rule

Quick--I promise--update on the 'audit function' under 17a-4(f)(3)(v). This week a FINRA examiner provided verbal guidance in response to a firm's written request for such. The guidance was not specific; it was based only common sense, not formal guidance from SEC or FINRA higher-ups. It consisted of recommending a periodic review of stored records to confirm that they are intact.

Okay then.

Obviously more on this subject is necessary for firms to fully understand their responsibilities.

AND...I came across another outside vendor for e-mail archiving: Global Relay Communications. I haven't gotten permission to link to them--please google them and check out their broker-dealer services. They seem quite thorough in their comprehension of FINRA members' regulatory burdens. Their materials plainly address all requirements and describe how their systems meet them... nice to see. Here's an excerpt from their presentation on the audit function (okay, I didn't get permission to copy this--but I'm hopeful the G.R. folks will appreciate the plug):

"All messages stored in the Message Archiver are forwarded directly from the Member firm’s email server, with no User intervention. During the lifecycle of a message, all actions (viewing, replying, forwarding, downloading, flagging, notation, review) by any User, Reviewer, Super Reviewer, Administrator or the system itself associated with the message are logged. The Message Archiver’s detailed logs provide a full audit trail verifying the integrity of the message. These logs automatically appended to the messages and are viewable and made available to authorized administrative Users.

As detailed directly above, Message Archiver immediately provides a full audit trail accessible to any authorized administrative User. A side benefit of the system, is that a firm also builds an audit trail for the auditors actions in the archive during an online audit.

Global Relay’s Message Archiver employs retention schedules for all audit results. Audit results are retained for the lifecycle of the message. The SEC three and six year retention requirement for records set out in paragraph (a) and (b) of this Rule 17a-4 can be applied to the audits within Message Archiver."

Happy Summer!