What is SEA Rule 17a-4? A summary
Electronic Metadata and Third Party Storage
In 2006, the U.S. Supreme Court's amendments to the
Federal Rules of Civil Procedure
created a category for electronic records that, for the first time, explicitly
named emails as likely records to be archived and produced when relevant.
This article is an opinion based on legal research into the labyrinth of
Electronic Metadata and Third Party Storage (TPS). SEA Rule 17a-4 requires for
Records to be preserved by exchange members, brokers and dealers for a minimum
of three years. This article will briefly discuss three of the components:
Electronic Structured Metadata; Archive Recommendations; and Misinformation.
Electronic Structured Metadata
In its simplest form, metadata is "Data about Data" sent through a media
platform such as: email, text, Snapchat, Twitter, etc.. The more "technical"
definition: Structured metadata describes the structure of the database and how
objects such as tables, columns, keys and indexes are formatted. Metadata is a
compilation of information in an identifiable format that is stored and managed
mainly by a TPS facility. When creating your format create identifiable columns,
this is a requirement of the SEC and will help in the event one segment needs to
be pulled. When sending electronic data, minimum fields to create for storage
would be: Recipients first and last name, email address, date and time sent, if
recipient responded, opt-out instructions, and the content.
When compiling Structured Metadata, how should brokers and dealers determine
what components they archive? One school of thought is save it all, another is
to save only the "important stuff", and, possibly the most sound, is to save
what is outlined in SEC Books and Records. Brokers and Dealers are required
to: Retain originals of communications sent and copies of communications
received. SEC requires electronic communications be warehoused with an approved
third party storage facility. TPS facilities must insure data will be stored in
a format that is unable to be over written, changed or erasable. The provider
must have the capability to time and date stamp records to when the original was
sent and when any communications were received. SEA Rule 17a-4(f ) requires the
TPS provider must have the ability to download and send records in a format and
medium in which the SEC outlines in Rule 17a-4(f ). Data storage is required
whether the electronic communication was received or sent through a broker or
dealer's email system or a third-party's platform or service bureau. The broker
and dealer when searching for a TPS facility must keep in mind that the facility
must be easily accessible to allow the SEC to pull needed records and read, copy
or download for further review. Ultimately the responsibility lies with the
broker or dealer as to the integrity and capabilities of the TPS provider they choose.
Misinformation: Has anyone ever said to you, "I googled it and this is what it
said…"? Be very cautious of the information you receive on SEC Rules and
Regulations from internet search engines. An SEC posting found online may already
be out-of-date. The SEC homepage is a great place to start,
with the most recent information (at the time of this article) in the
Final Rules section. Another great
source is FINRA. They have a dedicated section of the site
for Books and Records
that includes current rules, guidance, notices, and news releases.
All of these rules and regulations have serious consequences. In December 2016, FINRA
fined twelve firms
a total of $14.4 million for failing to protect records from alteration.
Admail archive services follow ISO 11179 standards and complies with all SEA
"Books & Records" requirements. Admail offers to our clients solutions for
compiling structured metadata and offers long term storage options.
As our client, if you elect to use a Third Party Archive system (other than
Admail) to store your sensitive email and structured metadata, we will require
the following acknowledgements from the archiver.
- Third Party Archiver (TPA) can accept and write to the archive file a copy of
the emails being deployed by Admail?
- TPA can accept numerous simultaneous SMTP connections without throttling?
- How many IP addresses can the TPA list for the client?
- TPA is archiving a copy of the individual email only and not forwarding the
email to the individual addressee?
- TPA accepts full responsibility for storing individual emails and their
structured metadata as expressed in SEA Rule 17a-4 " Book & Records"?