SEC 17A-4 and NASD 3010
The Securities Exchange Commission (SEC) originally enacted the Securities Exchange Act in 1934, as a means of protecting investors from fraudulent or misleading claims by securities dealers. The Act required member firms to create and maintain transaction records which could be reviewed and audited. In 1997, rule 17a-4 of the Act was amended to provide procedures for storage of electronic records, including emails.
This rule has since been interpreted to include instant messages as well. NASD (National Association of Securities Dealers) applies similar rules to its member firms through NASD 3010. The provisions of SEC 17a-4 and NASD 3010 apply to all individuals and organizations involved in trading securities. This includes securities firms, stock brokerage firms, banks and any financial institutions that fall under SEC or NASD jurisdiction. They require securities dealers to implement specific, enforceable retention procedures, which include the following:
• Archived messages must be stored in duplicate. One copy must be stored in an online archive, and a second copy must be stored offline on permanent, tamperproof media, such as Write-Once-Read-Many (WORM) technology.
• Storage media must be verified automatically for quality and accuracy.
• Archived messages must be date/time-stamped and serialized. Each message must be assigned a unique, sequential identification number as a safeguard against deletion.
• A searchable index of all stored data must be maintained. Indexes must be retained on each unit of storage media for the messages and attachments stored on that unit.
• Messages and indexes must be easily retrievable and downloadable to other media as required by SEC regulators.
SEC Investment Advisers Act of 1940
The U.S. Securities and Exchange Commission (SEC) has recently imposed new regulations on private investment pools, also known as hedge funds. The U.S. Securities and Exchange Commission, in a three-to-two vote on Oct. 26, 2005 decided to require hedge fund managers with assets in excess of $25 million to register under the Investment Advisors Act of 1940. The regulation went into effect on Feb. 1, 2006.The ruling requires that most hedge fund advisers register with the SEC under the Investment Advisers Act of 1940, which includes provisions for securing, managing and archiving all
electronic communication, including email and instant messages.
• Archived messages must be stored in duplicate. One copy must be stored in an online archive, and a second copy must be stored offline on permanent, tamper-proof media, such as Write-Once-Read-Many (WORM) technology.
• Storage media must be verified automatically for quality and accuracy.
• Archived messages must be date/time-stamped and serialized. Each message must be assigned a unique, sequential identification number as a safeguard against deletion.
• A searchable index of all stored data must be maintained. Indexes must be retained on each unit of storage media for the messages and attachments stored on that unit.
Messages and indexes must be easily retrievable and downloadable to other media as required by SEC regulators.
Sarbanes-Oxley (SOX)
The Sarbanes-Oxley Act of 2002 was enacted in the wake of several major corporate and accounting scandals. Its provisions affect email retention, integrity and oversight. Sarbanes-Oxley applies to all publicly traded companies and the CPA’s and attorneys associated with these companies.
• Section 802 presents a possible fine of up to $1,000,000 dollars or a prison sentence of up to 20 years for any person who destroys, alters, mutilates or conceals any electronic document in an official investigation.
• Sarbanes-Oxley specifies minimum retention periods for all accounting records, work papers, communications, file attachments, and documents whether transmitted via email, instant messaging or other message modes.
• Section 302 requires CFO’s and CEO’s to personally certify and be accountable for their firms record retention policies and financial reports.
• Section 404 requires auditors to certify the underlying controls and processes that are used to compile the financial results of a company. Email is a critical component in being able to achieve this certification.
• Section 103(a) and 801(a) require companies to maintain all documents including electronic documents that form the basis of an audit or review for seven years.
Tags: DASD 3010, Sarbanes Oxley, SEC 17A-4, SEC Invesment Advisers Act 1940, SOX