Designated Third Party (D3P) Compliance Provider
The Dodd-Frank Act has changed the financial regulatory landscape. Now financial institutions are challenged to comply with regulations that broker-dealers store required records in electronic form. Under these rules, electronic records must be preserved exclusively in a non-rewriteable and non-erasable format. The objective of these regulations is to increase transparency and to ultimately reduce systemic risk to capital markets. This increased focus on transparency has resulted in greater emphasis by regulators on recordkeeping requirements including those detailed in SEC Rule 17a-4 and CFTC Rule 1.31.
Rules and Regulations
Both SEC Rule 17a-4 and CFTC Rule 1.31 provide specific details around how electronic data is to be stored. These rules also require organizations to retain a designated third party who can independently access, download and deliver electronically stored records to regulatory authorities. Failure to satisfy these rules can lead to failed audits and subsequent penalties. For those financial institutions that prefer to manage their data in-house, as opposed to hosting their data with an outside company, it is necessary to engage a dependable, independent third party with technical IT knowledge and experience to carry out its duties under these requirements.
Securities Exchange Act of 1934 Rule 17a-4(f)(3)(vii)
For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party (“the undersigned”), who has access to and the ability to download information from the member’s, broker’s, or dealer’s electronic storage media to any acceptable medium under this section, shall file with the designated examining authority for the member, broker, or dealer the following undertakings with respect to such records.
CFR Title 17 Commodity and Securities Exchanges § 1.31(b)(4)
In addition to the foregoing conditions, any person who uses only electronic storage media to preserve some or all of its required records (“Electronic Recordkeeper”) shall, prior to the media’s use, enter into an arrangement with at least one third party technical consultant (“Technical Consultant”) who has the technical and financial capability to perform the undertakings described in this paragraph (b)(4). The arrangement shall provide that the Technical Consultant will have access to, and the ability to download, information from the Electronic Recordkeeper’s electronic storage media to any medium acceptable under this regulation.
NetX’s Designated Third Party (D3P) Compliance Service assists financial institutions in meeting the SEC and CFTC requirements. Our methodology involves assessing the eDiscovery infrastructure and analyzing the environment, so we can demonstrate an institution’s compliance to the SEC, FINRA and/or CFTC. The result of our solution is peace of mind and assurance that your company has satisfied your designated third party requirement.
NetX offers a managed D3P service hosted on the Microsoft Azure platform that includes our Service, Storage and dedicated VPN connection for a low monthly fee.
We understand that some organizations are still wary about cloud computing; keeping data confidential is essential for any organization. That’s why have partnered with Microsoft who has made an industry-leading commitment to the protection and privacy of your data. Microsoft was the first cloud provider recognized by the European Union’s data protection authorities for their commitment to rigorous EU privacy laws. Microsoft was also the first major cloud provider to adopt the new international cloud privacy standard, ISO 27018.
Azure safeguards customer data in the cloud and provides support for companies that are bound by extensive regulations regarding the use, transmission, and storage of customer data.
As part of our D3P Compliance Service, we work with your IT staff either onsite or remotely to:
• Develop a comprehensive environment plan detailing our access to your electronic records
• Test our procedures to demonstrate and confirm easy record retrieval
• File a Letter of Undertaking with the SEC, FINRA, CFTC and/or other regulatory bodies
• Update your environment plan and test download procedures annually
Fees and Payment Schedule
Fees are determined on a per system basis.
For more information, call 1-866-638-9462