Designated Third Party (D3P) Compliance Provider
The Dodd-Frank Act has changed the financial regulatory landscape. Now financial institutions are challenged to comply with regulations that broker-dealers store required records in electronic form. Under these rules, electronic records must be preserved exclusively in a non-rewriteable and non-erasable format. The objective of these regulations is to increase transparency and to ultimately reduce systemic risk to capital markets. This increased focus on transparency has resulted in greater emphasis by regulators on recordkeeping requirements including those detailed in SEC Rule 17a-4 and CFTC Rule 1.31.
Rules and Regulations
Both SEC Rule 17a-4 and CFTC Rule 1.31 provide specific details around how electronic data is to be stored. These rules also require organizations to retain a designated third party who can independently access, download and deliver electronically stored records to regulatory authorities. Failure to satisfy these rules can lead to failed audits and subsequent penalties. For those financial institutions that prefer to manage their data in-house, as opposed to hosting their data with an outside company, it is necessary to engage a dependable, independent third party with technical IT knowledge and experience to carry out its duties under these requirements.
Securities Exchange Act of 1934 Rule 17a-4(f)(3)(vii)
For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party (“the undersigned”), who has access to and the ability to download information from the member’s, broker’s, or dealer’s electronic storage media to any acceptable medium under this section, shall file with the designated examining authority for the member, broker, or dealer the following undertakings with respect to such records.
CFR Title 17 Commodity and Securities Exchanges § 1.31(b)(4)
In addition to the foregoing conditions, any person who uses only electronic storage media to preserve some or all of its required records (“Electronic Recordkeeper”) shall, prior to the media’s use, enter into an arrangement with at least one third party technical consultant (“Technical Consultant”) who has the technical and financial capability to perform the undertakings described in this paragraph (b)(4). The arrangement shall provide that the Technical Consultant will have access to, and the ability to download, information from the Electronic Recordkeeper’s electronic storage media to any medium acceptable under this regulation.
NetX’s Designated Third Party (D3P) Compliance Service assists financial institutions in meeting the SEC and CFTC requirements. Our methodology involves assessing the eDiscovery infrastructure and analyzing the environment, so we can demonstrate an institution’s compliance with the SEC, FINRA, and/or CFTC, whether your data is located on storage on-site or in the cloud. The result of our solution is peace of mind and assurance that your company has satisfied your designated third-party requirement.
As part of our D3P Compliance Service, we work with your IT staff either onsite or remotely to:
• Develop a comprehensive environment plan detailing our access to your electronic records
• Test our procedures to demonstrate and confirm easy record retrieval
• File a Letter of Undertaking with the SEC, FINRA, CFTC and/or other regulatory bodies
• Update your environment plan and test download procedures annually
What does NetX offer for Designated Third Party (D3P) Compliance Provider?
- Fees are determined on a per-system basis.
- For more information, call 1-866-638-9462 | 609-298-9188
We also offer a hosted managed solution that meets ISO 27018.
Get Authorized Training