Search
Close this search box.

3 Waves of SEC17a-4 Compliance — Now an Easier Route

Wall Street
In an uncertain economy, financial businesses have enough to worry about just protecting their customers’ money from losses. They don’t need the added burden of both protecting their customers’ data from being compromised or lost while also maintaining compliance with SEC Rule 17a-4.
 
For years, brokers and dealers have had to comply with SEC Rule 17a-4 which, among other provisions, requires the retention of certain data in an immutable format. Any communications between brokers and their customers needed to be captured and retained so that any statements, claims or guarantees could be retrieved later in the event of a lawsuit or regulatory action.
 
While the regulation is not new, companies are finding that earlier technologies and procedures for storing data no longer meet evolving business needs. To begin with, the sheer volume of data being created continues to grow. Secondly, in addition to email, there are new channels of customer communication — Twitter, chat, FaceBook and others — which may be subject to this rule.
 
Initially brokers and dealers could send the data over to a Write Once Read Many (WORM) optical drive system for storage. Once the data was on the drives, it could not be altered or deleted. But as data storage needs have continued to grow, WORM drive technology has become obsolete. WORM drives depended on proprietary technologies and the solutions were simply not scalable to the levels now needed.
 
The next generation of solution was built with specialized “compliance” storage systems such as EMC Centera storage arrays. These used hard drives, which could be erased, but by using a combination of hardware and software features, the systems were able to create the effect of immutability using hard drives. This again worked well for a while, but became too costly as the data volumes escalated, resulting in the need for ever larger disk arrays.
 
Now there is a third generation of compliance solutions that address both increasing volumes of data as well as the evolving technologies. With the emergence of the cloud, brokers and dealers can migrate their compliance archives from complex, costly, proprietary solutions to a scalable, on-demand service.
 
Zetta’s SEC17a-4 Compliance service is built upon the normal Zetta cloud data protection solution, but with added features needed for compliance, including creating a 17a-4 storage volume that is immutable. For example on any volume designated for 17a-4 compliance, the ability to delete or change files after their initial storage is disabled. All the data is on an administrator-established retention schedule, seven years by default.
 
Zetta stores the data in its native file format. Many other cloud service providers change the file properties when they store customers’ data, and then reconvert it when providing the data to the customers. Zetta maintains the original file contents and format, not changing the data in any way.
 
When the data is ingested into the Zetta storage servers, a strong crypographic hash, or fingerprint, of the file is created and stored in parallel with the the original files being stored. This strong crypographic hash allows for independent verification that the file is identical to when it was initially stored, with no modification, either intentional or unintentional. These hashes are combined with enterprise grade, durable storage including Zetta’s RAIN-6 topology and strong crc’s which further ensure that your data is protected at a block and logical level.
 
The security and operation of the system is verified in two ways. First the controls at the Zetta data center undergo a SAS 70 Type II [to be SSAE-16] annual audit. In addition, the data retention service also receives a third-party SAS 70 Type II [to be SSAE-16] compliance audit every year.
 
Using Zetta for SEC17a-4 compliance provides companies with a scalable solution to meet growing and changing needs. As storage and communications technologies change, the underlying Zetta technology changes, without impacting the customers. Brokers and dealers do not need to worry about buying and maintaining their own archival storage system, they only pay for the exact amount of storage needed and Zetta takes care of the rest. When the files need to be accessed for analytics or e-discovery, the files do not need to be restored or moved to a new volume, they are easily accessible through a web interface directly in place at Zetta.
 
For more information, see the Zetta SEC17a-4 information center.

Wall Street
In an uncertain economy, financial businesses have enough to worry about just protecting their customers’ money from losses. They don’t need the added burden of both protecting their customers’ data from being compromised or lost while also maintaining compliance with SEC Rule 17a-4.
 
For years, brokers and dealers have had to comply with SEC Rule 17a-4 which, among other provisions, requires the retention of certain data in an immutable format. Any communications between brokers and their customers needed to be captured and retained so that any statements, claims or guarantees could be retrieved later in the event of a lawsuit or regulatory action.
 
While the regulation is not new, companies are finding that earlier technologies and procedures for storing data no longer meet evolving business needs. To begin with, the sheer volume of data being created continues to grow. Secondly, in addition to email, there are new channels of customer communication — Twitter, chat, FaceBook and others — which may be subject to this rule.
 
Initially brokers and dealers could send the data over to a Write Once Read Many (WORM) optical drive system for storage. Once the data was on the drives, it could not be altered or deleted. But as data storage needs have continued to grow, WORM drive technology has become obsolete. WORM drives depended on proprietary technologies and the solutions were simply not scalable to the levels now needed.
 
The next generation of solution was built with specialized “compliance” storage systems such as EMC Centera storage arrays. These used hard drives, which could be erased, but by using a combination of hardware and software features, the systems were able to create the effect of immutability using hard drives. This again worked well for a while, but became too costly as the data volumes escalated, resulting in the need for ever larger disk arrays.
 
Now there is a third generation of compliance solutions that address both increasing volumes of data as well as the evolving technologies. With the emergence of the cloud, brokers and dealers can migrate their compliance archives from complex, costly, proprietary solutions to a scalable, on-demand service.
 
Zetta’s SEC17a-4 Compliance service is built upon the normal Zetta cloud data protection solution, but with added features needed for compliance, including creating a 17a-4 storage volume that is immutable. For example on any volume designated for 17a-4 compliance, the ability to delete or change files after their initial storage is disabled. All the data is on an administrator-established retention schedule, seven years by default.
 
Zetta stores the data in its native file format. Many other cloud service providers change the file properties when they store customers’ data, and then reconvert it when providing the data to the customers. Zetta maintains the original file contents and format, not changing the data in any way.
 
When the data is ingested into the Zetta storage servers, a strong crypographic hash, or fingerprint, of the file is created and stored in parallel with the the original files being stored. This strong crypographic hash allows for independent verification that the file is identical to when it was initially stored, with no modification, either intentional or unintentional. These hashes are combined with enterprise grade, durable storage including Zetta’s RAIN-6 topology and strong crc’s which further ensure that your data is protected at a block and logical level.
 
The security and operation of the system is verified in two ways. First the controls at the Zetta data center undergo a SAS 70 Type II [to be SSAE-16] annual audit. In addition, the data retention service also receives a third-party SAS 70 Type II [to be SSAE-16] compliance audit every year.
 
Using Zetta for SEC17a-4 compliance provides companies with a scalable solution to meet growing and changing needs. As storage and communications technologies change, the underlying Zetta technology changes, without impacting the customers. Brokers and dealers do not need to worry about buying and maintaining their own archival storage system, they only pay for the exact amount of storage needed and Zetta takes care of the rest. When the files need to be accessed for analytics or e-discovery, the files do not need to be restored or moved to a new volume, they are easily accessible through a web interface directly in place at Zetta.
 
For more information, see the Zetta SEC17a-4 information center.

Share
Share

Click Here to Signup for the DCIG Newsletter!

Categories

DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.