WHITE PAPER PAPERWISE DOCUMENT MANAGEMENT COMPLIANCE WITH SEC 17A-4

Transcription

1 WHITE PAPER PAPERWISE DOCUMENT MANAGEMENT COMPLIANCE WITH SEC 17A-4 Prepared By Chris Jones Documentation and Content Prepared On March 20, 2013

2 TABLE OF CONTENTS Introduction 3 Target Audience 3 Legal Disclaimer 3 Overview 3 SEC Rule 17a-4 4 Compliance Issue 1: acceptable media 4 Compliance Issue 2: quality verification 4 Compliance Issue 3: record duplication and time-dating 4 Compliance Issue 4: downloadable indexes and records 5 Compliance Issue 5: easily readable images 5 Compliance Issue 6: facsimile enlargement 5 Compliance Issue 7: separate storage of duplicate images 5 Compliance Issue 8: organizing and indexing of records 6 Compliance Issue 9: audit system 6 Compliance Issue 10: documentation 7 Compliance Issue 11: third-party access filing 7 Conclusion 8 Page 2

3 INTRODUCTION Target Audience This white paper is designed to provide information to professionals in financial service organizations who are required to implement processes and solutions that comply with the rules and regulations of the Securities and Exchanges Commission (SEC). Specifically, this document addresses and document retention regulations of SEC Rule 17a-4. Legal Disclaimer It is the responsibility of each PaperWise customer to ensure his or her compliance with legal regulations. It is the customer s sole responsibility to obtain legal counsel regarding any legal requirements, how they impact the customer s organization, and what actions the customer should perform in order to be compliant with those regulations. PaperWise does not provide legal advice nor does this document represent or warrant that its products or services will ensure that a customer is in compliance with all applicable laws and regulations. Overview As communication and documentation become increasingly electronic, there is an increasing need for the ability to preserve electronic information. Furthermore, document management solutions must be able to produce such documents and make them accessible in order to comply with government regulations. The remainder of this document addresses some of these regulations and how the PaperWise document management system has been designed to assist PaperWise customers in complying with those regulations. Page 3

4 SEC RULE 17A-4 The SEC rule that applies to record preservation is Rule 17a-4, Records to Be Preserved by Certain Exchange Members, Brokers and Dealers. This section of the white paper includes compliance issues found in Rule 17a-4 and the release SEC Interpretation: Electronic Storage of Broker-Dealer Records [Release No ] from Following each rule is the PaperWise feature or functionality designed to assist customers in meeting that specific SEC requirement. COMPLIANCE ISSUE 1: ACCEPTABLE MEDIA Rule 17a-4(f)(2)(ii ) A. The electronic storage media must: Preserve the records exclusively in a nonrewritable, non-erasable format; i The SEC interpretive release states: A broker-dealer would not violate the requirement in paragraph (f)(2)(ii)(a) of the rule if it used an electronic storage system that prevents the overwriting, erasing, or otherwise altering of a record during its required retention period through the use of integrated hardware and software control codes. i PaperWise solution All document images, s, files, etc. stored in PaperWise are unmodifiable. Any revisions made to a document are stored as a separate copy of the document. Every version of a document is stored and can be retrieved as needed. In addition, all of these files are stored in encrypted TCK files. This means that none of the documents, s, or other files can be accessed without going through the PaperWise system. This makes PaperWise a combination software-hardware write-once read-many (WORM) solution. COMPLIANCE ISSUE 2: QUALITY VERIFICATION Rule 17a-4(f)(2)(ii) B. Verify automatically the quality and accuracy of the storage media recording process; i PaperWise solution The PaperWise document management system uses cyclical redundancy checks (CRC s) to verify that the documents and images written to disk are accurate. CRC s are a commonly accepted method for validating the accuracy of information written to storage media. PaperWise stores index values inside of a SQL database, which uses its own form of data validation. COMPLIANCE ISSUE 3: RECORD DUPLICATION AND TIME-DATING Rule 17a-4(f)(2)(ii) C. Serialize the original and, if applicable, duplicate units of storage media, and timedate for the required period of retention the information placed on such electronic storage media; i Page 4

5 PaperWise solution The PaperWise document management system can employ multiple methods to meet this requirement. SQL Replication is often sufficient for maintaining copies of all of the information the system stores in the database. This includes index values associated with documents and images. For the replication of documents and images across systems, PaperWise typically employs a third-party software system that ensures this data is maintained across all systems. COMPLIANCE ISSUE 4: DOWNLOADABLE INDEXES AND RECORDS Rule 17a-4(f)(2)(ii) D. Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member. i PaperWise solution The PaperWise document management system provides secure access to data and query results. These results can be exported from PaperWise to several different media such as CD, paper, or magnetic media. COMPLIANCE ISSUE 5: EASILY READABLE IMAGES Rule 17a-4(f)(3). If a member, broker, or dealer uses micrographic media or electronic storage media, it shall: At all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images. i PaperWise solution The PaperWise document management system can retrieve documents immediately. These document images are readable via several different mechanisms, including web browser, client, printed hard copy, the native application for the file type, and optical or magnetic media. COMPLIANCE ISSUE 6: FACSIMILE ENLARGEMENT Rule 17a-4(f)(3)(ii) Be ready at all times to provide, and immediately provide, any facsimile enlargement which the Commission or its representatives may request. i PaperWise solution The PaperWise document management system can capture facsimiles as they are received. Like all documents within PaperWise, these can then be immediately retrieved, viewed, or even exported. The PaperWise document viewer allows for resizing of all document images. COMPLIANCE ISSUE 7: SEPARATE STORAGE OF DUPLICATE IMAGES Rule 17a-4(f)(3)(iii) Store separately from the original, a duplicate copy of the record stored on any medium acceptable under Rule 17a-4 for the time required. i Page 5

6 PaperWise solution The PaperWise document management system uses SQL databases to store all index information. Images are stored in compressed TCK volumes. There are multiple methods that meet this requirement, including tape backup of the database and TCK volumes, RAID technology, and backup to the PaperWise Data Center. COMPLIANCE ISSUE 8: ORGANIZING AND INDEXING OF RECORDS From Rule 17a-4(f)(3)(iv) Organize and index accurately all information maintained on both original and any duplicate storage media. At all times, a member, broker, or dealer must be able to have such indexes available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member. Each index must be duplicated and the duplicate copies must be stored separately from the original copy of each index. Original and duplicate indexes must be preserved for the time required for the indexed records. i PaperWise solution The PaperWise document management system uses SQL databases to store all index information. Simple database replication, or even tape backup, will create a separate collection of document indices. Similarly, a simple backup of the media where the PaperWise TCK files are stored will allow for duplicate copies of the documents and images to be kept. However, for security purposes, these cannot be accessed outside of the PaperWise document management system. COMPLIANCE ISSUE 9: AUDIT SYSTEM Rule 17a-4(f)(3)(v) The member, broker, or dealer must have in place an audit system providing for accountability regarding inputting of records required to be maintained ad preserved pursuant to Rule 17a-3 and Rule 17a-4 to electronic storage media and inputting of any changes made to every original and duplicate record maintained and preserved thereby. A. At all times, a member, broker, or dealer must be able to have the results of such audit system available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member. B. The audit results must be preserved for the time required for the audited records i PaperWise solution The PaperWise document management system fulfills this requirement through the following functionality: Page 6

7 All records stored in PaperWise are stamped with internal index fields that show the date and time when the document was entered into PaperWise, and the user who inserted the document. PaperWise contains an internal audit system that can track every event that involves a document. This includes, but is not limited to: o Each user who views a document o Each user who revises an index value for a document o Each user that exports a document, whether by print, , or other electronic media Audit records in PaperWise can be stored for as long as required by the customer. COMPLIANCE ISSUE 10: DOCUMENTATION Rule 17a-4(f)(3)(vi) The member, broker, or dealer must maintain, keep current, and provide promptly upon request by the staffs of the Commission or the self-regulatory organizations of which the members, broker, or broker-dealer is a member all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes. i PaperWise solution The most common way to achieve this is to create a login for any auditors and give them direct access to PaperWise. However, if such a situation is not expedient then PaperWise can export all appropriate records and indices. COMPLIANCE ISSUE 11: THIRD-PARTY ACCESS FILING Rule 17a-4(f)(3)(vii) For every member, broker, or dealer exclusively using electronic storage media for some or all of its record preservation under this section, at least one third party ( the undersigned ), who has access to and the ability to download information from the member s, broker s, or dealer s electronic storage media to any acceptable medium under this section, shall file with the designated examining authority for the member, broker, or dealer the following undertakings with respect to such records:* i *The information that followed was omitted because it pertains specifically to the responsibilities of the third parties. PaperWise solution The PaperWise document management system can provide this functionality either by exporting data to a third party, or by providing a login to the third party, giving them access to the records that they need. Page 7

8 CONCLUSION With the PaperWise document management system, capturing and retrieving documents is simple. All data is secured and tracked for audit purposes. Users can be given access to only the documents they need, and users can be further restricted to only certain functionality. As one of the most customizable systems on the market, PaperWise can be adapted to the needs of each unique customer. i Excerpt from the Securities and Exchange Commission Interpretation, 17 CFR Part 241 [Release No ], Electronic Storage of Broker-Dealer Records. Page 8