SEC Regulations: Document Retention Requirements

What is the SEC?

The United States Securities and Exchange Commission (SEC) has primary responsibility for enforcing federal securities laws, while regulating the securities industry and the stock market. The SEC was created by Section 4 of the Securities Exchange Act of 1934, commonly referred to as the 1934 Act. In addition to the 1934 Act that created it, the SEC enforces the Securities Act of 1933, the Trust Indenture Act of 1939, the Investment Company Act of 1940, the Investment Advisers Act of 1940, the Sarbanes-Oxley Act of 2002 and other statutes.

SEC Record Keeping Policies and Document Retention

The SEC 17A mandates were created by an amendment to the 1934 Act. These mandates cover overall record keeping for the financial services industry, including policies, procedures, customers, accounts, correspondence and transactions. They also cover mandates for maintenance, storage, monitoring and accessibility.

Rule 17a-3 covers document retention requirements— what documents must be retained and for how long. Rule 17a-4 regulates how these documents must be retained. In combination, Rules 17a-3 and 17a-4 require preservation of records in an easily accessible manner. With the advent of computer technology, including word processing software, spreadsheet and financial software and e-mail programs, as well as hardware devices and other media to store electronic information, the SEC updated these rules to include provisions for storage on electronic media. General electronic document retention requirements state:

  • There must be written and enforceable retention policies.
  • Data must be stored in a non-rewriteable and non-erasable manner, using either indelible, non-rewritable media or integrated hardware and software controls.
  • There must be a searchable index of stored data.
  • Data must be readily retrievable and viewable.
  • A backup of data must be stored off-site.

Simplify SEC Records Management with Laserfiche

Tackle compliance challenges with powerful records retention features, readily available audit reports and designated third party services—all backed by industry-leading AWS cloud security.

With the Write Once, Read Many (WORM) functionality and Designated 3rd Party (D3P) access, the new Laserfiche Vault module simplifies compliance with the stringent requirements of SEC Rule §17a-4. Extensive audit reporting features allow you to easily respond to legal concerns or external review.

Laserfiche Cloud ensures your business can keep running in any circumstances with easy remote access and automated backup and disaster recovery. Automated backups are encrypted and secure, while intrusion detection systems monitor for potential intrusions and unauthorized changes.

Built-in integrations with solutions like DocuSign, Salesforce, Tamarac, Dynamics and Redtail support paperless automation of processes like Account Opening, Money Movement, Blotter Processing, and many more. The nearly 100 included form and process templates allow you to accelerate your ROI by deploying your solution in days instead of weeks.

Get peace of mind through secure, compliant, and resilient document management and process automation, with Laserfiche Cloud. Support from the Top Laserfiche Cloud Provider included!

Download our whitepaper “How Digital Document Management Solutions Support Compliance” for an overview of SEC and FINRA regulations and more details on how digital Document Management can help your organization meet compliance obligations.

Free Whitepaper Download