On October 12, 2022, the U.S. Securities and Exchange Commission (SEC) adopted long-awaited amendments to the electronic recordkeeping requirements for broker-dealers that will, among other things, allow for electronic records to be retained using audit-trail methodology as an alternative to a “non-rewriteable, non-erasable format” (aka “write once, read many,” or WORM) required under the current rule.1 The amendments are designed to “modernize recordkeeping requirements given technological changes” and allow for adaptability to “new technologies in electronic recordkeeping.”2
Rule 17a-4 under the Securities Exchange Act of 1934 (Exchange Act) sets forth the electronic recordkeeping and prompt production of records requirements for broker-dealers. Under the current rule, which was adopted 25 years ago, broker-dealers must preserve electronic records exclusively in a WORM format.
The amendments add an audit-trail alterative to WORM storage whereby electronic records may be preserved in a manner that permits the re-creation of an original record if the original record is altered, overwritten, or erased. To meet the audit-trail requirements, the electronic recordkeeping system will be required to maintain and preserve the records for the duration of their applicable retention periods in a manner that maintains a complete time-stamped audit trail that includes
1. all modifications to and deletions of a record or any part thereof
2. the date and time of operator entries and actions that create, modify, or delete the record
3. if applicable, the identity of the individual(s) creating, modifying, or deleting the record
4. any other information needed to maintain an audit trail of each distinct record in a way that maintains security, signatures, and data to ensure the authenticity and reliability of the record and will permit re-creation of the original record
In adopting the amendments, the SEC concluded that an audit-trail requirement, like the existing WORM requirement, is likely to ensure records’ authenticity and reliability by setting forth a specific and testable outcome that the electronic recordkeeping system must achieve while still allowing greater flexibility for firms to use their existing business-purpose recordkeeping systems. In a statement, SEC Chair Gary Gensler added that the new requirements may also reduce some firms’ compliance costs.3
The SEC adopted certain other changes to Rule 17a-4, including the following:
1. eliminating the requirement that a broker-dealer notify its designated examining authority (DEA) before using an electronic recordkeeping system
2. allowing broker-dealers to designate an executive officer for the purpose of executing an undertaking that provides the SEC access, directly or indirectly, to its records subject to certain conditions4
3. allowing for alternative undertakings tailored to how certain third-party recordkeeping services (such as cloud-based providers) hold electronic records, subject to certain conditions including that the broker-dealer have access to the records without the intervention of the third-party provider
4. requiring records maintained by a firm to be provided to the SEC in a reasonably usable electronic format
5. permitting the examination of records at any time or from time to time during business hours by representatives or designees of the SEC; each broker-dealer’s DEA is a SEC designee under the adopted rules
Relatedly, the SEC also amended Rule 18a-6 under the Exchange Act, applicable to nonbank security-based swap dealers and major security-based swap participants that are not also registered as a broker-dealer (collectively, SBS Entities), to similarly require that their electronic recordkeeping systems preserve electronic records consistent with Rule 17a-4 as amended (i.e., in WORM or via the audit-trail alternative), among other things. Currently, Rule 18a-6 does not require a SBS Entity to use an electronic recordkeeping system that meets either the audit-trail or the WORM requirement.
The amendments will become effective 60 days after the date on which the adopting release is published in the Federal Register, which has not yet occurred. The SEC is also providing a six-month compliance transition period following the effective date for broker-dealers. In other words, broker-dealers will have until at least mid 2023 to comply with the amendments. The SEC is providing a longer 12-month compliance transition period following the effective date for nonbank SBS Entities because those entities may need to undertake more actions than broker-dealers to come into compliance.
1 “Electronic Recordkeeping Requirements for Broker-Dealers, Security-Based Swap Dealers, and Major Security-Based Swap Participants,” Release No. 34-96034 (Oct. 12, 2022), available at Electronic Recordkeeping Requirements for Broker-Dealers, Security-Based Swap Dealers, and Major Security-Based Swap Participants.
2 “SEC Adopts Rule Amendments to Modernize How Broker-Dealers Preserve Electronic Records and Enhance the Electronic Recordkeeping Requirements for Security-Based Swap Entities,” (Oct. 12, 2022), available at SEC Adopts Rule Amendments to Modernize How Broker-Dealers Preserve Electronic Records and Enhance the Electronic Recordkeeping Requirements for Security-Based Swap Entities.
3 Chair Gary Gensler, “Statement on Final Rule Amendments to Electronic Recordkeeping Requirements” (Oct. 12, 2022), available at Statement on Final Rule Amendments to Electronic Recordkeeping Requirements.
4 Currently, the rule generally requires a broker-dealer to engage a third party to provide such certification.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers.
Attorney Advertising—Sidley Austin LLP, One South Dearborn, Chicago, IL 60603. +1 312 853 7000. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships, as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP