Obtaining a Letter of Undertaking for SEC Rule 17a-4
What is SEC Rule 17a-4 and how does it concern data stored on DataCove?
Securities and Exchange Commission Rule 17a-4 (commonly known as SEC 17a-4) is part of a sizable series of requirements that Regulated Entities (such as securities brokers-dealers) must comply with for records that are stored on electronic storage media. In brief, this rule has various requirements regarding the means of recordkeeping that will be used, including factors like retention durations, audit trails, lossless reproduction of data and means of non-modifiable storage.
Tangent fits into the SEC 17a-4 Rule when a Federal Industry Regulatory Authority (FINRA) regulated organization also hosts their email archives on Tangent’s DataCove Hosted platform, wherein Tangent provides full hosting of the solution for the client organization. In this scenario, SEC 17a-4 requires that “Cloud Service Providers,” such as Tangent, file a Letter of Undertaking for Designated Third Party (the client organization) that the client organization’s data is held on servers and storage devices that are outside of the client organization’s ownership, but that the client organization possesses independent access to the data contained therein.
In the event of legal inquest or subpoena, Tangent is likewise responsible for providing access to appointed third party organizations and may be responsible for directly extracting data for provisioning to the SEC or FINRA if the client organization does not comply with the SEC or FINRA request for data.
A Letter of Undertaking is only necessary for organizations that fit this fairly tight set of boundaries and also utilize the Hosted version of DataCove; local virtual machine or local physical appliance versions are not subject to it. In these situations, Tangent will happily provide a Letter of Undertaking and Attestation upon request, with guidance on the information needed to begin listed further below.
Further reading from FINRA and the SEC can be found below, along with extremely handy charts and guides that make it easy to understand who has responsibility of the data and where that responsibility may get escalated. Note that as third party links, the owner of these websites may change the URL or content without any notice.
https://www.finra.org/rules-guidance/rulebooks/exchange-act-rule-17a-4-amendments-chart
https://www.govinfo.gov/content/pkg/FR-2022-11-03/pdf/2022-22670.pdf
https://www.finra.org/sites/default/files/2022-12/rule-17a-4-amendments.pdf
How to request a Letter of Undertaking from Tangent
When requesting a Letter of Undertaking from Tangent for the SEC, certain information is needed for both the official documentation to the SEC and for various data lookups. On company letterhead, the below information should be provided and then emailed in to DataCove Support at Support@DataCove.Net.
Name of the Regulated Entity
Address of the Regulated Entity
FINRA Central Registration Depository Number (FINRA CRD): ######
Security and Exchange Commission Identification Number (SEC ID): #-#####
Declaration that the Regulated Entity acknowledges that the records stored by Tangent are the property of the Regulated Entity and that the following Representations are being made:
1) The Organization is subject to the rules of the Securities and Exchange Commission governing the maintenance and preservation of certain records.
2) The Organization has independent access to the records maintained by Tangent.
3) The Organization consents to Tangent fulfilling the obligations set forth in the Letter of Undertaking.
The DataCove Support team will review and validate the client organization’s status as a Regulated Entity under FINRA and/or the SEC and if all is found to be valid and in accordance with their rules and regulations, a formal Letter of Undertaking will be signed by appropriate officers within Tangent and provided to the client requester for final relay to the SEC and/or FINRA.