What requirements are we trying to meet?
ShareFile’s Archiving for Financial Services features were purpose-built to comply with rules such as SEC 17a-4 covering how electronic records are stored. Once the Archiving for Financial Services feature is turned on for an account, here’s how we comply with Rule 17a-4:
• ShareFile retains all messages and files uploaded to and sent using the ShareFile SMTP (email) service for a minimum of 3 years
• The client’s Designated 3rd Party (D3P) can perform parameter-based searches on files in the account. They can also download messages sent or received using the ShareFile email service.
• The D3P can easily search for any link — active or expired — embedded within a third-party email message and find the file associated with the link.
Once Archiving for Financial Services is enabled for an account, no files will be erased for a minimum of 3 years. Since the Archiving for Financial Services feature is an account-level setting, all users on that account will then fall under the Archiving for Financial Services retention policy. Even if a user uploads files that are not covered by regulations such as SEC 17a-4, ShareFile will still archive them for a minimum of 3 years.
Preventing changes to files
The Archiving for Financial Services feature is designed so there is no way a client or D3P can make changes to the files once they are uploaded to ShareFile. ShareFile categorically prevents the client or D3P from overwriting or deleting a message or changing a file.
ShareFile not only mitigates the risk that a record will be overwritten or erased, but it also removes the ability to overwrite or erase a file (i.e. the trash can icon for the delete button is now the archiving icon). ShareFile enforces file integrity, checking to verify and validate that there is no discrepancy between the uploaded file and the stored file.
ShareFile also retains all file versions. ShareFile’s Archiving for Financial Services features enforces versioning of fields and sequencing of email messages for all accounts in primary and backup storage. This means every file update or version change is retained for the requisite 3 year period from the date of the file modification. This information (expiration date and time of file upload) is reflected in the account logs.
Working with D3Ps
ShareFile will work with a client’s D3P in the event of an audit or compliance action to get them the information they need. ShareFile’s Archiving for Financial Services features help D3Ps quickly search through information with a user interface specifically designed to enable the viewing and downloading of files and their underlying file structure. Supported file formats include XLS, CSV, and PDF.
ShareFile gives a client’s D3P the ability to provide the SEC copies of all sent messages, indexes, and activity/ file access reports generated using the ShareFile email service. The D3P will also be able to provide the SEC all files and file indexes sorted by parameters such as date and time. The D3P will have access to a special D3P user interface within the client’s account, similar to that of the administrative user interface. Using this UI, the D3P can perform all of his or her associated tasks easily and on demand while enforcing appropriate access controls.
ShareFile provides a file index, including a list of active and archived folders and file names, including an alphabetical list of names, subjects, etc. The D3P can view and download the file structure, files, and index for each account in scope. The D3P can then provide the indexes to the SEC on demand and as required by law.
ShareFile backs up exact copies of each account’s index and stores each of them separately. The index can be run at any time, creating a snapshot of the account at that specified date and time. ShareFile preserves the index for 3 years on a rolling basis, and the index can be refreshed manually to reflect the most accurate data.
The D3P can view and download audit trails, such as accounts and file activity logs on demand. Audit trails capture who uploaded or modified a file and the associated date/time stamp. There may be circumstances (such as receipt of a subpoena) where a broker-dealer is required to maintain records beyond the retention periods specified in Rule 17a-4 or other applicable rules. ShareFile can prevent messages and files from expiring.
Even if a company goes out of business, ShareFile will retain all links and files associated with an Archivingenabled account. We will retain those records for a minimum of 3 years. Other regulations require that records be maintained for longer periods of time, and ShareFile will accommodate those needs.
Chain of Custody
ShareFile will only maintain and preserve the communication and associated files according to SEC Rule 17a-4(b)(4). Once the Archiving for Financial Services features are enabled in an account, ShareFile will notify the SEC in writing to let them know we are storing records on a client’s behalf if requested. This Electronic Storage Media Representation is not to be confused with the letter of undertaking referenced in 17a-4(f)(3)(vii).
If ShareFile is required by law to hand over records to the SEC, we will comply promptly with that request. ShareFile will comply with the following provision: “With respect to any books and records maintained or preserved on behalf of [BD], the undersigned hereby undertakes to permit examination of such books and records at any time or from time to time during business hours by representatives or designees of the Securities and Exchange Commission, and to promptly furnish to said Commission or its designee true, correct, complete and current hard copy of any or all or any part of such books and records. Agreement with an outside entity shall not relieve such member, broker or dealer from the responsibility to prepare and maintain records as specified in this section or in Rule 17a-3.”