The SEC has changed the rules again: In October of 2022, they amended Exchange Act Rule 17a-4, adding new record-keeping requirements. On the upside, broker-dealers no longer have to follow the “write once, read many” (WORM) format. The newer option is the new audit-trail means of electronic documentation.
The resulting broker-dealers’ investment compliance date is May 3, 2023—which leads to the question: Are you ready? Would you like to be, without enduring a bunch of chaos and tedium in the course of preparing?
This article answers these questions:
- What’s changed in the investment compliance rules?
- How much time can you spare to get ready?
- What if there is an easier way to prepare?
- Could an OCIO be the solution you need?
What’s Changed in the Investment Compliance Rules?
The United States Securities and Exchange Commission (SEC) released a final ruling late last fall. The update covers seven areas: retention format, download and transfer, verification, backups (redundant recordkeeping systems), facilities, senior management responsibility, and cloud service providers.
Changes to each include:
- Retention format. Broker-dealer firms still have the option of using the WORM approach to document their compliance. In fact, by some reports, FINRA has concluded that if you wanted to, you could opt for a hybrid approach, keeping records using WORM in some instances while opting to create an audit trail for others. To date, the SEC hasn’t addressed this specifically (and it might mean fewer headaches by sticking with one method), but it seems permissible.
- Download and transfer. Records in proprietary and native file formats must be ready for downloading and copying—audit trail included, where applicable—into both a usable electronic format and a human-readable one. Similarly, information necessary for locating the electronic record must be readily available for download and transfer.
- Verification. Nothing huge is different here. The accuracy of your recording process still has to be automatically verified. Where the legacy rule required verifying the “quality,” the new version specifies the “completeness,” instead.
- Backups. If your recordkeeping is electronic, it must…
- Meet Rule 17a-4(f)’s requirements, retaining a redundant set of records (should the primary system fail).
Or…
- Keep other contingencies for ensuring access to records with an equal level of redundancy to your primary recordkeeping.
- Facilities. At all times, your electronic/physical records still have to be readily producible. Where before, firms were tasked with providing information conducive to accessing any indexes/records stored, now you must be able to produce the actual records, themselves, immediately.
- Senior management responsibility. A member of your senior management can be selected to serve as your designated executive officer. This person then becomes responsible for producing records for regulators, should your firm fail to. While assigning this duty is an option, technically, it’s not essential. However, only a designated unaffiliated third party (D3P) is considered eligible for the role.
- Cloud service providers. Traditionally, any D3P preparing or maintaining broker-dealer regulatory records electronically or on paper has had to file a written-and-signed undertaking with the SEC. This agreement specifies, essentially, that the third party will cooperate fully with examination requests from the SEC and its staff.
The specifics run longer than we have space for here, but the new rules bring a degree of breathing room: Cloud service providers can now file what’s referred to as an “alternative” agreement recognized by the SEC. This allows them to meet their requirements as recordkeepers without giving the SEC access to a broker-dealer’s records or producing them if requested to.
Had Trouble Hiring a CIO? That Could Turn Out To Be a Great Thing for Your Firm
How Much Time Can You Spare To Get Ready?
Right now is the best time to assess your current investment-related compliance processes and documentation procedures to see where improvements can be made. You should also begin looking into any technology or software updates necessary for meeting the new requirements. This may include anything from document management systems to cyber security solutions.
Little, if any of this can be done overnight. So, unless you’re happy to add a solid weekend to your work hours or cut back on sleep, you’ll have to block out some time. You could consider subtracting from the hours you have allocated to nurture client relationships and encourage retention. However, when the economy’s already got people nervous, I can’t recommend doing that.
What if There Is an Easier Way To Prepare?
Hiring a professional who specializes in helping independent broker-dealers meet SEC requirements, instead, is a far better way to meet your investment-related compliance deadlines. A qualified outsourced chief investment officer (OCIO) will have an inside track on all of the necessary changes, even over the long term.
The OCIO model can become an invaluable resource, providing advice on what needs to be done for your firm to stay investment-compliant now and in the future. Additionally, they can help you identify any gaps in your existing processes and procedures in time to make the necessary adjustments well ahead of the May filing deadline.
With specialized expertise and experienced guidance, they can help ensure that all your documents are accurate and up-to-date, reducing paperwork, stress, and procedural headaches. Furthermore, they can evaluate key performance indicators (KPI) on a regular basis, helping maximize potential earnings as you approach future deadlines.
Could an OCIO Be the Solution You Need?
As far as I’m concerned, an outsourced CIO is a possible edge on competitors that you almost can’t afford to pass up. You could recoup work hours as well as prevent losing them to compliance tasks for investments. Offloading time-consuming documentation and methodology matters to a vetted professional has a way of doing that.
Better yet, there’s the price tag: You pay the OCIO’s salary—and that’s all. There are no executive bonuses to pay, no benefits to cover… you don’t even have to share room in the office fridge. This dedicated professional works the same business week you do (even meeting with clients, if you choose), but there are none of the costs associated with hiring a heavy hitter to work under your brick-and-mortar roof.
Cornerstone Portfolio Research is ready to be your OCIO providers. Contact us to learn more.