Designated Third Party(D3P)Compliance Service: Face Your Next FINRA Audit With Confidence

Topics: Technology Escrow

Download PDF

Business Challenge

The securities and exchange commission (SEC) requires broker-dealers to adhere to numerous regulations, including SEC Rule 17a-4(f)(3)(vii), which details stringent requirements on how electronic data is stored. Broker-dealers are required by this rule to retain a designated third party who can independently download electronically stored information for the SEC’s review.

This requirement enables independent access to this data for any reason, but most importantly it eliminates the disruptions that can be caused by personnel changes and obsolete technology. It also makes data available to be used as evidence in court should a broker-dealer face prosecution.

You know that your organization needs to be compliant and that you need to be prepared if you face an audit by FINRA, the Financial Industry Regulatory Authority. But what you may not know is how you can easily demonstrate compliance.

How This Affects You

  • You don’t want your company to be front-page news for the wrong reasons.
  • Your customers only want to work with brokerdealers they can trust.
  • You need to show compliance with SEC Rule 17a-4.
  • Increasingly, FINRA auditors are asking for proof that brokerdealers have established this important designated thirdparty relationship.
  • Have documented procedures for accessing data in your system, including the types of data that are subject to regulations?
  • Create a System Configuration Plan (SCP) for each system?
  • Have a qualified and experienced systems analyst review and validate your System Configuration Plan?
  • Enjoy the credibility of partnering with the only Fortune 1000 provider of designated third-party services?
  • Have the security of a partner with the longevity and stability you need to ensure that the designated third-party services are there when needed?

Industry fact:

SEC Rule 17a-4 states that broker-dealers must archive their data and routinely review the archiving process.

When you need designated thirdparty compliance, we’ll be there. Since 1993, Iron Mountain has been helping financial services firms achieve SEC compliance. We were the very first organization to develop a set of best practices and to file a designated third-party undertaking in accordance with SEC Rule 17a-4.

In the last five years, FINRA, the primary self-regulatory organization for broker-dealers, has focused on prioritizing designated third-party compliance. To help you meet this requirement, Iron Mountain offers its Designated Third Party (D3P) Compliance service.

Our comprehensive D3P service is available for all types of electronic records, including COLD (Computer Output to Laser Disk), back office, imaged, and transactional, as well as email and messaging communications. It offers compliance for an extraordinarily broad range of document management applications, including client-server to mainframe systems. Records can be stored in-house or offsite and on any type of WORM (Write Once, Read Many) media. Equally important, the Iron Mountain Designated Third Party Compliance service offers options so you can choose the best solution to fit your needs:

4 of the nation’s top 5 bank holding companies depend on the Iron Mountain Designated Third Party Compliance service

Online enables remote access by Iron Mountain to your archive systems for electronic records.

Onsite brings Iron Mountain’s compliance experts to your facility to retrieve records from archive electronic storage media (ESM).

Click to Download Full Solution Brief


Software Escrow Service Workflow
Software Escrow Service Workflow

Topics: Technology Escrow

Mission-critical technology is everywhere, and you depend on it every day. Failing to protect mission-critical technology puts your business at risk... you can’t afford not to safeguard your reliance on it.

Escrow Verification Services
Escrow Verification Services

Topics: Technology Escrow

By taking the step to establish an escrow arrangement, you have recognized that your licensed mission critical technology is an important aspect of your organization’s business operations. Complementing your escrow arrangement with verification services will help to mitigate potential risks by providing complete intellectual property protection and management, and ensuring a more rapid recovery for your organization should circumstances require it.