Iron Mountain Helps Ensure Compliance with SEC and CFTC Requirements

In the drive toward full compliance with the Security Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) rules for preservation of electronic records, such as SEC Rule 17a-4 and CFTC Section 17 CFR 1.31, many securities firms have overlooked a critical record keeping obligation: the designated third party or technical consultant requirement.

Since 1993, Iron Mountain has been helping financial services firms achieve SEC and CFTC compliance. Iron Mountain was the first company to develop a set of best practices and to file a third-party undertaking in accordance with the SEC ruling. Our compliance services also support new rulings mandated by the Dodd-Frank Wall Street Reform and the Consumer Protection Act. Today, more broker-dealers - including six of the nation's top ten firms - as well as swap dealers and other merchants subject to SEC and CFTC rulings depend upon Iron Mountain's Designated Third Party (D3P) service more than any other provider to ensure compliance with the designated third party or technical consultant requirement.

Iron Mountain's comprehensive D3P compliance service is available for all types of electronic records, including computer output to laser disc (COLD), back-office, imaged, voice recording and transactional records, as well as email and messaging communications. Iron Mountain offers compliance for a broad range of Document Management Applications, including client-server and mainframe systems. Record storage can be in-house or off-site, and on any type of WORM media.

Service Online or On-Site

Iron Mountain’s D3P compliance service offers two distinct options so you can choose the solution that best fits your needs:

  • D3P On-Line Access: for secure remote access to your archive systems by Iron Mountain
  • D3P On-Site Access: Iron Mountain’s compliance experts retrieve records from archive Electronic Storage Media (ESM) at your facility

The Deliverables: Analysis, Validation, and Peace of Mind

With a strong knowledge of SEC and CFTC regulations and proven best practices in providing D3P services, Iron Mountain provides your compliance organization with tremendous insight into your systems along with a host of other valuable services. As part of Iron Mountain's D3P service, you receive:

  • Letter of Intent to regulators for each system informing them that you contracted a Designated Third Party Provider
  • System Configuration Plan (SCP) explaining access to records
  • Two D3P Status Reviews each year to validate D3P accountability
  • Annual test and test report to show compliance
  • Letter of Undertaking for filing with SEC, Self-Regulating Organizations, and Commodity Futures Trading Commission
  • Up to 2 days for an SEC auditor at D3P facility

With the detailed audit and test reports and System Configuration Plan in hand, you can face your next audit with confidence, knowing that you have met your designated third party requirement.