Designated Third Party Financial Services Support

What is the Designated Third Party Service?

Quick Support Info

Call us at 1-800-962-0652
Email us at

Securities firms regulated by the SEC need to address a critical record keeping obligation; the designated third party requirement.

Iron Mountain’s D3P service fulfills the requirements of the SEC and helps securities firms easily maintain compliance for all types of electronic records.

Frequently Asked Questions about Our Designated Third Party Service

Overview of the Service

Our D3P service supports the requirement of SEC 17a-4(f)(3)(vii) known as the Designated Third Party for Broker Dealers.

Iron Mountain’s D3P service works with any WORM ( write once, read many) storage application, regardless of whether it is on-premises or in the cloud. Iron Mountain will work with your technical team to develop a System Configuration Plan (SCP) to guide us through your network and access the systems and records we have been asked to cover.

Iron Mountain offers two forms of testing based on which one would be the best fit for the particular needs of the client:

  • Online – Client provides remote access to Iron Mountain’s systems analyst to access the system online.
  • Onsite –Iron Mountain’s systems analyst visits the client’s facility to perform testing
  • All the necessary documents to file with the Securities and Exchange Commission (SEC) and self-regulatory organizations via the Electronic Data Gathering Analysis and Retrieval (EDGAR) system
    • A Letter of Intent that can be used as proof we are working towards the Letter of Undertaking
    • A Letter of Undertaking for each covered Broker Dealer and system
  • A System Configuration Plan (SCP) explaining access to records
  • Two opportunities to update your SCP each year to reflect changes in your IT infrastructure
  • An annual test and test report to show compliance and validate our ability to perform and access on behalf of the regulators

Understanding Specifics

The Letter of Intent confirms Iron Mountain is contracted as the client’s D3P provider and will issue a Letter of Undertaking once a successful test has been completed. The Letter of Intent is issued within a few days of Iron Mountain receiving a signed contract from the client.
The Letter of Undertaking is issued upon the completion of an initial successful test. The letter will be issued to the designated contact for the Broker-Dealer to file with the respective regulators via the SEC EDGAR system.
The System Configuration Plan (SCP) is completed by the broker-dealer and is a comprehensive document that contains information about the application and environment we are representing. It also contains step by step instructions that Iron Mountain will use to provide the Designated Third Party service. The SCP provides Iron Mountain the instructions it needs to navigate your network in order to access a sample of records from the Broker Dealer’s system.
The Test Report is issued annually and confirms that Iron Mountain can access the necessary systems successfully. The Test Report can be provided to the regulators during an audit as confirmation that a test was completed and to show compliance.

The record types that fall under the rule can be found in 240.17a-4(b)(1)-(13) and include:

  • Blotters itemizing a daily record of all purchases and sales of securities
  • Ledgers reflecting all assets and liabilities and income, expense, and capital accounts
  • Ledger accounts
  • Memorandums of each brokerage order, purchase, and sale
  • Copies of confirmations of all purchases and sales of securities
  • Record of all puts, calls, spreads, straddles, and other options
  • Employment applications
  • Record of the proof of money balances of all ledger accounts for three years following termination
  • Fingerprints of personnel
  • Record of customers with access to an internal broker-dealer system
  • Written customer complaints
  • Advertisements, sales literature, or communications
  • Listings of people responsible for establishing compliance policies and procedures
  • Checkbooks, bank statements, cancelled checks, and cash reconciliations
  • All bills receivable or payable
  • Originals of all communications received
  • Copies of all communications
  • All guarantees of accounts and all powers of attorney
  • All written agreements

Frequently Asked Client Questions

No. Iron Mountain will work within your existing infrastructure to perform testing.
Although Iron Mountain offers competitive and relevant solutions to assist your data needs throughout the information life cycle, we do not require your organization to maintain their data with us. The service is designed to work with any infrastructure and WORM storage scenario.

Get in Touch with Your Iron Mountain Contacts

In addition to your Sales Executive, you will be provided with a dedicated Account Manager and a dedicated Systems Analyst to provide support from both an account management and technical compliance perspective.