SEC Rule 17a-4 Records Retention
United States
1934
Tax & Reporting
Cybersecurity
Overview
Key Obligations
- Preserve specific records (e.g., communications, trade blotters, account documents) for defined retention periods
- Store electronic records in a tamper-evident, non-rewritable, and non-erasable format (WORM)
- Use a third-party access provider or designate a compliance officer for data retrieval
- Ensure availability of records to the SEC upon request
- Maintain backup systems and retrieval indexes for efficient record access
- Notify the SEC of changes to recordkeeping systems
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
GRC
Governance, Risk, and Compliance solutions to streamline regulatory adherence and maintain operational security.
Bank Account Verification
Instantly verify bank account details to confirm account ownership and validity for secure financial transactions.
Related Regulations
FAQ
What formats are acceptable under SEC Rule 17a-4?
Records must be stored electronically using WORM-compliant systems to prevent alteration or deletion.
How long must records be retained?
Retention periods vary by record type, with many requiring preservation for three to six years.
Can records be stored in the cloud?
Yes, if the cloud storage is WORM-compliant and meets SEC access and retention standards.
Does this apply to text messages and emails?
Yes, all electronic communications related to business operations must be archived and accessible.