Three Tips for Choosing Designated Third Party

As part of the auditing process, the Financial Industry Regulatory Authority (FINRA) will want to know who has been selected as the designated third party storage provider (D3P). This means, they want to know which independent company has been hired to taka a copy of the firm’s electronic records and reproduce them for future audits. This regulation has serious consequences for FINRA firms and should form the basis of their data compliance strategy because the D3P should also act as the remote backup provider to archive electronic records in accordance with FINRA rules 17a-3 and 17a-4. This way several key rules are simultaneously met.

However, for small firms such as broker-dealers, finding this kind of provider can difficult because data is often dispersed throughout the whole organization on servers, desktop computers, laptops at branch locations or in the cloud. In addition, this data is stored in various formats such as emails, social media posts, office documents or scanned electronic records. Therefore, it is hard for small firms with limited budgets to find the ideal solution to effectively store this diverse information and at the same time satisfy the important D3P obligation.

Choosing the D3P
Thankfully FINRA gives its smaller member’s some flexibility when choosing the D3P and firms have a certain amount of control over who they assign this task. Surely, they will want to choose a provider that offers a yet inexpensive solution, but at the same time meets all the important demands for regulators.

To achieve this regulation, small firms must understand that they need a provider who can capture a multitude of different data formats from various systems, consolidate it into one easily accessible platform, and make it readily available to compliance officers at any time. In addition, they need a provider who allows them to control the cost of the service as they grow; small firms surely can’t spend thousands of dollars a year archiving data to simply keep auditors happy.

Nonetheless, a small firm should look
for three important features in a D3P:

1. Remote Data Archiving. The best way for small firms to achieve the D3P requirement is to choose a provider that offers remote data archiving. This means the provider uses an automated method to remotely transfer data from critical systems each night. It will then keep this data archived in a secondary location for the required amount of time. This type of service is perfect of small firms because it is a  readymade solution which can be put in place very quickly to instantly ensure data is transferred offsite, from every location and put in the possession of a third party provider for FINRA compliance and long term electronic records archiving.
2. At Flight and At Rest Data Encryption. Because a financial firm’s electronic records are so sensitive, auditors will want firms to choose a D3P that offers at Flight and At Rest Data Encryption. Essentially, this technology will be built into the providers software and encrypts the data before it leaves the customer’s site and while it is stored on the providers servers. This way even the technicians working for the provider cannot access the data
3. ‘Pay-As-You-Grow’ Pricing Model. Small FINRA firms such as broker-dealers will want a provider that offers a Pay-As-You-Grow pricing model. By doing this, they are able to control the cost of data compliance because in the beginning they are only paying for data that needs archiving, and as data increases the cost goes up. This way, the initial cost is low and as they grow, they can pay more for protection to keep the overall cost of the service under control over time.

Because FINRA performs regular audits of its members and data compliance is such an important part of this, choosing the D3P is a very important decision for FINRA firms, especially for small firms. The D3P will ensure data is properly accessible for review from auditors, also the right provider will also remotely backup and archive data to a remote location, also making sure the electronic records and archiving demands of rules 17a-3 and 17a-4 are also achieved. Moreover, by choosing a provider that offers the above key features firms will be able keep the cost of data compliance under control and ensure they achieve several critical data compliance rules at once.

AdvisorVault Inc. offers the only designated third party service designed for small FINRA firms such as broker-dealers, independent investment advisors and wealth management firms. The solution is suited to help them achieve today’s stringent data archiving rules while helping them keep the overall cost of data compliance under control. With D3P service, firms are assured to achieve the demands defined in the 17a-3 and 17a-4 electronic records archiving rules as well as the supervisory and DR demands contained in FINRA rules 3510 and 3010.