The United States Security and Exchange Commission (SEC) is a federal agency that oversees financial institutions, enforces federal securities laws and regulates securities exchanges to prevent market manipulation.
The SEC issued Rule 17a-4 as a set of requirements for record-keeping in the financial services industry. Paragraph (f) of the rule focuses on digital and electronic storage, and describes requirements around data retention, indexing and accessibility of electronic financial records to ensure that, if necessary, those records can be audited or subpoenaed.
Broker-dealers and other members of the financial services industry who keep financial records on electronic storage media must be in compliance with SEC Rule 17a-4(f).
Amendments to Rule 17a-4
In 2023, the SEC made amendments to the rule as it pertains to the recordkeeping rules applicable to broker-dealers ( link resides outside ibm.com). Specifically Rule 17a-4(i) was amended to allow the use of an Alternative Undertaking letter by Cloud Service Providers.
Alternative Undertaking Letter
Clients interested in obtaining an Alternative Undertaking for Cloud Service Providers for IBM Cloud Object Storage can open a support case using their cloud account portal. Our support personnel will then route the request to the appropriate team for review. Please note that IBM requires customers to make certain representations to IBM before the Alternative Undertaking letter can be issued to them.
Reports and other documentation
View the Cohasset Associates SEC 17-a4(f) Assessment Report
Independent assessor Cohasset Associates has assessed that IBM Cloud Object Storage, when immutable object storage features are appropriately configured and applied, retains records in non-rewriteable, non-erasable format and meets the relevant storage requirements of SEC Rule 17a-4(f), Financial Industry Regulatory Authority (FINRA) Rule 4511(c), and Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d), and Markets in Financial Instruments Directive II (MiFID II) Delegated Regulation (72((1).