Home Cloud Compliance SEC Rule 17a-4(f) IBM Cloud® compliance: SEC Rule 17a-4(f)
Illustration showing a person interacting with a computer interface, behind which are various documents and a miniature skyscraper
What is SEC Rule 17a-4(f)?

The United States Security and Exchange Commission (SEC) is a federal agency that oversees financial institutions, enforces federal securities laws and regulates securities exchanges to prevent market manipulation.

The SEC issued Rule 17a-4 as a set of requirements for record-keeping in the financial services industry. Paragraph (f) of the rule focuses on digital and electronic storage, and describes requirements around data retention, indexing and accessibility of electronic financial records to ensure that, if necessary, those records can be audited or subpoenaed.

Broker-dealers and other members of the financial services industry who keep financial records on electronic storage media must be in compliance with SEC Rule 17a-4(f).

 

Amendments to Rule 17a-4

In 2023, the SEC made amendments to the rule as it pertains to the recordkeeping rules applicable to broker-dealers ( link resides outside ibm.com). Specifically Rule 17a-4(i) was amended to allow the use of an Alternative Undertaking letter by Cloud Service Providers.  

IBM position

Alternative Undertaking Letter

Clients interested in obtaining an Alternative Undertaking for Cloud Service Providers for IBM Cloud Object Storage can open a support case using their cloud account portal. Our support personnel will then route the request to the appropriate team for review. Please note that IBM requires customers to make certain representations to IBM before the Alternative Undertaking letter can be issued to them.

Reports and other documentation

View the Cohasset Associates SEC 17-a4(f) Assessment Report

Independent assessor Cohasset Associates has assessed that IBM Cloud Object Storage, when immutable object storage features are appropriately configured and applied, retains records in non-rewriteable, non-erasable format and meets the relevant storage requirements of SEC Rule 17a-4(f), Financial Industry Regulatory Authority (FINRA) Rule 4511(c), and Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d), and Markets in Financial Instruments Directive II (MiFID II) Delegated Regulation (72((1).

Services

IBM Cloud platform sevices included in assessment report:

IBM Cloud Object Storage

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs