IBM Cloud® compliance: SEC Rule 17a-4(f)
Illustration showing a person interacting with a computer interface, behind which are various documents and a miniature skyscraper
What is SEC Rule 17a-4(f)?

The United States Security and Exchange Commission (SEC) is a federal agency that oversees financial institutions, enforces federal securities laws and regulates securities exchanges to prevent market manipulation.

The SEC issued Rule 17a-4 as a set of requirements for record-keeping in the financial services industry. Paragraph (f) of the rule focuses on digital and electronic storage, and describes requirements around data retention, indexing and accessibility of electronic financial records to ensure that, if necessary, those records can be audited or subpoenaed.

Broker-dealers and other members of the financial services industry who keep financial records on electronic storage media must be in compliance with SEC Rule 17A-4(f).

Reports and other documentation

View the Cohasset Associates SEC 17-a4(f) Assessment Report (PDF, 613 KB)

IBM position

Independent assessor Cohasset Associates has assessed that IBM Cloud Object Storage, when immutable object storage features are appropriately configured and applied, retains records in non-rewriteable, non-erasable format and meets the relevant storage requirements of SEC Rule 17a-4(f), Financial Industry Regulatory Authority (FINRA) Rule 4511(c), and Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d).


IBM Cloud platform services included in assessment report:

IBM Cloud Object Storage

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs