The Financial Industry Regulatory Authority (FINRA, Inc.) exists to protect investors. 

Every American, regardless of wealth or economic status, deserves fair treatment by and integrity from broker-dealers in the U.S. FINRA is empowered by Congress to ensure every investor can confidently take part in the success of the nation’s economy through basic protections, that securities sellers are tested, qualified and licensed, that they are dealt with truthfully, that offerings are suitable to their needs, and that disclosure regarding such products and services is made completely and honestly.

FINRA, which is supervised by the Securities and Exchange Commission (SEC), drives regulatory compliance by both creating and enforcing rules to govern ethical activities by broker-dealers. Essentially, FINRA takes rules defined by the SEC and converts them to measurable practices which can be tested and audited. Failure to adopt and adhere to these rules can result in severe sanctions and fines by the SEC.

Starting at the top of the Books and Records checklist, Securities and Exchange Act 1934 Rule 17a-3(a)(3): Customers’ Accounts requires items such as cash receipts for debits and credits to be retained for a minimum of six (6) years. FINRA  requires available proof of records retention (such as process documentation), so in the event of an investigation the dealer has the forensic details on the customers’ account(s). Failure to produce records can cause the organization to be sanctioned for non-compliance.

Rule 17a-4 provides details for meeting these audit requirements, such as using WORM storage (“write once, read many”) for archive data integrity, which in turn must be made part of an organization’s information security management system. Ultimately, organizations must maintain have both a written and a programmatic policy for (digital) customer transaction records to be logged and committed to long-term safe storage, such as a tape library or cloud archive