Designated Third Party (D3P) – The Key to SEC Audit Success and Increasing Customer Confidence

Hands down, this is most confusing aspect of data compliance. Yet failing to assign a D3P can result in SEC audit failure or cause serious damage to a firms reputation.

For small broker-dealer firms with limited time and budgets, finding the best partner to assist them with their D3P needs can be a daunting task. They need to choose a provider that can help them achieve these requirements effectively – choosing the wrong D3P can cause unnecessary burden and quickly increase the overall cost of data compliance.

Answering the Big Questions about the Designated Third Party (D3P):

1. What is the broker-dealer’s responsibility in choosing a data compliance partner as their D3P?
• It is critical that the broker-dealer establish a relationship with a third party that has the ability to provide the SEC (or other securities regulators) with independent access to their retained electronic records and information.

2. What are the D3P responsibilities?
• Notify the SEC (or other designated securities regulators) in writing of their intention to fulfill the third-party access and download function for the broker-dealer
• Provide securities regulators with the information they need to download electronic records from the broker-dealer’s systems at the regulators request
• Provide securities regulators with access to records and information stored on the broker-dealer’s systems independently of the broker-dealer, even if the broker-dealer is not cooperating with the regulator
• Preserve records in a non-rewriteable, non-erasable format or one that prevents their overwriting, erasing, or otherwise altering during its required retention period through the use of integrated hardware and software codes
• Verify automatically the quality of the backup process and index records preserved on the storage media

The D3P prerequisite is essentially designed to ensure broker-dealer electronic records are kept for the required amount of time and can be easily retrieved in the event of an audit or during regular compliance reviews.

Further Benefits of the D3P:

Aside from simply ensuring rules 17a-3 & 17a-4 are met and increasing confidence during SEC audits, the D3P provides several other benefits:
– The D3P prevents records from being overwritten, erased or altered. Thus giving broker-dealers built-in long-term archiving for historical data retrieval
– The D3P ensures that if key IT personnel retire or leave, the D3P can always access current or archived data, thus the D3P becomes an integral part of the broker-dealers compliance audit process
– The D3P maintains compatibility with legacy systems. In the case where a broker-dealer merges, has been acquired or takes over another company that uses different systems, the D3P will retain the information in a standard format compatible with new systems
– Most importantly, in the event of a disaster where a broker-dealer has lost all their systems or data, the D3P ensures current and historical data will be made available for restoration back to the original location or to an alternate disaster recovery site

The Designated Third Party puts extra responsibility on broker-dealer firms and it IS designed to ensure an amount of long-term stability is built into their data compliance strategy. By choosing the right D3P, not only do firms gain greater confidence during SEC audits, they will also have more chance of gaining long-term customer confidence regarding electronic records retrieval and supervision.

Source by Allan Lonz

Leave a Reply