Skip to content
Electronic storage rule amendments

Electronic storage rule amendments

Publications
17 October 2022
Related people
Stettner Barbara
Satchell Bill
Image of Wallace DeWitt
Stettner Barbara
Barbara Stettner

Partner

Washington, D.C.
Satchell Bill
Bill Satchell

Of Counsel

Washington, D.C.
Image of Wallace DeWitt
C. Wallace DeWitt

Senior Counsel

Washington, D.C.
Seo Hilary Sunghee
Hilary Sunghee Seo

Partner

New York

Headlines in this article

Related news and insights

News: 03 April 2024

Allen & Overy’s Scott Cockerham on tax insurance in green energy credit deals

News: 14 March 2024

Allen & Overy files amicus brief in 5th Circuit in support of challenge to SEC short-selling and securities lending rules

Publications: 13 March 2024

Valid in Venezuela?

Publications: 11 March 2024

Allen & Overy attorneys analyze the impact of the SEC’s new climate rule

The Securities and Exchange Commission, on October 12, 2022, adopted amendments to its books and records electronic storage requirements for broker-dealers and certain security-based swap entities (“SBSEs”).  The final rule release can be found here. In general, the amendments are intended to modernize those requirements, make them technology neutral, and address the outdated write-once-read-many or “WORM” requirement that has plagued the industry for almost 25 years. While the rule amendments are in many respects a step in the right direction, they are far from ideal.  Most notably on this point is the imposition of new electronic storage requirements on certain SBSEs.

The highlights: 

  1. Provides an “audit trail” alternative to the historical WORM requirement – importantly this requires, among other things, that “the audit trail will permit re-creation of the original record if it is modified or deleted”  
  2. Retains WORM as an option for firms to use either in whole or in part
  3. Requires both WORM and audit trail solutions to be in a human readable and reasonably usable electronic format – the application of this requirement to certain records may present difficulties for firms (for example, firms that have taken snapshots of their systems if such snapshots are not machine readable) 
  4. Provides optionality with respect to the requirement to have a separate backup copy of required records by providing as an alternative the requirement to have “other redundancy capabilities that are designed to ensure access to the records required to be maintained and preserved pursuant to §§ 240.17a-3 and 240.17a-4”
  5. Provides optionality with respect to the undertakings that must be filed with a firm’s designated examining authority – importantly, while this provides an option to designate an internal officer to provide the undertakings instead of a third party, the internal officer option may be seen by some firms as complicated and difficult to implement  
  6. Provides optionality with respect to the undertakings that are required to be provided by third-part storage providers that are intended to address challenges faced by some providers such as cloud storage providers that don’t have access to or the ability to provide records to regulators
  7. Reiterates the SEC’s position that contracts that include provisions permitting the service provider to withhold, delete, or discard a firm’s records required to be preserved (e.g., for non-payment) are in violation of the securities laws, as well as indicates that cloud service provider contracts may need to be amended to comply with the new undertaking requirements.  
  8. SBSEs without a prudential regulator will, for the first time, be required to comply with the WORM requirement, the audit trail requirement, or selectively apply one of those requirements to required records  
  9. The compliance period for broker-dealers is six months from publication in the Federal Register and twelve months for impacted SBSEs

What firms should do now: 

Historically, many firms have struggled to comply with the WORM requirement for at least a portion of their required books and records.  As a result, broker-dealers should begin reviewing how they currently store required books and records to determine compliance with the electronic storage requirements (including the requirement that WORM records be in a human readable and reasonably usable electronic format).  For those records that they believe are in compliance with the historical requirements, assess whether any additional steps are required, including filing any updated undertakings that reflect the amended language in the rule and amending any contracts that require updating.  For those records that are not stored correctly, firms should assess which option is preferable and then take steps to come into compliance.  For example, if a firm’s accounting records have not been stored in WORM the firm should consider whether it is now preferable to implement the audit trail option to ensure compliance.

Impacted SBSEs likely face a more significant undertaking to comply with the new electronic storage requirements applicable to them.  As a starting point, impacted SBSEs should inventory all required books and records that they make and maintain and how they are currently stored.  Once the inventory is completed, they should develop an implementation plan or similar plan for addressing any required book and record that is not in compliance with the new electronic storage requirements.  

All firms should move quickly to address any potential issues they may have with respect to how they store required books and records as the compliance periods are relatively short and there is no guarantee of an extension.  In addition, the changes that firms may need to make to ensure compliance may be complex and time consuming to implement.

Related expertise