Iron Mountain Helps Ensure Compliance with the SEC

Did you know that the Security Exchange Commission (SEC) has rules for the preservation of electronic records? Many securities firms have overlooked this critical record keeping obligation, SEC Rule 17a-4, or better known as, the designated third party requirement.

Since 1993, Iron Mountain has been helping financial services firms achieve SEC compliance. Iron Mountain was the first company to develop a set of best practices and to file a third-party undertaking in accordance with the SEC ruling. Our compliance services also support new rulings mandated by the Dodd-Frank Wall Street Reform and the Consumer Protection Act. Today, more broker-dealers - including six of the nation's top ten firms - depend upon Iron Mountain's Designated Third Party (D3P) service more than any other provider to ensure compliance with the designated third party requirement.

Iron Mountain's comprehensive D3P compliance service is available for all types of electronic records, including computer output to laser disc (COLD), back-office, imaged, voice recording and transactional records, as well as email and messaging communications. Iron Mountain offers compliance for a broad range of Document Management Applications, including client-server and mainframe systems. Record storage can be in-house or off-site, and on any type of WORM media.

Service Online or On-Site

Iron Mountain’s D3P compliance service offers two distinct options so you can choose the solution that best fits your needs:

  • D3P On-Line Access: for secure remote access to your archive systems by Iron Mountain
  • D3P On-Site Access: Iron Mountain’s compliance experts retrieve records from archive Electronic Storage Media (ESM) at your facility

The Deliverables: Analysis, Validation, and Peace of Mind

With a strong knowledge of SEC and proven best practices in providing D3P services, Iron Mountain provides your compliance organization with tremendous insight into your systems along with a host of other valuable services. As part of Iron Mountain's D3P service, you receive:

  • Letter of Intent to regulators for each system informing them that you contracted a Designated Third Party Provider
  • System Configuration Plan (SCP) explaining access to records
  • Two D3P Status Reviews each year to validate D3P accountability
  • Annual test and test report to show compliance
  • Letter of Undertaking for filing with SEC and Self-Regulating Organizations
  • Up to 2 days for an SEC auditor at D3P facility

With the detailed audit and test reports and System Configuration Plan in hand, you can face your next audit with confidence, knowing that you have met your designated third party requirement.