• Insights

Microsoft Azure and Office 365 Are Now FINRA and SEC Compliant

Logan Miller

2 min read

All Insights

FINRA, the SEC, and Office 365

You may already know all about FINRA, the Financial Industry Regulatory Authority, as it is the largest independent regulator of security firms in America, responsible for governing business between brokers, dealers, and the investing public. But most people know FINRA as a behemoth that has enforced penalties levied to the tune of over $170 million in 2016 alone. While that may be an intimidating figure, it is entirely eclipsed by those of its elder brother (or maybe stepbrother is more accurate?) the SEC, the US Securities and Exchange Commission, which obtained judgements and orders totaling more than $3.9 billion in disgorgement and penalties in 2018.

This all begs the question: “How do I keep a giant like FINRA or the SEC far, far away from my firm and me?”

That’s a great question, reader—one that has many answers. Recently a new solution has surfaced, thanks to two independent assessments that have validated that both Microsoft’s Azure and Office 365 can help firms meet both the SEC’s Rule 17a-4(f) for records retention and immutable storage requirements and FINRA Rule 4511(c).

What is SEC Rule 17a-4(f)?

SEC rule 17a-4(f) essentially requires that firms who do their bookkeeping electronically must do so in compliance with certain rules and regulations. The two big takeaway rules are that

1. The electronic booking tool must be able to make records restricted and unable to be edited

2. The duration that those records must be held for retention should be somewhere between three to six years and that the storage system being used by the firm must be capable of withholding those records for a much longer period than that.

How about FINRA Rule 4511(c)?

Essentially the same as above, since the rule defers to the format and media requirements of SEC Rule 17a-4(f).

Yep… that’s pretty much it.

(Well, not really, there is more to it that does not apply to us here, so let’s move on.)

Microsoft Azure

By choosing the correct options within Azure, a firm can ensure that its electronically stored documents are compliant with the SEC’s and FINRA’s new rule(s). According to the assessment, “Azure Immutable Blob Storage with the Policy Lock option, when used to retain time-based Blobs in a non-erasable and non-rewritable (WORM) format, meets the immutable storage requirements of the SEC rule.”

Okay, maybe the exact quote is a little excessive. Essentially, by using specific options available within Microsoft’s Azure solution, a firm can achieve SEC and FINRA compliance.

Office 365

While Azure compliance is more comprehensive, Office 365 is much easier. All you have to do is use Office 365 with Preservation Lock. That’s it. Preservation Lock will store and archive data in a manner compliant with SEC requirements for record retention and ensure that your firm will be protected. Microsoft elaborates,

“In Exchange Online, when a retention policy is applied to a user’s mailbox, all of the user’s content will be retained based on the criteria of the policy. In fact, if a user attempts to delete or modify an email, a copy of the email before the change is made will be preserved in a secure, hidden location in the user’s mailbox. Retention polices can ensure that an organization retains electronic communications, but those policies can be modified.”

Have questions about how to get your financial services firm compliant with Office 365 and Azure? Set up a discussion with one of our experts.

The Azure Files: A Law Firm's Guide to Cloud Migration