Why Did the SEC Update Drop the WORM-Only Requirement?

The Securities Exchange Commission (SEC) stepped into the 21st century with a recent update to Rule 17a-4 by dropping the requirement that electronic records be stored in a non-rewriteable, non-erasable WORM or “write once, read many” format. Broker-dealers can now use either WORM or a dynamic recordkeeping system that provides an audit trail. The SEC revised the rule so that broker-dealers using electronic recordkeeping systems can either preserve their records in a manner “that permits original records to be re-created if altered, over-written or erased, or that prevents original records from being altered, over-written or erased.” The rule change allows them to meet compliance by using either WORM or an audit trail format.

These new audit trail guidelines are more in line with what legal teams do when preserving data for ediscovery. The requirements are that broker-dealers need to preserve and maintain records with a complete time-stamped audit trail that includes all modifications and deletions of a record, and the date and time of creation or modification, ensuring its authenticity and permitting re-creation of both the original record and interim iterations. The SEC update allows compliance teams to move away from WORM storage toward a more usable audit trail alternative and brings enterprise recordkeeping out of the Digital Stone Age and into a new, more functional era.