Financial Industry Regulatory Authority (FINRA) Rule 4511(c) United States

About FINRA Rule 4511

The Financial Industry Regulatory Authority (FINRA) is the largest independent body regulating securities firms with oversight of more than 4,500 brokerage firms in the United States. It was authorized by the US Congress 'to protect America's investors by making sure that the broker-dealer industry operates fairly and honestly.'

In 2011, the US Security and Exchange Commission (SEC) approved the FINRA adoption of SEC rules governing the retention of books and records on electronic storage media. FINRA Rule 4511(c) specifies that 'all books and records required to be made pursuant to the FINRA rules shall be preserved in a format and media that complies with SEA (Securities Exchange Act) Rule 17a-4.'

Also, FINRA Rule 4511(c) requires firms to preserve for a period of at least six years those books and records for which there is no specified retention period under applicable FINRA or SEA rules. Effectively, if the books and records pertain to an account, the retention period is mandated to be six years following account closure. Otherwise, the retention period is for six years after such books and records are created.

Microsoft and FINRA Rule 4511(c)

Financial services customers, representing one of the most heavily regulated industries in the world, are subject to complex provisions like the retention of financial transactions and related communication in a non-erasable and non-modifiable state. Among them is Rule 4511 of the Financial Industry Regulatory Authority (FINRA) that stipulates stringent requirements for regulated entities that elect to retain books and records on electronic storage media. Records stored must be tamper-proof with no ability to alter or delete them until after the designated retention period.

Microsoft Azure Immutable Blob Storage with Policy Lock and Microsoft Office 365 with Preservation Lock can help financial institutions meet the immutable storage requirements of FINRA Rule 4511(c).

Microsoft Azure

To evaluate Azure compliance with FINRA Rule 4511(c), Microsoft retained an independent assessment firm that specializes in records management and information governance, Cohasset Associates. The resulting report, SEC 17a-4(f) & CFTC 1.31 (c-d) Compliance Assessment: Microsoft Azure Storage, encompasses Azure compliance with FINRA Rule 4511(c), which defers to the format and media requirements of SEC Rule 17a-4(f).

Cohasset validated that Azure Immutable Blob Storage with the Policy Lock option, when used to retain time-based Blobs in a non-erasable and non-rewritable (WORM) format, meets relevant FINRA storage requirements. Each Blob (record) is protected from being modified, overwritten, or deleted until the required retention period has expired and any associated legal holds have been released.

Software providers and partners with sensitive workloads can now rely on Azure Immutable Blob Storage as a one-stop shop cloud solution for records retention and immutable storage. Financial institutions can now build their own applications taking advantage of these features while remaining compliant.

Microsoft 365

For FINRA Rule 4511(c) requirements, Cohasset validated that Microsoft 365 includes archiving features that enable regulated customers, including broker-dealers, to store data in a manner that helps them comply with SEC requirements for records retention. Retention features in Microsoft 365 help preserve a wide range of data, including email, voicemail, shared documents, instant messages, and third-party data. In particular, archiving in Microsoft 365 enables customers to set global or granular messaging retention policies to store data for a defined period and beyond in a non-rewriteable, non-erasable format.

Microsoft in-scope cloud platforms & services

Audits, reports, and certificates

Azure & FINRA Rule 4511(c)

Office 365 & FINRA Rule 4511(c)

Archiving in Office 365, data retention, and SEC Rule 17a-4 compliance

How to implement

  • Financial services regulation: Compliance map of key US regulatory principles for cloud computing and Microsoft online services. Learn more
  • Risk Assessment & Compliance Guide: Create a governance model for risk assessment of Microsoft cloud services, and regulator notification. Learn more
  • Financial use cases: Use case overviews, tutorials, and other resources to build Azure solutions for financial services. Learn more