NAIFA's Advisor Today Keyword(s)

 E-mail   Print  Share

Store or Shred?

This article tells you how to decide what to keep and what to discard.

By Janet Arrowood

To store or to shred. That is the ongoing dilemma of the financial advisor.

Many securities-related documents have to be immediately accessible and must be backed up and stored in a secure place. SEC Rule 17a covers many things you need to know, and your broker-dealer can interpret the information for you. Always back up everything— at least once a week—and store it off-site in a secure, fireproof location.

You have applications, personal and business records, insurance and financial statements, manuals, continuing education documents, and much more, and none of the storage requirements are consistent. Here’s something to help you decide what to keep, how and where to keep it, and what to shred. While the information is as current as possible, the ultimate authorities are your agency manager, broker-dealer, the Securities and Exchange Commission (SEC), the National Association of Securities Dealers (NASD), your state insurance commissioner, the IRS, and other entities. When in doubt—keep it. Each part of your practice has different “store-or-shred” requirements. For health insurance, add additional privacy considerations for HIPAA and ERISA requirements.

Insurance-related document and data-storage requirements
Insurance is regulated by the states, so there are variations from one state to another. The National Association of Insurance Commissioners has issued several model insurance regulations, and many states have adopted these regulations. If your business crosses state lines (especially with variable products), you are almost certainly subject to these regulations at some point.

While there are no consistent rules, you should keep all applications and related information for at least three years from the date of policy issue. In some states, the requirements are even more stringent. Connecticut, for example, requires records related to seniors’ applications for insurance to be kept for seven years.The ways you can store records are usually more liberal for states than for NASD/SEC-governed securities transactions. Connecticut statutes provide the following guidance:

“Records required to be maintained by this regulation may be maintained in paper, photographic, microprocess, magnetic, mechanical or electronic media or by any process that accurately reproduces the actual document.”

If it has a Social Security number, birth date or license number on it—yours, your client’s or your employees’, and you don’t need to store it—SHRED IT.

New York has similar provisions for acceptable storage of records, as do most other states. However, in Oklahoma, the rules are a bit different in terms of allowable storage: “Oklahoma Insurance Commissioner Carroll Fisher issued the following notice to producers, which he categorized as ‘urgent,’ regarding storage of documents: State law at 36 O.S. § 1435.13(E) requires you to keep your records relating to the sales of policies for three years. The records must be in your office and in hard copy format.”

Many insurance applications involve electronic submission of applications and other documents (records, releases, etc.). A good site for an explanation of the rules is This site explains the acceptable electronic signatures, releases and data transmission. Electronic media have a major advantage since the data can be transferred, copied and backed up in a few simple steps. The site explains the provisions of the Electronic Signatures in Global and National Commerce Act. Note that the storage provisions for electronically generated data and client contacts are six years for securities and will probably tend that way for insurance-related email and other data in the near future.

Securities-related documents and data-storage requirements
SEC and NASD are the primary authorities in this area, although variable products are also subject to state-imposed storage requirements. In addition, the Graham-Leach Bliley and Sarbanes-Oxley Acts affect securities, but are not covered here.

A useful site for reviewing the storage and records maintenance rules and regulations, in addition to your broker-dealers’ website, is the NASD Manual online.

SEC Rule 17a-1 through 17a-4 are the key rules here. At the NASD level these rules are implemented through NASD Rules 3010 and 3110. NASD 3010 requires the creation of policies for supervisory review of broker email, and for education of brokers on regulatory issues. NASD 3110 specifies the retention of customer records and transaction data in a “reviewable” format and in an easily accessible place.

NASD and SEC have imposed a number of requirements including:

  • Emails and attachments must be preserved in a nonalterable, nonrewriteable and nonerasable format. Broker-dealers must be able to automatically verify the quality and accuracy of the archiving process (at their site and at registered representatives’ sites). Emails must be fully indexed and searchable. All emails must be preserved for up to six years and be in an accessible place for the first two years.
  • When emails are requested by regulators, the stated retrieval time is “immediate.”

Other documentation
Reg. §240.17a-4: Although most requirements refer to your broker-dealer, here are the records you need to keep:

  • You must keep most customer account records for the life of the account, plus six years. You must keep email copies for six years. The new account form must be kept for three years and updated regularly. Your transaction (sales/redemptions) blotters with check records must be kept for six years. You must keep copies of all client correspondence for three years. You must keep approvals of advertising and marketing materials, as well as any sales scripts, for three years from date of use. For the first two years, plan on these records being kept in an immediately accessible place (with off-site back-up).
  • As one compliance officer, Jane Riley of The Leaders Group Inc. in Littleton, Colo., puts it, “The period for arbitration is six years from the time the action took place, and litigation can go back even further, so I feel everything should be kept at least six years.”

If you use materials like asset-allocation models, factfinders or other documents that contain information related to an account, keep those documents as long as you have to keep the account data and documents. Always have a current copy of your firm’s compliance manual. Make sure you verify with your firm what records you have to keep in reference to the data and text on your website.

Other important documents and data

General business documents: The website has suggestions on how long to keep most employer-related documents. You should keep all records related to employer groups at least as long as the employer has to keep them. In many cases you need to keep records even longer to meet SEC or NASD requirements.

Tax-related documents:
Keep your personal records and business records and returns for at least seven years. Keeping them forever is a good idea.

Janet Arrowood is the managing director of The Write Source Inc. She can be reached at


See other articles about Practice Management

Conference Newsletter

Contact Us   |   Reprint Permission   |   Advertise   |   Legal Notices   |   Join NAIFA   |   Copyright © Advisor Today 1999-2017. All rights reserved.

AT Blog
Product Resource
Digital Magazine