17a-4's recommendations for Managing External Links for SEC Compliance

Share Article

External links represent both the power of the Internet and a significant regulatory compliance challenge. Compliance officers must have compliance policies and disclaimers in place to clearly state their institution’s position with respect to the responsibility for content of linked sites on websites, emails and marketing documents.

17a-4 LLC
Emerging as one of technology’s new compliance challenges, external links and sites...

17a-4, LLC works with compliance teams to leverage technology and manage corporate data in compliance with regulations. Emerging as one of technology’s new compliance challenges, external links and sites represent, perhaps, a ‘no man’s land’ of responsibility. Visitors to financial websites or recipients of email or marketing information, do not perceive a difference between the content from the financial institution to that of a discreet third-party site. Where does the institutional responsibility begin and end?

As a long-standing policy, the Securities & Exchange Commission has maintained the ‘envelope’ rule which states that embedded links represent content contained within the envelope of the communications. Links to research, corporate sites, the EDGAR system, etc. are all within the construct of a communication, website, tweet or marketing document.

As guidance, 17a-4 recommends that compliance teams take the following 4 steps to address the compliance issue and incorporate their review as part of the annual FINRA 3130 certification. These steps are:
1.    Monitoring communications (email, Teams, Slack, Zoom, Webex) for external links embedded in the conversation. Supervisory terms such as ‘site’, ‘http:’ and ‘www(.)*’, represent terms which should be incorporated into the supervisory lexicon.
2.    Disclaimers with language representing that only information directly contained within the site or communication should be relied upon by the recipient of the message. As this disclaimer is often long and detailed, we recommend that firms use a service such as 17a-4’s eDisclaimer. This allows firms to take advantage of the ‘envelope’ rule to protect your firm with a full and complete disclaimer.
3.    When you do use a link, hash the contents of the link. By comparing the hash codes on a regular basis, you can be sure that the content has not been changed. You can be alerted to any change through an email notification.
4.    Set-up Microsoft SharePoint, Google Cloud or other libraries in which you can retain reference documents. This allows retention policies to be set and, if appropriate, non-erasable settings applied. Technically, linked content should be preserved as long as the email, tweet, or marketing document.

These 4 steps represent what we have found are ‘best practices’ and an appropriate effort to address this compliance challenge. For more information about our linking services, lexicon term or e-disclaimer, please visit 17a-4.com or call (212) 949-1724.

About 17a-4 LLC:
17a-4 is a compliance services and software company with a focus on e-messaging and software solutions to meet regulatory and e-discovery needs of institutional clients. Clients leverage 17a-4’s expertise to ensure information infrastructures comply with SEC (Rule 17a-4), FINRA and CFTC (Rule 1.31) regulations.

17a-4 offers the DataParser for messaging compliance and the SEC-FINRA DeskTop a hosted platform for SEC and FINRA documents and regulatory workflows. 17a-4’s architecture provides for a single-point in which all e-messaging content may be managed for retention, legal and regulatory holds and e-discovery productions.

17a-4 eDisclaimer is a hyperlinked messaging disclaimer service for compliance with regulatory requirements and legal protection for corporate messaging.

17a-4 is based in New York City but operates remote offices nationwide.
All product and company names herein may be trademarks of their registered owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

17a-4 LLC
(212) 949-1724
Email >
Follow >
Visit website