Is Wasabi’s implementation of S3 Object Locking (aka object immutability) compliant with SEC Rule 17a-4(f)/FINRA/CFTC?

Is Wasabi’s implementation of S3 Object Lock (aka object immutability) compliant with SEC 17 CFR § 240.17a-4(f), FINRA Rule 4511(c), and CFTC 17 CFR § 1.31 (c)-(d)?

Wasabi’s immutability functionality (object lock with compliance mode) fulfills the following requirements relative to certain electronic storage requirements specified in the following regulations:

• Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f), which regulates exchange members, brokers or dealers.

• Financial Industry Regulatory Authority (FINRA) Rule 4511(c), which defers to the format and media requirements of SEC Rule 17a-4(f). 

• Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d), which regulates commodity futures trading. 

For more detailed information about how Wasabi’s implementation of S3 Object Lock satisfies these regulations, see the “SEC 17a-4(f), FINRA 4511(c), and CFTC 1.31(c)-(d) Compliance Assessment - Wasabi Hot Cloud Storage” by Cohasset Associates. This report also includes the updated SEC Rules that had a compliance date of 5/3/2023.

For additional information about physical security, network architecture, and data privacy, refer to our white paper “Ensuring SEC Compliance with Wasabi’s Data Immutability”.                                                     

A customer case study on the use of Wasabi’s immutability feature is available here. 

If you need a D3P (designated third-party) that works with Wasabi, we recommend the Iron Mountain D3P service.

If you need to request an alternate undertaking letter per 17 CFR 240.17a 4(i)(1)(ii)(A), please contact compliance@wasabi.com.