Books and Records Retention

Quick Answer

The SEC's "records to be preserved" rule sets three retention tiers: 6 years for principal books (blotters, general ledger, customer-account records), 3 years for most other records (order tickets, communications, financial reports), and life-of-the-enterprise plus 3 years for organizational documents (articles of incorporation, minute books). For both the 6-year and 3-year tiers, the first 2 years must be kept in an "easily accessible" place.

Once records are MADE under the SEC's "records to be made" rule, the SEC's "records to be preserved" rule sets the preservation periods, the storage format, and the "easily accessible" requirement.


The Three Core Retention Tiers

The SEC recordkeeping framework has three retention tiers. Each tier covers a different category of broker-dealer record, and two of the three tiers carry the "first 2 years easily accessible" subrequirement:

Retention PeriodWhat It Covers
6 years (first 2 years easily accessible)Blotters, general ledger, securities ledger, customer ledgers, securities record, customer-account records, and other principal records
3 years (first 2 years easily accessible)Order tickets, trial balances, confirmations, customer communications (including emails, instant messages, and business-related social media), associated-person records, financial reports, and most other records
Life of the enterprise PLUS at least 3 years after terminationPartnership articles or articles of incorporation, minute books, stock-certificate books (organizational and governance documents)

Two additional retention rules that often appear alongside the three core tiers:

  • Associated-person records: Retained for 3 years after termination of association
  • Customer-complaint records: Retained for 4 years under the FINRA customer-complaint recordkeeping rule

Exam Tip: Gotchas

  • The 6-year tier covers ledgers and customer-account records, NOT order tickets or communications. Order tickets and communications sit in the 3-year tier. The exam loves swapping these.
  • Organizational documents have the LONGEST retention period in the rule: life of the enterprise PLUS at least 3 years after termination. A fixed 6-year window for articles of incorporation is wrong.
  • Customer-complaint records are 4 years, not 3 or 6. That is a FINRA-side rule, not part of the SEC's three core tiers, and it is one of the most heavily tested retention periods on every FINRA exam.
  • Associated-person records run 3 years after termination of association, not 3 years from creation. The clock starts when the person leaves the firm.

The "Easily Accessible" Window

For both the 6-year and 3-year tiers, the first 2 years of the retention period must be kept in an "easily accessible" place. The 2-year window is the same regardless of the tier:

  • "Easily accessible" means available for production to the SEC or FINRA promptly, without re-retrieval delays
  • A record buried in cold archival storage that takes days to recall is NOT easily accessible
  • After the first 2 years, records may be moved to less-accessible storage but must remain preserved through the full retention period
  • The window does not change with the tier: a 6-year record sits in easily-accessible storage for years 1 and 2 and may move to archival for years 3 through 6

Think of it this way: Imagine a filing cabinet next to the compliance officer's desk and a warehouse in New Jersey. Years 1 and 2 of every record live in the cabinet (or its electronic equivalent, with prompt retrieval). Years 3 through 6 can live in the warehouse, but they cannot be destroyed. Only after year 6 does the destruction clock kick in for a 6-year record.

Exam Tip: Gotchas

  • "Easily accessible" is the first 2 YEARS, not 6 months and not the full retention period. A 6-year record sits in easily-accessible storage for years 1 and 2 and may move to archival for years 3 through 6.
  • The 2-year easily-accessible window applies to BOTH the 6-year and 3-year tiers. Do not assume it scales with the retention period. It is a fixed 2-year window regardless of the tier.
  • "Easily accessible" is about retrieval time, not about retention. Storage that takes days to recall is non-compliant even if the record itself is preserved.

Communications Retention (Including Electronic)

The SEC's communications-retention requirement covers every business-related communication the broker-dealer sends or receives. The categories are listed broadly so that the rule keeps up with whatever new medium the industry adopts:

  • Retention requirement: Originals of all communications received AND copies of all communications sent by the broker-dealer relating to its business
  • Covered media include:
    • Letters and faxes
    • Internal memoranda
    • Emails
    • Instant messages
    • Text messages
    • Business-related social media communications
  • Retention period: 3 years, with the first 2 years easily accessible
  • Deal-file correspondence with issuers, co-managers, syndicate members, the selling group, and investors falls under this regime

Exam Tip: Gotchas

  • Electronic communications (email, instant message, text, business social media) are 3 YEARS, not 6. Order tickets are also 3 years. Customer-account records and ledgers are 6 years. Exam questions often swap these.
  • Both originals received AND copies sent must be preserved. A one-way archive (outgoing only, or incoming only) is non-compliant.
  • Business-related social media is covered, even if the platform itself is consumer-facing. The "business as such" test focuses on the content, not the channel.

Storage Format

The SEC's communications-retention rule gives broker-dealers two acceptable ways to preserve electronic records:

  • Non-rewriteable, non-erasable (WORM) format: The original standard. Once written, the record cannot be modified or deleted; this is the "write once, read many" approach
  • Audit-trail alternative: An electronic recordkeeping system that maintains verifiable audit trails for any record alterations. This option reflects modern cloud-storage architectures that cannot easily implement true WORM
  • Broker-dealers must give FINRA prior notification before using an electronic recordkeeping system
  • Broker-dealers must arrange for a third party to have access to records (the "designated third party")

Think of it this way: The rule originally required broker-dealers to store electronic records on hardware that could not be rewritten (literally write-once optical disks in the early days). The rule now accepts cloud storage with full audit trails as well, so long as the system can prove no record was tampered with. The designated-third-party requirement makes sure regulators can still get to the records even if the broker-dealer is uncooperative.

Exam Tip: Gotchas

  • The audit-trail alternative was added to the rule. Electronic records originally had to be in non-rewriteable, non-erasable format (WORM). Now they can be in either WORM OR an audit-trail-compliant electronic system.
  • Broker-dealers must notify FINRA before using an electronic recordkeeping system. This is a pre-deployment requirement, not a post-incident one.
  • The designated third party is a non-negotiable piece of the electronic-recordkeeping regime. A broker-dealer that uses electronic records but has not arranged for third-party access to those records is non-compliant.

Side-by-Side: "Records to Be Made" vs "Records to Be Preserved"

The two SEC rules work as a pair. The "records to be made" rule tells you what must EXIST; the "records to be preserved" rule tells you how long to KEEP IT and in WHAT FORMAT:

DimensionSEC "records to be made" ruleSEC "records to be preserved" rule
VerbMAKE / keep currentPRESERVE
ScopeWhat records must existHow long to keep them, in what format
TriggerDaily / per-transaction creationContinuous retention starting at creation
Format mandatePer record type (blotters, ledgers, tickets)Non-rewriteable, non-erasable (WORM) or compliant audit-trail electronic system
Office-level ruleKeep current at each office for specified recordsProduction / access requirements for electronic systems

Exam Tip: Gotchas

  • The "records to be made" rule is daily; the "records to be preserved" rule is multi-year. One is a daily creation duty; the other is a multi-year retention duty. Failing to make a record today is a different violation from failing to preserve a record made five years ago.
  • Format mandates are split: the "records to be made" rule controls per-record-type structure; the "records to be preserved" rule controls electronic-format compliance (WORM or audit-trail alternative). Exam questions that ask "which rule governs the electronic-storage format?" are pointing at the "records to be preserved" rule.