Product
AiStor Logo
Overview
What is AIStor?
Features
Replication Replication Versioning Versioning Observability Observability Encryption Encryption Key Management Server Key Management Server S3 Compatibility S3 Compatibility Object Immutability Object Immutability Catalog Catalog Object Prompt Object Prompt xxx Identity + Access Mgt Firewall Firewall AIHub AIHub Lifecycle Lifecycle Cache Cache Events and Lambdas Events and Lambdas Console Console
Tools
Erasure Code Calculator Erasure Code Calculator Determine your raw and usable capacity across a range of erasure coding settings. Reference Hardware Reference Hardware MinIO’s recommended Configuration and reference hardware for building large scale data infrastructure.
Solutions
AI Storage Learn how MinIO is leading the AI storage market from its exclusive features to performance at scale. HDFS Migration Modernize and simplify your big data storage infrastructure with cloud native storage with AIStor. Snowflake Learn how to leverage Snowflake external tables to query data without having to move it.
Integrations Integrations with MinIO Browse our expansive list of
integrations with links to the relevant
documentation.
Veeam Learn how MinIO and Veeam have partnered deliver superior RTO and RPO. Modern Datalakes Learn how modern, multi-engine data lakeshouses depend on MinIO's AIStor. Equinix Repatriate your data onto the cloud you control with MinIO and Equinix. SQL Server Learn how to leverage SQL Server 2022 with MinIO to run queries on your data without having to move it. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Hybrid Cloud Learn how enterprises use MinIO to build AI data infrastructure that runs on any cloud - public, private or colo. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions.
Open Source
Github Community Explore, experiment, ask questions and contribute. Docs Development guides. Slack Channel Open Forum for discussing topics related to MinIO.
Download MinIO Object Store Download MinIO Object Store Get MinIO's open source server, client, and SDK.
Resources
Resources Home Browse our library of white papers, solution briefs, benchmarks and videos. Blog Product updates, company news, and educational content. Training Learn the MinIO Way and Become a Data Infrastructure Expert.
Events Events Join us to take advantage to meet with MinIO partners, employees, and subject-matter experts.
Partner Pricing
Login Download

Cohasset Associates Report

MinIO Object Storage: SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) Compliance Assessment

Download PDF
Table of Contents

1 | Introduction

Regulators, world-wide, establish explicit requirements for regulated entities that elect to retain books and records1 on electronic storage media. Given the prevalence of electronic books and records, these requirements apply to most broker-dealer and commodity futures trading firms and other organizations with similarly regulated operations.

This Introduction briefly summarizes the regulatory environment pertaining to this assessment, explains the purpose and approach for Cohasset’s assessment, and provides an overview of MinIO Object Storage and the scope of this assessment.

1.1Overview of the Regulatory Requirements

1.1.1SEC Rule 17a-4(f) Requirements

In 17 CFR §§ 240.17a-3 and 240.17a-4, the SEC stipulates recordkeeping requirements, including retention periods, for the securities broker-dealer industry. On February 12, 1997, the SEC adopted amendments to 17 CFR

The Commission is adopting a rule today which, instead of specifying the type of storage technology that may be used, sets forth standards that the electronic storage media must satisfy to be considered an acceptable method of storage under Rule17a–42. [emphasis added]

Further, the SEC issued two Interpretive Releases (No. 34-44238 on May 1, 2001, and No. 34-47806 on May 7, 2003), which pertain specifically to the electronic storage media requirements of paragraph (f).

For additional information, refer to Section 5.1, Overview of SEC Rule 17a-4(f) Electronic Records Storage Requirements.

1.1.2FINRA Rule 4511(c) Requirements

Financial Industry Regulatory Authority (FINRA) Rule 4511(c) explicitly defers to the format and media requirements of SEC Rule 17a-4, for the books and records it requires.

All books and records required to be made pursuant to the FINRA rules shall be preserved in a format and media that complies with SEA [Securities Exchange Act] Rule 17a-4.

1.1.3CFTC Rule 1.31(c)-(d) Requirements

Effective August 28, 2017, 17 CFR § 1.31 (the CFTC Rule), the Commodity Futures Trading Commission (CFTC) promulgated principles-based requirements for organizations electing to retain electronic regulatory records. These amendments modernize and establish technology-neutral requirements for the form and manner of retention and the inspection and production of regulatory records.

Refer to Section 3, Summary Assessment of Compliance with CFTC Rule 1.31(c)-(d), which, correlates the CFTC principles-based requirements to the capabilities of MinIO Object Storage with Object Lock. Additionally, refer to Section 5.3, Overview of CFTC Rule 1.31(c)-(d) Electronic Regulatory Records Requirements.

1.2Purpose and Approach

To obtain an independent and objective assessment of the compliance capabilities of MinIO Object Storage, MinIO engaged Cohasset Associates, Inc. (Cohasset). As a highly respected consulting firm, Cohasset has recognized expertise and more than 40 years of experience with the legal, technical and operational issues associated with the records management practices of companies regulated by the SEC and the CFTC. Additional information about Cohasset is provided in the last section of this report.

MinIO engaged Cohasset to:

  • Assess the capabilities of MinIO Object Storage in comparison to the five requirements of SEC Rule 17a-4(f) for the recording and non-rewriteable, non-erasable storage of electronic records; see Section 2, Assessment of Compliance with SEC Rule 17a-4(f); and
  • Associate the principles-based requirements of CFTC Rule 1.31(c)-(d) to the assessed capabilities of MinIO Object Storage; see Section 3, Summary Assessment of Compliance with CFTC Rule 1.31(c)-(d); and
  • Prepare this Assessment Report, enumerating the results of its assessment.

In addition to applying the information in this Assessment Report, regulated entities must ensure that the combination of its policies, procedures and regulatory submissions, in conjunction with the capabilities of implemented electronic recordkeeping solutions, meet all applicable requirements.

This assessment represents the professional opinion of Cohasset and should not be construed as either an endorsement or a rejection, by Cohasset, of MinIO Object Storage and its capabilities or other MinIO products or services. The information utilized by Cohasset to conduct this assessment consisted of: (a) oral discussions, (b) system documentation, (c) user and system administrator guides, and (d) other directly related materials provided by MinIO or obtained from publicly available resources.

The content and conclusions of this assessment are not intended, and must not be construed, as legal advice. Relevant laws and regulations constantly evolve, and legal advice is tailored to the specific circumstances of the organization. Therefore, nothing stated herein should be substituted for the advice of competent legal counsel.

1.3MinIO Object Storage Overview and Assessment Scope

MinIO Object Storage is a high performance, distributed, private cloud object storage system that is designed for compatibility with the Amazon Simple Storage Service (S3) protocol. The MinIO Object Storage environment runs on industry standard hardware and is fully open source. MinIO supports traditional object storage, such as secondary storage, disaster recovery and archiving as well as modern use cases, such as advanced analytics, AI (artificial intelligence)/ML (machine learning) and high-performance primary storage for Kubernetes environments.

MinIO Object Storage architecture (illustrated in the diagram) consists of the following components:

  • The S3 APIs (application programming interface) natively support Amazon S3 APIs, which can be used for data management, collaboration and archiving.
  • Object Layer performs erasure code, bitrot check, and encryption functions.
  • Storage Layer is responsible for storing and retrieving objects, stored in Buckets, from physical media.
  • Node is an instance of a MinIO Server.
  • Node Cluster is an unlimited collection of distributed Nodes.
  • Buckets are cluster spanning logical containers that store record objects, including individual versions of a given record object. Each object consists of the content and its descriptive metadata.

MinIO Object Storage Overview and Assessment Scope

Cohasset assessed the capabilities of MinIO Object Storage, Release 172, configured with Object Lock enabled and Object Lock mode set to Compliance, when on-premises, running on MinIO qualified hardware.

Note: Deploying MinIO in Gateway mode or on public cloud storage are outside of the scope of this Assessment Report.

The following section documents Cohasset’s assessment of MinIO, relative to the pertinent requirements in SEC Rule 17a-4(f). Throughout this report, the above described operating environment of MinIO will be assessed.

  • 1 Regulators use the phrase books and records to describe information about certain business transactions, customers, personnel and other administrative activities that must be retained. Accordingly, Cohasset has used the term record object (versus data or object) to consistently recognize that the content is a required record.
  • 2 Exchange Act Release No. 38245 (Feb. 5, 1997), 62 FR 6470 (Feb. 12, 1997) (“Adopting Release”).
1 2 3 4 5 6 7

You are using Internet Explorer version 11 or lower. Due to security issues and lack of support for web standards, it is highly recommended that you upgrade to a modern browser.

Chrome Chrome Firefox Firefox Opera Opera Edge Edge