Customer Login
Product
MinIO Enterprise Object Store
Overview Architecture
Features
MinIO for Public Cloud
AWS GCS Azure
MinIO for Private Cloud
OpenShift SUSE Rancher Tanzu
MinIO for Baremetal
Linux and Windows
Determine your raw and usable capacity Erasure Code Calculator MinIO's Recommended Hardware Configuration Reference Hardware
Solutions
AI Storage Object storage is powering the AI revolution. Learn how MinIO is leading the AI storage market through performance at scale. Modern Datalakes Modern, multi-engine datalakes depend on object stores that deliver performance at scale. Learn more about this core MinIO use case. Hybrid Cloud Effective multi-cloud storage strategies rely on utilizing architecture and tools that can function seamlessly across diverse environments. Equinix Repatriate your data onto the cloud you control with MinIO on Equinix to lower costs while maintaining public cloud adjacency. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. Snowflake Query and analyze multiple data sources, including streaming data, residing on MinIO with the Snowflake Data Cloud. No need to move the data, just query using SnowSQL. SQL Server Discover how to pair SQL Server 2022 with MinIO to run queries on your data on any cloud - without having to move it. HDFS Migration Modernize and simplify your big data storage infrastructure with high-performance, Kubernetes-native object storage from MinIO. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions. Veeam Learn how MinIO and Veeam have partnered to drive performance and scalability for a variety of backup use cases. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Integrations Browse our vast portfolio of integrations.
Community
GitHub Join our GitHub open source community: explore, experiment, ask questions, and contribute. Slack Channel The MinIO Community Slack provides an open forum for discussing topics related to MinIO. All support is provided on a best-effort basis.
Docs Blog Resources Training Partner Pricing Download

Cohasset Associates Report

MinIO Object Storage: SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) Compliance Assessment

Download PDF
Table of Contents

3 | Summary Assessment of Compliance with CFTC Rule 1.31(c)-(d)

The objective of this section is to document Cohasset’s assessment of the capabilities of MinIO Object Storage, as described in Section 1.3, MinIO Object Storage Overview and Assessment Scope, in comparison to the CFTC requirements.

The individual relevant requirements cited in Section 2, Assessment of Compliance with SEC Rule 17a-4(f), are based on the wording in SEC Rule 17a-4(f) and Cohasset’s interpretation of the requirements, given the associated SEC Interpretive Releases. Specifically, the SEC’s 2003 Interpretive Release reiterates that the Rule sets forth standards that the electronic storage media must satisfy to be considered an acceptable method of storage under SEC Rule 17a-4:

A broker-dealer would not violate the requirement in paragraph (f)(2)(ii)(A) of the rule if it used an electronic storage system that prevents the overwriting, erasing or otherwise altering of a record during its required retention period through the use of integrated hardware and software control codes. [emphasis added]

Accordingly, it is Cohasset’s opinion that the requirements set forth in SEC Rule 17a-4(f) are technology-neutral and apply to any electronic solution with (a) integrated control codes that extend to the electronic storage system and (b) features that deliver capabilities that meet the requirements of the Rule.

The August 28, 2017, amendments to CFTC Rule 1.31 establish technology-neutral, principle-based requirements. As illustrated in the table in this section, it is Cohasset’s opinion that the requirements of the modernized CFTC Rule may be achieved by meeting the SEC requirements.

When comparing the capabilities of MinIO Object Storage that align with the SEC requirements to the principles- based CFTC requirements, it is essential to recognize that the SEC Rule separately describes requirements for index data and audit trail, whereas the CFTC in 17 CFR § 1.31(a) establishes an expanded definition of an electronic regulatory record to include the information as specified in paragraph (i) and (ii) below.

Definitions. For purposes of this section:

Electronic regulatory records means all regulatory records other than regulatory records exclusively created and maintained by a records entity on paper.

Records entity means any person required by the Act or Commission regulations in this chapter to keep regulatory records.

Regulatory records means all books and records required to be kept by the Act or Commission regulations in this chapter, including any record of any correction or other amendment to such books and records, provided that, with respect to such books and records stored electronically, regulatory records shall also include:

(i) Any data necessary to access, search, or display any such books and records; and

(ii) All data produced and stored electronically describing how and when such books and records were created, formatted, or modified. [emphasis added]

The focus of Cohasset’s assessment, presented in Section 2, pertains to MinIO Object Storage, when Object Lock mode is set to Compliance, which is highly restricted and assures that the storage solution applies controls to (a) protect immutability of the record content and certain system metadata and (b) prevent deletion over the applied retention period.

In the following table, Cohasset correlates the capabilities of MinIO Object Storage, when Object Lock mode is set to Compliance, to the principles-based CFTC requirements related to the form and manner of retention and the inspection and production of regulatory records. In addition, Cohasset contends that MinIO Object Storage, with record objects stored in Governance Mode (which is less restrictive), meets these principles-based CFTC requirements, when the regulated entity applies appropriate procedural controls to oversee operations that may allow content to be modified or deleted prior to expiration of the retention period. This less restrictive Governance Mode option provides flexibility to remove retention controls, which may be beneficial for compliance with privacy and data protection requirements.

The left-hand column lists the principles-based CFTC requirements. The middle column provides Cohasset’s analysis and opinion regarding the ability of MinIO Object Storage, with Object Lock to meet the requirements for electronic regulatory records in CFTC Rule 1.31(c)-(d). In addition, for ease of reference, the right-hand column lists the correlated SEC requirements.

Summary Assessment of Compliance with CFTC Rule 1.31(c)-(d) Summary Assessment of Compliance with CFTC Rule 1.31(c)-(d)
  • 5 17 CFR § 1.31(a) includes indices (Any data necessary to access, search, or display any such books and records) in the definition of regulatory records
1 2 3 4 5 6 7

You are using Internet Explorer version 11 or lower. Due to security issues and lack of support for web standards, it is highly recommended that you upgrade to a modern browser.

Chrome Chrome Firefox Firefox Opera Opera Edge Edge