Loading...
compliance

Books and Records Retention Compliance Checklist

Use this checklist to verify that client agreements, communications, and transaction records are retained, indexed, and retrievable for SEC examination readiness. It helps you spot retention gaps, missing records, and weak preservation controls before an audit does.

Fill it now — Free Get Started
Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Investment Advisory · Broker Dealer · Wealth Management · Financial Services Compliance

Overview

This checklist is for reviewing whether books and records are being retained, organized, and retrieved in a way that supports SEC examination readiness. It focuses on the record types most often tested in practice: client agreements, communications, and transaction or trade records, along with the controls that make those records usable later, such as indexing, searchability, version history, and backup protection.

Use it when you need a repeatable inspection of retention compliance across a defined period, a sample of record categories, or a specific system change such as a migration to a new archive or document platform. It is especially useful before an internal audit, after a policy update, or when you want to test whether the first two years of records are readily accessible as required by your retention framework.

Do not use it as a substitute for legal review of your firm’s exact retention obligations, and do not treat backup storage as proof of compliant retention. It is also not the right tool for general cybersecurity testing or for evaluating records outside the scope of books-and-records retention. The checklist is meant to surface concrete deficiencies: missing records, weak indexing, slow retrieval, incomplete audit trails, and preservation gaps that could become exam findings.

Standards & compliance context

  • This checklist supports testing against SEC books-and-records retention expectations and should be mapped to the firm’s applicable retention rule set and supervisory procedures.
  • For electronic records, confirm that preservation controls align with recognized records management practices and that audit trails or version history are available where required.
  • If the firm handles communications subject to supervision or archiving requirements, the checklist should be coordinated with the firm’s communication retention and surveillance controls.
  • Backup systems are not a substitute for compliant retention unless they are configured and governed to meet the applicable records preservation standard.
  • Where the firm operates under broader compliance frameworks, the checklist can be paired with ISO 9001-style document control or internal control testing, but it should remain focused on retention and retrieval.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Inspection Setup and Scope

This section defines what period, entities, and record types are being tested so the review is traceable and repeatable.

  • Inspection period and scope documented (weight 3.0)

    Record the date range, entity, office, and systems included in the review.

  • Record categories selected for testing (weight 3.0)

    Select the record types included in the sample.

  • Retention policy and schedule available to inspector (critical · weight 4.0)

    Confirm the current retention policy, schedule, or written supervisory procedure is available for review.

Retention Period Compliance

This section verifies that each record category is being kept for the required duration under the firm’s retention schedule.

  • Client agreements retained for required period (critical · weight 8.0)

    Confirm client agreements and amendments are retained for at least five years, with the first two years readily accessible.

  • Communications retained for required period (critical · weight 8.0)

    Confirm business-related communications subject to retention are preserved for the required period and are searchable or retrievable.

  • Transaction and trade records retained for required period (critical · weight 9.0)

    Confirm transaction records, confirmations, and related support are retained for at least five years and are available for the first two years without delay.

Accessibility, Indexing, and Retrieval

This section checks whether records can be found and produced quickly enough to satisfy an examination request.

  • First two years of records readily accessible (critical · weight 7.0)

    Verify records required to be readily accessible can be produced promptly without manual reconstruction.

  • Records indexed by client, account, date, or document type (weight 5.0)

    Confirm the archive supports logical indexing and retrieval by common examination fields.

  • Sample retrieval time (weight 4.0)

    Measure the time required to retrieve a requested record from the archive.

  • Missing or unretrievable records identified (weight 4.0)

    Document any records that could not be located, produced, or verified during the sample.

Record Integrity and Preservation

This section confirms that records remain complete, authentic, and protected in a compliant electronic or original form.

  • Records preserved in original or compliant electronic form (critical · weight 7.0)

    Confirm records are maintained in a manner that preserves content, context, and evidentiary integrity.

  • Audit trail or version history available for electronic records (weight 5.0)

    Verify the system maintains audit logs, version history, or equivalent controls for record changes.

  • Backup and disaster recovery controls protect retained records (critical · weight 8.0)

    Confirm retained records are included in backup, recovery, and business continuity controls.

Supervision, Exceptions, and Corrective Action

This section captures deficiencies, assigns remediation, and shows whether the firm has closed the loop on prior gaps.

  • Retention exceptions or gaps documented (weight 5.0)

    Describe any missing records, late deletions, system failures, or retention exceptions identified during testing.

  • Corrective action assigned for deficiencies (critical · weight 5.0)

    Confirm each deficiency has an owner, due date, and remediation plan.

  • Examination readiness confirmed (critical · weight 5.0)

    Confirm the firm can produce requested records in a timely manner and explain retention controls during an SEC examination.

Inspector Sign-Off

This section records the final result, summary comments, and accountability for the completed inspection.

  • Overall inspection result (weight 4.0)

    Select the final outcome of the inspection.

  • Inspector comments and summary (weight 3.0)

    Summarize key findings, material deficiencies, and follow-up actions.

  • Inspector signature (critical · weight 3.0)

    Inspector sign-off confirming the inspection was completed accurately.

How to use this template

  1. 1. Define the inspection period, the business units in scope, and the record categories you will test, then attach the applicable retention policy and schedule to the checklist.
  2. 2. Assign an inspector who can access the archive, document management, email, and trading systems needed to sample and retrieve records without relying on the record owner.
  3. 3. Test each retention category by selecting sample records, confirming the required retention period, and verifying that the records still exist in the approved system or compliant format.
  4. 4. Measure retrieval performance by searching for records by client, account, date, or document type and recording whether the first two years of records are readily accessible.
  5. 5. Document every deficiency, assign corrective action with an owner and due date, and confirm closure before marking the inspection as examination ready.

Best practices

  • Tie each sample to a specific client, account, date range, and record type so the inspection can be reproduced later.
  • Verify the retention schedule against the actual system configuration, not just the written policy, because policy and archive settings often drift apart.
  • Test retrieval from the same tools staff use in practice, including archive search, email journaling, and document repositories, rather than relying on manual file browsing.
  • Treat missing metadata as a retention problem when it prevents search, indexing, or production of the record on demand.
  • Confirm that electronic records preserve original content and required version history, especially after migrations or format conversions.
  • Record the exact retrieval time and any manual intervention needed, since slow or workaround-heavy access can indicate an exam readiness issue.
  • Escalate any gap affecting required records immediately, even if the issue appears isolated, because retention failures often indicate a broader control weakness.

What this template typically catches

Issues teams running this template most often surface in practice:

Client agreements are stored in a shared drive but are not indexed by client or account, making retrieval inconsistent.
Communications are retained in one system while supervisory staff search another, creating gaps between capture and production.
Trade or transaction records fall outside the retention schedule after a platform migration and are no longer searchable by date.
The first two years of records exist, but they are not readily accessible because staff must request manual restoration from IT or a vendor.
Electronic records have no usable audit trail or version history, so the firm cannot show what changed and when.
Backups exist, but they are not configured as a compliant archive and cannot support timely retrieval for examination.
Retention exceptions were identified previously, but corrective actions were not assigned or tracked to closure.

Common use cases

Compliance Officer — Quarterly archive testing
A compliance officer uses the checklist to sample agreements, emails, and trade records each quarter and confirm that retention periods, indexing, and retrieval times still meet the firm’s standard. The completed checklist becomes evidence for supervisory review.
Operations Manager — Post-migration validation
After moving to a new document management or archive platform, operations uses the checklist to verify that legacy records were preserved in compliant form and remain searchable by client, account, and date. This helps catch migration gaps before regulators do.
Broker-Dealer Supervisor — Exam readiness review
A supervisory reviewer runs the checklist before an SEC exam to confirm that the firm can produce required records quickly and consistently. The review highlights missing records, slow retrieval, and any exceptions that need escalation.
Wealth Management Administrator — Retention policy check
An administrator compares the firm’s retention schedule to actual archive settings for client agreements and communications. The checklist helps identify whether records are being kept too short, too long, or in the wrong repository.

Frequently asked questions

What does this checklist cover?

This checklist covers the core books-and-records areas typically tested in a retention review: client agreements, communications, transaction records, indexing, retrieval, and preservation controls. It is designed to confirm that records are retained for the required period and can be produced quickly for examination. It also captures exceptions, gaps, and corrective actions so the review leaves an audit trail.

Who should run this inspection?

Compliance, operations, records management, or a designated supervisory reviewer can run it, depending on how your firm assigns control ownership. The inspector should understand the firm’s retention schedule and know where records are stored across email, archive systems, document management tools, and trading platforms. For higher-risk areas, a second reviewer may be useful to validate sample retrieval and exception handling.

How often should this checklist be used?

Use it on a recurring cadence that matches your compliance program and record volume, such as quarterly, semiannually, or before an internal audit or regulatory exam. It is also useful after system migrations, retention policy changes, or vendor changes that affect archiving and retrieval. If your firm has a high volume of communications or trade activity, more frequent testing is usually warranted.

Does this checklist align with SEC retention requirements?

Yes, it is built to support testing against SEC books-and-records retention expectations, especially for records that must be preserved and made available for examination. It focuses on practical controls like retention periods, accessibility, indexing, and preservation rather than legal interpretation. You should still map the checklist to your firm’s specific rule set, policies, and supervisory procedures before use.

What are the most common mistakes this checklist helps catch?

Common issues include records stored in the wrong archive, retention periods that do not match the policy, communications that were never captured, and files that cannot be retrieved within a reasonable time. Teams also miss version history for electronic records, or they assume backups are the same thing as compliant retention. This checklist makes those gaps visible during testing instead of during an exam.

Can I customize the record categories and sample size?

Yes, and you should. The template is meant to be adapted to the record categories that matter to your business, such as advisory agreements, trade blotters, email, chat, confirmations, or account statements. You can also adjust the sample size, date range, and retrieval criteria to match your risk profile and internal testing plan.

How does this differ from an ad hoc records review?

An ad hoc review usually checks a few files and stops there, while this checklist creates a repeatable inspection record with scope, evidence, findings, and sign-off. That structure matters because retention compliance is not just about having records somewhere; it is about proving they are complete, preserved, and retrievable. The checklist also helps standardize reviews across teams and periods.

What should we do if records are missing or unretrievable?

Document the deficiency, identify the affected record type and date range, and assign corrective action with an owner and due date. Then determine whether the issue is isolated or systemic, such as a failed archive rule, a migration gap, or a policy mismatch. If the gap affects required records, escalate through your compliance and supervisory process immediately.

Related templates

Inspections

Knowledge Base Article Hygiene Review

Use this Knowledge Base Article Hygiene Review template to audit help articles for accuracy, curr...
Inspections

Broker Compliance File Audit Procedure

Audit broker client files for consumer credit disclosures, best interests duty evidence, privacy ...
Inspections

Trade Allocation Fairness Review Worksheet

Use this worksheet to review block trade allocations across client accounts, confirm the method m...
Inspections

Trade Order Pre-Trade Compliance Review Checklist

Use this checklist to verify a trade order against the account, mandate, restriction lists, and p...
Inspections

SEC and State RIA Examination Preparation Document Request Checklist

Organize the records, policies, and evidence an SEC or state RIA examiner is likely to ask for, w...
Forms

AML Customer Due Diligence and Risk Rating Worksheet

Assess a new customer’s source of funds, point of origin, and AML risk rating in one worksheet. U...
Sop

Cash Drawer Open & Count

Cash Drawer Open & Count is the SOP for verifying a drawer, counting the starting bank, recording...
Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...

Go deeper on the topic

Related concepts
  • Predictive Scheduling Law
    Predictive scheduling laws — also called fair workweek laws or secure scheduling — require employers in covered industries to publish employee schedules...
  • Overtime Calculation
    Overtime calculation is the process of applying federal, state, local, and contractual rules to hours worked to determine the correct pay — including...
  • Near-Miss Reporting
    A near-miss is an event that could have caused injury or damage but didn't — a slip that didn't fall, a load that shifted but didn't drop, a machine that...
  • Lockout/Tagout
    Lockout/tagout (LOTO) is the procedure for controlling hazardous energy — electrical, hydraulic, pneumatic, mechanical, thermal, chemical — before...
Related guides

Ready to use this template?

Get started with MangoApps and use Books and Records Retention Compliance Checklist with your team — pricing built for small business.

Get Started Customize with AI
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate