Is Wasabi’s implementation of S3 Object Lock (aka object immutability) compliant with SEC 17 CFR § 240.17a-4(f), FINRA Rule 4511(c), and CFTC 17 CFR § 1.31 (c)-(d)?

Wasabi’s immutability functionality (object lock with compliance mode) fulfills the following requirements relative to certain electronic storage requirements specified in the following regulations:

  • Securities and Exchange Commission (SEC) in 17 CFR § 240.17a-4(f), which regulates exchange members, brokers or dealers.
  • Financial Industry Regulatory Authority (FINRA) Rule 4511(c), which defers to the format and media requirements of SEC Rule 17a-4(f). 

  • Commodity Futures Trading Commission (CFTC) in 17 CFR § 1.31(c)-(d), which regulates commodity futures trading. 

For more detailed information about how Wasabi’s implementation of S3 Object Lock satisfies these regulations, see the “SEC 17a-4(f), FINRA 4511(c), and CFTC 1.31(c)-(d) Compliance Assessment - Wasabi Hot Cloud Storage” by Cohasset Associates. This report also includes the updated SEC Rules that had a compliance date of 5/3/2023.

For additional information about physical security, network architecture, and data privacy, refer to our white paper “Ensuring SEC Compliance with Wasabi’s Data Immutability”.                                                     

A customer case study on the use of Wasabi’s immutability feature is available here

If you need a D3P (designated third-party) that works with Wasabi, we recommend the Iron Mountain D3P service.

If you need to request an alternate undertaking letter per 17 CFR 240.17a 4(i)(1)(ii)(A), please contact



Have more questions? Submit a request