SEC Rule 17a-4 requires certain business documents to be retained for period of 3 to 6 years, and in the first two years in an easily accessible place. These include communications by broker and dealers, checks, bank statements, net capital and debt calculations, and many records made pursuant to SEC regulations.
SEC Rule 17a-4(f)(2)(ii) states that:
(A) Preserve the records exclusively in a non-rewriteable, non-erasable format;
(B) Verify automatically the quality and accuracy of the storage media recording process;
(C) Serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; and
(D) Have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under this paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.
So reading this you would apparently need to burn your financial records to a disc, use a checksum command to confirm the data copied correctly, put a data on the disc labeled with a date indicating when it must be retained until and be capable of sending the records to the SEC if they request it.
SEC has provided an interpretation of this specific provision that explains how the ESI should be stored. It states that, "the rule, by its terms, does not limit broker-dealers to using a particular type of technology such as optical disk." The SEC approves the use of other electronic storage devices that prevent the overwriting, deletion or alteration for a specified period "through the use of integrated hardware and software control codes." The SEC states that software that protects data with authentication policies or password protection does not qualify.