Control 1.9: Data Retention and Deletion Policies
Control ID: 1.9
Pillar: Security
Regulatory Reference: SEC 17 CFR 240.17a-3 / 240.17a-4 (broker-dealer recordkeeping), FINRA 4511, FINRA 25-07, SOX §§302/404 (15 U.S.C. §7262), GLBA 501(b) (15 U.S.C. §6801), 17 CFR 1.31 (CFTC), IRS 26 CFR §1.6001-1 / Rev. Proc. 98-25 (electronic records), litigation-hold duty (FRCP 37(e))
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Retain agent-related data — conversation logs, prompts and responses, knowledge-source content, configuration history, and audit metadata — for the periods required by US financial-services recordkeeping rules, then dispose of it under a documented, defensible workflow. This control helps meet SEC 17 CFR 240.17a-4, FINRA 4511, SOX §404, GLBA 501(b), and CFTC 1.31 obligations, and aids in supporting litigation-hold preservation duties under FRCP 37(e). It is required for any tenant that hosts agent interactions touching regulated-entity recordkeeping or customer NPI.
Why This Matters for FSI
- SEC 17 CFR 240.17a-4(b)(4) — Communications:Originals of all communications received and copies of all communications sent (including inter-office memoranda) relating to the broker-dealer's "business as such" must be preserved for at least 3 years, the first 2 in an "easily accessible place." AI-mediated chats with customers or in support of trading activity are in scope.
- SEC 17 CFR 240.17a-4(b)(2)/(3) — Books and records: Required books and records under 17a-3 must be preserved for at least 6 years, the first 2 readily accessible. Where firm activity creates an 17a-3 record (orders, trade tickets, blotters, customer account records), agent transcripts evidencing or generating that record inherit the 6-year clock.
- SEC 17 CFR 240.17a-4(f) — Electronic storage media (Oct 2022 amendments, compliance date May 3, 2023): Permits either (i) WORM/non-rewriteable, non-erasable storage or (ii) an "audit-trail alternative" that maintains a complete time-stamped audit trail of original and modified records, including verifying records, with serialized indexing. Either path additionally requires a Designated Third Party (D3P) undertaking under 17a-4(f)(3)(vii) so that the SEC can obtain records if the firm fails to produce them. Standard Microsoft 365 retention does not by itself constitute either path — see "SEC 17a-4(f) caveat" below.
- FINRA Rule 4511 — Books and records: Members must preserve books and records for the period specified by SEA Rule 17a-4 (default 6 years if no other period is specified) and must comply with paragraph (b)(4) of 17a-4 for any records covered there.
- FINRA 25-07 — AI guidance: AI-generated communications must be supervised, archived, and retained under the same books-and-records rules as human-generated communications. The classification (communication vs record) follows function, not the medium that produced it.
- SEC Reg S-P (2024 amendments, 17 CFR 248.30): Requires written policies for the proper disposal of customer information and consumer report information, including documentation of disposal actions and incident-response procedures. Disposition workflows must produce evidence of what was disposed and when.
- 17 CFR 1.31 (CFTC): "Regulatory records" must be retained for 5 years from creation, the first 2 years readily accessible, indexed, and "protected against alteration." Applies to FCMs, swap dealers, IBs, CPOs, CTAs.
- SOX §404 + §802 (18 U.S.C. §1519, 18 U.S.C. §1520): Internal-control documentation retention; audit work-paper retention 7 years (auditor obligation, but issuers must retain underlying records to support the audit). Anti-spoliation rules apply.
- GLBA 501(b) (15 U.S.C. §6801) and Safeguards Rule (16 CFR Part 314, FTC; 17 CFR Part 248 Subpart A, SEC): Protect customer NPI throughout its lifecycle, including disposal. Retention policies must coexist with NPI safeguards.
- IRS 26 CFR §1.6001-1 / Rev. Proc. 98-25: Records that support tax positions retained generally 7 years; electronic records must be retrievable in machine-sensible form throughout the period.
- Litigation-hold duty (FRCP 37(e), common-law spoliation doctrine): Once litigation is reasonably anticipated, retention/disposition must be suspended through a legal hold. Sanctions for spoliation include adverse-inference instructions and case-terminating sanctions.
SEC 17a-4(f) caveat — read before claiming WORM compliance
Microsoft Purview Preservation Lock prevents administrators from disabling, deleting, or shortening a retention policy and can only have locations added or retention extended after locking. Microsoft positions Preservation Lock as supporting compliance with 17a-4(f) when correctly configured and when the customer obtains a third-party assessment. Microsoft does not act as the broker-dealer's Designated Third Party (D3P) under 17a-4(f)(3)(vii); the D3P undertaking is a separate engagement that the firm must arrange with a qualified vendor. Treat any "WORM" claim as the firm's responsibility to validate with counsel and the firm's compliance consultant. See Microsoft Learn: Regulatory requirements for retention and SEC Final Rule 34-96034.
Communications vs. records classification — get this from counsel
Whether an agent transcript is classified as a communication (3 years per 17a-4(b)(4)) or a book/record (6 years per 17a-4(b)(2)–(3) and FINRA 4511) depends on the agent's function and whether its output is used in creating an 17a-3 record. When the classification is ambiguous, apply the longer period and document the rationale in the firm's Written Supervisory Procedures (WSPs).
Automation Available
See DR Testing Framework in FSI-AgentGov-Solutions for automated disaster recovery testing for AI agent infrastructure.
Control Description
This control combines four Microsoft Purview surfaces and one Power Platform surface to retain, immobilize, and defensibly dispose of agent data:
| Capability | Microsoft surface | Description |
|---|---|---|
| Retention labels | Purview > Solutions > Records Management & Data Lifecycle Management | Item-level retention applied by classification (manual, auto-apply, or default for a SharePoint library). Labels can mark items as records (locked retention) or regulatory records (immutable — cannot be unmarked, retention cannot be reduced). |
| Retention policies | Purview > Solutions > Data Lifecycle Management > Policies | Container-level retention scoped by location (Exchange, SharePoint, OneDrive, Microsoft 365 Groups, Teams chats/channels/Copilot, Viva Engage, Microsoft 365 Copilot and AI experiences, Enterprise AI Apps, Other AI Apps). Adaptive scopes are recommended over static for dynamic targeting. |
| Preservation Lock | Set-RetentionCompliancePolicy -RetentionComplianceLockType Lock (Security & Compliance PowerShell) |
Irreversibly locks a retention policy: no admin (including Global Admin) can disable, delete, or shorten it. Only adding locations or extending retention is permitted. This is the surface Microsoft positions for SEC 17a-4(f)-aligned immutability. |
| eDiscovery / Litigation hold | Purview > Solutions > eDiscovery (Standard / Premium); Exchange In-Place Hold (legacy) | Preserves content in scope of a case beyond retention rules. Overrides retention disposition for the duration of the hold. |
| Disposition review | Purview > Solutions > Records Management > Disposition | Multi-stage reviewer workflow at retention end (supports SharePoint, OneDrive, Exchange items with retention-label-driven retention). Produces an audit trail of disposition decisions. |
| Dataverse long-term retention | Power Platform Admin Center > Environments > Dataverse > Long-term retention | Per-table archival for Copilot Studio agent transcripts (e.g., botcomponent, botsession, conversationtranscript and Copilot Studio interaction tables); separate from Purview retention. |
| Audit trail of deletion | Microsoft 365 Audit (Purview > Audit) | Records FileDeleted, HardDelete, SoftDelete, retention-label apply/remove, policy create/modify/delete. Should be retained at least as long as the underlying records (see Control 1.7). |
Key Configuration Points
- Build the retention schedule first, then configure. Get counsel sign-off on per-record-type periods (communications vs. books-and-records, customer NPI, audit metadata, model documentation). Document in WSPs before touching the portal.
- Create retention labels per record type (recommended Zone 3 baselines):
- Agent conversation transcripts (communications classification): 3 years minimum, first 2 readily accessible (17a-4(b)(4))
- Agent transcripts that evidence or generate an 17a-3 record: 6 years, first 2 readily accessible (17a-4(b)(2)–(3), FINRA 4511)
- Agent configuration and version history: 6 years (mirrors books-and-records exposure)
- Agent audit metadata (sign-ins, action audit, deletion events): 7–10 years (covers SOX §802 audit-work-paper window and overlapping multi-regulator inquiries)
- Publish labels to the full set of in-scope locations: Exchange email, SharePoint sites, OneDrive accounts, Microsoft 365 Groups, Teams channel/private/standard messages, Teams chats and Copilot interactions, Viva Engage communities, and Loop workspaces.
- Create retention policies for AI interaction surfaces using the three Purview AI-specific locations:
- Microsoft 365 Copilot and AI experiences — covers M365 Copilot in Word/Excel/Outlook/Teams, Business Chat, and Copilot Studio agent interactions surfaced through M365 Copilot
- Enterprise AI Apps — covers enterprise-managed AI applications (Microsoft Foundry, Entra-registered AI apps, ChatGPT Enterprise where the connector emits to Microsoft 365)
- Other AI Apps — covers third-party / unmanaged AI applications captured via the AI App PAYG meter (see Control 1.7)
- Configure Dataverse long-term retention in Power Platform Admin Center for Copilot Studio environments to archive agent transcripts beyond the active environment retention window.
- Apply Preservation Lock (
Set-RetentionCompliancePolicy -RetentionComplianceLockType Lock) on every Zone 3 retention policy after a CAB-approved change window. This is irreversible — see "Locked-policy gotchas" in the PowerShell playbook. - Use adaptive scopes (driven by Entra group, department, country, or custom attribute) rather than static scopes for any policy that targets a population that changes over time.
- Note: Disposition review applies to retention-label-driven retention on Exchange / SharePoint / OneDrive content. Copilot interaction and Dataverse transcript retention use policy-based controls without reviewer-driven disposition — plan defensible deletion evidence accordingly.
- Stand up a documented legal-hold intake process with eDiscovery (Standard or Premium) so litigation preservation can be applied within hours of a triggering event.
- Configure extended audit log retention for deletion events (see Control 1.7); the audit trail of disposition is itself a record.
- Implement storage tiering to satisfy the "readily/easily accessible" requirement (see table below) without paying hot-tier prices for years 3+.
Storage Tier Requirements ("Readily/Easily Accessible")
SEC 17a-4 and FINRA 4511 require records to be "readily accessible" (SEC) or "easily accessible" (FINRA) for the first 2 years:
| Storage Tier | Access Time | Use For | Implementation |
|---|---|---|---|
| Hot Storage | Immediate | First 2 years of retention | SharePoint Online, Exchange Online |
| Cool Storage | Minutes | Years 3+ of retention | Azure Blob Cool Tier |
| Archive Storage | Hours | Long-term archive (after primary period) | Azure Blob Archive Tier |
Readily Accessible Definition
"Readily accessible" means records can be produced promptly upon regulatory request. For practical purposes:
- First 2 years: Records should be retrievable within hours
- Years 3+: Records should be retrievable within reasonable business days
Configure automated tiering to move records to Cool storage after 2 years while maintaining search/retrieval capability.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | 1-year minimum conversation retention; automatic deletion at end of period; no Preservation Lock required; standard Purview audit retention. | Sandbox / personal productivity scope; minimal regulatory exposure provided NPI handling and customer-facing functions are explicitly out of scope. |
| Zone 2 (Team) | 3-year retention (matches 17a-4(b)(4) communications floor); disposition review enabled with manager + records-management approval; standard Purview retention policies unlocked but change-controlled via CAB; Dataverse long-term retention enabled. | Departmental collaboration; possible inadvertent contact with customer-facing or supervisory communications — apply communications-floor retention by default. |
| Zone 3 (Enterprise) | 6-year retention as the baseline (17a-4(b)(2)–(3) / FINRA 4511); 7–10 years for audit metadata (SOX §802); regulatory-record labels (-Regulatory $true) on records-classified content; Preservation Lock applied to every retention policy and label policy; eDiscovery hold playbook documented with named hold custodians; D3P undertaking arranged with a qualified vendor for any 17a-4(f) attestation. |
Maximum regulatory protection; surfaces directly subject to broker-dealer recordkeeping, SOX §404 internal-control evidence, and CFTC 1.31 obligations. |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Purview Records Manager | Retention label and label-policy authoring; records / regulatory-records flagging; disposition workflow configuration |
| Purview Compliance Admin | Retention policy authoring; policy distribution monitoring; Preservation Lock application (with CAB approval) |
| Compliance Officer | Regulatory retention requirements; classification of agent transcripts (communication vs record); disposition review approval |
| Legal / General Counsel | Legal-hold issuance, scope, custodian identification, and release; D3P arrangement for 17a-4(f) attestation |
| Purview eDiscovery Roles | Hold creation in eDiscovery cases; preservation status export for evidentiary use |
| Power Platform Admin | Dataverse long-term retention configuration for Copilot Studio environments; environment-level retention defaults |
| Exchange Online Admin | Mailbox-level In-Place / Litigation Hold (legacy) where eDiscovery hold is not practical; mailbox audit retention |
| Purview Audit Admin | Audit-log retention policy for deletion / disposition events (coordinate with Control 1.7) |
Related Controls
| Control | Relationship |
|---|---|
| 1.7 - Audit Logging | Audit log retention |
| 4.3 - SharePoint Retention | SharePoint-specific retention |
| 2.13 - Documentation | Documentation requirements |
| 1.5 - DLP and Sensitivity Labels | Sensitivity labels integration |
| 2.4 - Business Continuity | DR testing validates backup integrity (DR Testing Framework) |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Written retention schedule exists, is signed off by counsel, and maps each record type to a regulatory citation (17a-4(b)(2), 17a-4(b)(4), FINRA 4511, SOX §802, CFTC 1.31, GLBA 501(b), IRS).
- All FSI retention labels exist in Purview with the planned duration, action, and (for Zone 3 record-classified content)
IsRecordLabel = Trueand/orRegulatory = True. - Label policies are published to all required locations (Exchange, SharePoint, OneDrive, Microsoft 365 Groups, Teams chats/channels/Copilot, Viva Engage); distribution status reads Success in the portal.
- Retention policies for Microsoft 365 Copilot and AI experiences, Enterprise AI Apps, and Other AI Apps exist and are distributed.
- Preservation Lock is applied to every Zone 3 retention policy (
RetentionComplianceLockType = Lock) and the lock is verified out-of-band with PowerShell evidence. - Test deletion of labeled / scoped content is blocked during the retention period, and the block reason is logged in the unified audit log.
- Disposition-review workflow triggers at retention end for label-driven content and produces a reviewer audit trail.
- eDiscovery / Litigation hold prevents disposition for content in scope of an active case, even when retention would otherwise dispose of it.
- Audit log captures
FileDeleted,HardDelete,SoftDelete, retention-label apply/remove, and retention-policy create/modify/delete events with at least the same retention as the underlying records. - Dataverse long-term retention is configured for Copilot Studio environments and verified by archiving a test transcript table.
- Storage-tiering plan documents how content moves from hot to cool/archive at the 2-year boundary while remaining retrievable within reasonable time for SEC / FINRA examiners.
Additional Resources
- Microsoft Learn: Learn about retention policies and retention labels
- Microsoft Learn: Create and configure retention policies
- Microsoft Learn: Create retention labels for data lifecycle management
- Microsoft Learn: Records management — Mark items as records / regulatory records
- Microsoft Learn: Use Preservation Lock to restrict changes to retention policies and retention label policies
- Microsoft Learn: Disposition of content
- Microsoft Learn: Learn about retention for Microsoft 365 Copilot and AI experiences
- Microsoft Learn: Create eDiscovery holds
- Microsoft Learn: Regulatory requirements for information governance (incl. SEC 17a-4)
- Microsoft Learn: Manage long-term retention for Dataverse
- SEC Final Rule 34-96034: Electronic Recordkeeping Requirements for Broker-Dealers (Oct 2022)
- FINRA Rule 4511 (Books and Records)
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current