D-KaP Audit — the EpochCore product that seals your annual FINRA Rule 4370 business-continuity test into one examiner-ready evidence packet — captures tested recovery procedures, who ran the test, how long it took, and what broke. One signed packet your examiner accepts on first review.
FINRA Rule 4370 requires every member firm to maintain a written business-continuity plan, test it, and document the test. When the FINRA examiner asks “show me proof your last BC/DR test happened on the date you claim, was run by the people you claim, and produced the results you claim,” most firms reach for an email trail and a meeting recording—evidence the examiner can’t verify and routinely pushes back on.
The test usually happened. The problem is producing trustworthy evidence months later. Most firms spend more time documenting the test for the examiner than running the test itself.
D-KaP Audit captures the full FINRA 4370 BC/DR audit record at the moment the test finishes: tested procedures, participant identities, start and end times, outcomes per step, remediation items. The service returns a signed evidence packet—JSON record plus a printable PDF—carrying a triple cryptographic signature and a verifiable timestamp. The packet is anchored to an external trust root so the FINRA examiner can verify it offline without contacting us.
40668c787c463ca5. FINRA examiners can verify offline, without contacting us.Execute the annual 4370 test according to your written business-continuity plan. Record participants, start time, the procedures tested, the outcomes per step, and any remediation items—exactly the data your plan already requires.
/auditSubmit the BC/DR test record to the D-KaP endpoint with your API key at the moment the test finishes. The service seals the record in under two seconds and returns the signed evidence packet—don’t wait days, the value is in sealing while the data is fresh.
Drop the packet in your annual-compliance folder. When the FINRA examiner asks for proof of the 4370 test, send the JSON receipt and the PDF. The examiner verifies the signatures, confirms the test occurred on the claimed date with the claimed participants, and closes the item without a follow-up.
Example: A 60-person broker-dealer in Dallas runs its annual BC/DR test on a Saturday in November: cut over to the backup data center, run trade-execution against the secondary OMS, validate market-data flow, restore. The BC officer enters participants, times, and per-step outcomes; submits to /audit at 18:00 local; receives the signed packet by 18:00:02. When FINRA arrives the following March asking for proof of the test, the BC officer hands over a single signed packet. The examiner verifies, sees the test ran on the claimed Saturday with the claimed staff, and the line item closes without a single follow-up email.
Reconstructing a BC/DR test record after the fact, for an examiner who is pushing back on the original documentation, typically costs 20–40 hours of compliance staff time. $59 to seal the test once, at the time it happens, in a format the examiner can verify offline, is one of the cheapest forms of regulatory insurance you can buy. Compared to the alternative—an examination finding that lingers as an open deficiency through the next annual review—the price is rounding error.
The same signed BC/DR audit packet, plus the PDF timeline carries an invisible stealth watermark keyed to your trust root. The watermark adds a second, image-layer chain of custody—useful when the audit packet gets screenshotted, emailed across teams, or copied into a regulator’s workpapers. Measured to stay attached through screenshots, JPEG compression, and scaling (90 of 136 attack vectors survived, false-positive rate zero, SSIM 0.985). Not “uncopyable”—a determined attacker can still strip it—but tamper-evident in the ways FINRA examiners actually care about. MEASURED