19 CFR § 111.21 - Record of transactions.
(a) Each broker must keep current in a correct, orderly, and itemized manner records of account reflecting all his financial transactions as a broker. He must keep and maintain on file copies of all his correspondence and other records relating to his customs business.
(b) Each broker must provide notification to the CBP Office of Information Technology Security Operations Center (CBP SOC) of any known breach of electronic or physical records relating to the broker's customs business. Notification must be electronically provided (firstname.lastname@example.org) within 72 hours of the discovery of the breach, including any known compromised importer identification numbers (see 19 CFR 24.5). Within ten (10) business days of the notification, a broker must electronically provide an updated list of any additional known compromised importer identification numbers. To the extent that additional information is subsequently discovered, the broker must electronically provide that information within 72 hours of discovery. Brokers may also call CBP SOC at a telephone number posted on CBP.gov with questions as to the reporting of the breach, if any guidance is needed.
(d) Each broker must designate a knowledgeable employee as the party responsible for brokerage-wide recordkeeping requirements. Each broker must maintain accurate and current point of contact information in a CBP-authorized electronic data interchange (EDI) system. If a CBP-authorized EDI system is not available, then the information must be provided in writing to the processing Center.