FINRA record retention requirements are a critical aspect of the compliance obligations for FINRA-member organizations.
As with any violations, failure to comply with appropriate records retention rules can result in costly investigations and fines. The relevant rules include FINRA Rule 451, SEC Rule 17a-3, and SEC Rule 17a-4.
Several Letters of Acceptance, Waiver, and Consent (AWC) submitted to FINRA by large global brokerages highlight the issues that any broker-dealer must consider. We’re highlighting four main takeaway points as an important update for Chief Compliance Officers of digital broker-dealers. The same rules apply.
1. Retain records in a compliant manner for electronic communications of all senior management.
Senior management may not have a direct role in securities activities. Even an indirect role in decision making that affects securities activities (including client transactions, hedging strategies, and deal approval) can fall under the rule to monitor and retain electronic communications.
- One broker-dealer received both a censure and a $40,000 fine because it excluded some senior management from electronic communication. It did so intentionally, believing that FINRA rules did not apply. This exclusion turned out to be a costly error.
CCO Takeaway: Make sure to err on the side of caution in monitoring and retaining communications, especially for senior management. Regardless of their role, their communications may ultimately influence securities activities.
CCOs are required to review and strengthen policies. The largely automated nature of communications monitoring tools (including flagged terms, information classification, and sampling methodologies) makes compliance easier to maintain, provided that people have not been erroneously excluded from the policy.
2. Compliance and administrative alerts must be retained in a non-erasable, non-rewritable format.
This requirement stems from the Securities Exchange Act of 1934. The basic concepts applied to paper records, but of course, today’s world has changed. Alerts are now digital and disseminated at high volume. The digital world has the same rules, however.
- Another broker-dealer had to address its failure to maintain over 18.3 million electronic internal compliance alerts over a five-year period. This failure resulted in a censure and a fine of $750,000.
FINRA also considers a firm’s prior history of failures to establish and maintain compliance. It examines factors such as written procedures and a supervisory system “reasonably designed” to achieve compliance with record retention obligations.
CCO Takeaway: Closely scrutinize all procedures and systems related to electronic communications and alerts to ensure they meet FINRA’s definition of “reasonably designed” controls.
3. FINRA Record Retention Requirements also include customer account notices and consolidated reports.
Broker-dealers must retain essentially all records related to account activity and supervise the distribution of such materials.
- For one larger broker-dealer, non-compliance came at a very significant cost—a fine of $900,000 in the case of account notices and a fine of $10,000,000 with restitution of over $1.6 million in the case of reports.
Rules apply to internal and client communications.
CCO Takeaway: Having a policy in place will not suffice. That policy must be designed in a way that demonstrates serious intent to comply. It must also be a written policy, communicated to relevant staff, and supervised for potential violations.
This approach mitigates the risks and costs of long, multi-year periods of violation (which in turn can suggest an endemic culture of non-compliance to regulators).
4. Records must be maintained in ways that prevent loss, alteration, or deletion.
Digital records are easily modified or lost. Just think of how many times in your life you have accidentally deleted or lost work. It happens to all of us, but FINRA is unlikely to show much sympathy. In today’s world, risks like ransomware attacks add additional concerns.
- An AWC relating to this issue, including censure and a $1,000,000 fine, highlights the impact of failing to comply with regulations. Specifically, a broker-dealer must maintain certain records relating to its business, including trade blotters, asset and liability ledgers, order tickets, and trade confirmations.
- In a similar situation, a separate broker-dealer submitted an AWC and paid a $2,500,000 fine for records maintenance failures for nearly 20 years.
CCO Takeaway: When records are digital, additional rules apply. Exchange Rule 17a-4(f) requires firms to meet several provisions:
- notify FINRA at least 90 days before storing records electronically,
- have in place an audit system for tracking the input of records as well as any changes made to such records,
- retain a third-party vendor with access to the records
- store electronic records in a non-rewritable, non-erasable format.
Many digital broker-dealers will simply not have been in business long enough to rack up a high number of years of violations, but the point is clear. Electronic records retention is a common area of regulatory scrutiny.
In addition to retaining records, adequacy or reasonableness of efforts and controls also plays a significant role. Planning and continuous review are critical.
Questions about how your organization can stay on top of FINRA record retention requirements? Contact InnReg for help at email@example.com.
Relevant FINRA Record Retention Rules:
- FINRA Rule 451: States that any capital acquisition broker must maintain records of customers name and residence, legal age status, and named individuals authorized to transact business on behalf of the customer, for each customer.
- SEC Rule 17a-3: Requires that broker-dealers retain purchase and sale documents, customer records, associated person records, customer complaints, blotters, ledgers, and other order details related to each transaction.
- SEC Rule 17a-4: Requires retention of “originals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer (including inter-office memoranda and communications) relating to its business as such, including all communications which are subject to rules of a self-regulatory organization of which the member, broker or dealer is a member regarding communications with the public.” The term communications includes sales scripts, recordings of telephone calls, and electronic messaging such as SMS, chat, and email.