Financial firms should see enforcement actions as learning opportunities. The Securities and Exchange Commission (SEC) or other regulatory bodies enforce steep fines and penalties. They expect firms within the industry to pay attention and make note for their own compliance programs.
With that in mind, we’re continuing our blog series, “what went wrong” in which we’ll cover enforcement actions and what your firm can do to avoid the same mistakes.
In our previous enforcement action blog post, we talked about a $13.1 million Regulation Best Interest (BI) violation. Today, we’re focusing on an enforcement action regarding the SEC’s record-keeping requirements and what broker-dealers can learn from this case of noncompliance.
The case: A violation of the SEC’s record-keeping requirements
In September 2022, the SEC fined 16 of the world’s largest financial firms over $1 billion for violating its record-keeping requirements. Rule 17a-3, or the SEC’s record-keeping rule, requires financial firms to maintain, preserve and produce communications and records. The SEC alleged the financial firms, namely broker-dealers, had not been complying with the rule for at least four years. SEC Chair Gary Gensler said that “By failing to maintain and preserve required records relating to their businesses, the firms’ actions likely deprived the Commission of these off-channel communications in various commission investigations.”
According to the SEC, the financial firms made several compliance missteps:
- The firms’ employees routinely communicated business matters via text messages or personal messaging apps, like WhatsApp.
- The firms’ employees routinely communicated business matters on their personal devices.
- The firms failed to maintain or preserve a large majority of the off-channel communications.
- The violations involved employees at multiple levels of authority, including supervisors and senior executives.
The following month, in October 2022, the SEC adopted an amendment to its record-keeping rule. The amendment, SEC Rule 17a-4, modernizes the rule and sets forth the electronic recordkeeping and prompt production of records requirements for broker-dealers.
What can your broker-dealers do to avoid violating the Reg BI rule?
The case highlights multiple areas of note within the record-keeping requirements as well as cybersecurity risk for broker-dealers. Here are some steps your firm can take to avoid making the same (costly) mistakes these financial firms made:
- Provide specific and up-to-date education to employees, including broker-dealers, on the cybersecurity risks of communicating business matters on personal devices and on platforms which are not approved by the firm.
- Write firm policies and procedures which thoroughly address the record-keeping rule.
- Ensure the channels which your employees use to communicate have second authenticators.
- Maintain all records of communication in your firm.
These violations made up a significant portion of the SEC’s $6.4 billion fines last fiscal year. What’s more – cases like these are expected to increase due to the current trend of working from home and electronic communication.
Is your firm doing all it can to avoid a compliance violation? Let’s find out. Schedule a demo today!