The Financial Industry Regulatory Authority (FINRA) is not afraid of issuing steep fines when it comes to non-compliance of SEA Rules 17a-3 and 17a-4 of Section 17(a)(1) of the Securities Exchange Act of 1934 (‘’Exchange Act’’ or ‘’SEA’’). We previously mentioned how FINRA fined 12 firms a total of $14.4 million for what it called “failing to protect records from alteration.” And while the technology exists to support brokerage firms in the securities industry (and one would expect non-compliance to slowly decrease), fines continue to be issued.
In a recent high-profile case, JPMorgan agreed to pay the SEC $200 million to settle regulatory charges on recordkeeping lapses. The reason for the fine was that JPMorgan had failed to preserve staff communications across mobile devices, messaging apps, and email accounts.
Why was this a problem? Business-related communications were not retained within the firm’s regulatory records repository and could not be produced in response to an audit or third-party subpoena.
Rule 17a-4 and Rule 204-2 of the Exchange Act state that all business-related communications, including those conducted over personal devices, text message or otherwise, must be retained in compliance with applicable recordkeeping requirements, which means a few missing text messages can suddenly become very expensive.
It's therefore clear that non-compliance goes above and beyond preserving proper records – how books and records are retained (and for how long) is critical under FINRA’s rules as well.
SEC/FINRA Books and Records Retention Requirements
The financial services sector is held to particularly high standards of accountability in terms of accurate record keeping, as we highlight in our blog, SEC Rule 17a-3 and Recordkeeping Compliance. In fact, Rule 17a-3 requires brokers and dealers to create and preserve comprehensive records of each securities trade, including copies of blotters, account statements, trade confirmations, canceled checks and more, which we unpack later in this article.
This heavily regulated area means that businesses and broker-firms operating in the securities industry are required to maintain accurate and complete books and records by FINRA Rule 4511 (General Requirements), which states that firms must:
- Make and preserve books and records according to the rules of FINRA, the SEA, and all applicable SEA rules so that, among other things, the SEC, state securities regulators, and self-regulatory organizations (“SROs”) may conduct effective examinations of broker-dealers
- Preserve the books and records included in the FINRA rules in a format and media that comply with SEA Rule 17a-4
- Capture and retain electronic communications, such as email and instant messages, as well as hard-copy records
- Ensure that registered representatives, supervisors, and compliance officers understand these regulations and adhere to them
- Minimum requirements with respect to the books and records that broker-dealers create
- How long the records and other documents relating to a broker-dealer’s business must be kept
- What format records must be kept in
These recordkeeping requirements ensure that regulators have the ability to access and review the books and records generated by broker firms.
It’s important to remember that FINRA is responsible for enforcing compliance by its members. This is achieved by ensuring that the SEC's rules, FINRA's own rules and the Municipal Securities Rulemaking Board (“MSRB”) recordkeeping rules, are adhered to in terms of books and records that are applicable to broker-dealers.
The Administrative Burdens of Regulations 17a-3 and 17a-4
As the continuous issuance of non-compliance fines by the SEC and FINRA suggests, regulations 17a-3 and 17a-4 and FINRA Rule 4511 have created a significant administrative burden for broker-firms, which is perhaps one reason why firms struggle to be compliant—there is no willful disregard of regulations, but ensuring that all books and records retention requirements are met can be costly and time-consuming without the correct tools and processes in place.
The scope of these regulations relating to books and records is extensive and includes, but is not limited, to:
- Any client or business-related correspondence
- Any information or documentation that firms have to create and preserve in accordance with MSRB rules, the federal securities laws, FINRA rules, and all other applicable laws, rules, and regulations
- Customer account profile information
- Investment and trade-related correspondence, including puts, trade tickets, calls, trade blotters, income and expense ledgers, asset and liability ledgers, capital account ledgers, securities records, customer account ledgers, order tickets, and trade confirmations
In addition to being preserved in a defensible format that cannot be altered, these records also have extensive retention timeframes, which must be adhered to.
- Broker-firms must keep records based on the type of record in question. FINRA and the SEC’s regulations outline the length that records must be retained. For example, brokers must retain copies of trade confirmations for only three years, but blotters, which are the records containing details of all purchases and sales of securities, must be kept for a minimum of at least six years.
- Six years is also the default retention period if a retention period for a specific book or record is not specified under FINRA or SEA rules. If relating to an account, the retention period is for six years after the date the account is closed. For books and records, it is for six years after the books or records were made.
- Be time-stamped with unique and sequential identification numbers
- Organized and indexed correctly
- Stored in a digital format that cannot be deleted
- Stored in duplicate
Unpacking SEC/FINRA Books and Records Requirements
FINRA’s books and records requirements are both complex and extensive, so here are the highlights of what firms should be aware of, culminating in retention policies:
1. They are designed to protect the integrity of books and records
According to FINRA’s rules, firms must store legible, accurate, true, and complete copies of their books and records to protect the integrity of the books and records from the moment they are created or received to when they can legally be disposed of after the retention period. The falsification, alteration, or destruction of books and records are serious violations of SEC and FINRA rules.
2. They specify recordkeeping formats or media
Brokers may store their books and records in one of three formats or media to ensure compliance:
- Paper form
- On micrographic media (microfilm, microfiche, or any similar medium)
- On electronic storage media
SEA Rule 17a-4(f) discusses the particular and specific requirements of micrographic media and electronic storage media. In today’s digital landscape, electronically stored media and how it is captured, preserved and stored are critical to ensuring compliance with FINRA’s book and records retention requirements.
3. Retention periods vary—and must be adhered to
Simply capturing, preserving, and storing books and records is not enough – how this information is retained (and for how long) is critical to remaining on the right side of the law. It is critical that firms have policies and procedures in place addressing recordkeeping obligations, including retention periods. SEC and FINRA books and records requirements must be followed, but many individual firms have their own policies in place as well, which may require longer retention periods.
Ensuring Compliance with Books and Retention Requirements
To ensure compliance with FINRA’s books and records retention rules, as well as SEA Rule 17a-3 and Rule 17a-4, brokerage firms should invest in archiving platforms that support these five conditions of a compliant archiving practice:
Immutability: All electronic records must be written as WORM (write once, read many) files to ensure unchangeable archive storage.
Discoverability: Archives must be indexed to ensure they are fully searchable through metadata. All key attributes of electronic media files must be captured in such a way that they are easily retrieved and reviewed.
Auditability: Every event that occurs, including the first time data is written to the moment it is erased, should be logged and recorded.
Retainability: Different records must be retained for different periods according to SEC and FINRA rules.
Destructibility: How records are destroyed and how many times a platform will be overwritten to eradicate any trace of data must be contained in record-retention policies.
While “books and records” might still be commonly used when talking about recordkeeping, it’s important to remember that the term has become incredibly broad. It now includes not only the abovementioned email, mobile texts, and messaging apps, but also team collaboration tools (like MS Teams), social media, and official company websites.
In order for organizations to fully comply with books and records rules, these modern data sources must be incorporated into existing recordkeeping systems and processes. Thankfully, solutions exist that automate this process and make it easy to comply with SEC/FINRA requirements.
Want to learn more about website and social media recordkeeping that complies with SEC/FINRA regulations? We have a blog post dedicated to the topic—click the button below to check it out.