The U.S. Securities and Exchange Commission (SEC) ended the last business day of its 2023 fiscal year (September 29) by dropping a bombshell announcement.
As part of its war against the use of unsupervised off-channel communication by broker-dealers, the agency had reached settlements with 10 regulated entities. Five broker-dealers, two affiliated Registered Investment Advisors (RIAs), and three dual-registered broker-dealers and RIAs fell victim to the SEC’s wrath for what it described as “widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.”
In total, the firms ended up with fines of US$79 million along with orders to cease and desist from their non-compliant practices. While the number is significantly lower than what was demanded by the SEC from financial institutions as part of its WhatsApp fines in 2022, when the combined penalties were in the billions, it is worth noting that the agency promises real benefits to firms that self-report, work on remedying the situation, and cooperate with the SEC.
An overview of the SEC’s recordkeeping requirements for broker-dealers
Per the SEC’s broad interpretations, any form of electronic communications by broker-dealers relating to their business can be subject to preservation and retention requirements. Also, RIAs are required to record communications pertaining to recommendations given to clients along with any advice they are planning to give.
This means in addition to call monitoring, these firms have to undertake comprehensive recordkeeping when it comes to communication exchanged via iMessage, Slack, email, WhatsApp, WeChat, Telegram, Signal, etc.
Keeping in line with the rapid advancements in enterprise messaging, the SEC has also updated its compliance requirements as of October 12, 2022 during which the agency revised Rule 17a-4.
Consequently, broker-dealers now have to maintain their electronic records in a manner that is auditable, meaning there needs to be transparency regarding the deletion or modification of the communication records. The regulator further mandated that when requested, the electronic records have to be “reasonably usable.”
It is especially vital for broker-dealers to take note of these updates because even prominent players, such as Interactive Brokers LLC and Robert W. Baird & Co. Inc. have fallen short of the requirements, inviting hefty fines owing to violations of regulations, such as Section 17(a) of the Exchange Act and Rule 17a-4(b)(4).
Proactive Compliance: Crafting Robust Internal Criteria for SEC Success
Firms that self-report lapses in their communication compliance efforts and are prepared to take corrective action are likely to be treated more leniently than the broker-dealers who wait around to be probed based on customer complaints or the SEC’s own investigations.
Even the Enforcement Director Gurbir Grewal from the regulatory authority confirmed there were “real benefits to self-reporting, remediating and cooperating.”
Consequently, firms need to take proactive measures as part of their internal recordkeeping efforts to stave off SEC fines.
Implementing real-time archiving for internal communication
Firms need to make use of a network archiver to capture all forms of employee communication. Such a solution is indispensable to companies with large teams of broker-dealers using a mix of company-issued and own devices, especially in a hybrid setting. Capturing messages and recording voice calls over the network also removes the necessity to install applications on employee devices and ensures that communication across all instant messengers and social media applications is retained.
Message retention happens in real-time, meaning companies can set up alerts to notify their compliance officers instantly if a broker-dealer uses certain words/ phrases that may lead to SEC violations.
Importantly, having a proper system in place to enforce regulators’ recordkeeping requirements will ensure that messages don’t get disposed of before the retention period.
Even if the messages need to be accessed after several years, the broker-dealer will still have a copy, and the conversations can be searched based on keywords or context, such as the name of the person sending the message/ receiving it, the phone numbers, date of communication, etc. This aligns perfectly with regulators’ requirement that the communications have to be stored in a durable and easily accessible manner.
Maintaining a consistent communication policy
Even with an archiving solution in place, secure instant messaging requires clear company-wide communication policies. Firms need to prioritize this because a trained workforce that can prevent violations can save them the time and resources that will be needed to deal with the SEC.
In many of the broker-dealers fined by the SEC, it was found that the top-level management was also skirting the rules, so the companies have to ensure that the internal policies apply to everyone. Along with the rules on how to use various devices and instant messengers in a compliant manner, the compliance teams also need to make the penalties for violations clear and ensure to penalize employees who don’t fall in line.
Ensuring D3P and WORM compliance
It is also quite clear that firms can’t rely on the backup capabilities of various apps to undertake key compliance functions, such as WhatsApp archiving. In line with D3P compliance requirements, firms need to have a designated third party that can independently access the communication records for audits or investigations if the broker-dealer is unable or unwilling to hand them over.
When it comes to maintaining the records, SEC used to insist that the information be secured on a “write once, read many” (WORM) storage format so it can’t be tampered with. This regulation, which was mainly aimed at information on CD-ROMs and floppy disks, will also be applicable to cloud-based digital storage systems, so broker-dealers will have to find non-rewritable and non-erasable means of maintaining their employee communications records.
Reporting and auditing capabilities
Along with a clear communication policy, broker-dealers need to be subjected to constant evaluation when it comes to their communication between themselves and prospects and clients. Based on data-driven reports, companies can facilitate training in areas of compliance in which their broker-dealers are struggling the most. Reporting can also be used to identify patterns of suspicious behavior, like some broker dealers’ calls being shorter than their colleagues, which could mean they are using other unapproved devices to continue sensitive conversations with clients.
The firm further needs to ensure that every message, call, or email they have retained is unaltered by means of an audit trail. Documenting who has accessed the records and for what can go a long way in avoiding being unprepared when the SEC acts. If the SEC acts based on a customer complaint, and they have in their possession unaltered communication records from the complainant, the broker-dealer showing up with doctored electronic communication can lead to strict action.
Conclusion
The recent SEC settlements with broker-dealers highlight the urgent need for robust internal recordkeeping practices in the face of evolving regulations. The SEC’s heightened focus on electronic communication preservation requires broker-dealers to take proactive measures. Maintaining consistent communication policies, ensuring designated third-party and WORM compliance, and having reporting and auditing capabilities are mission-critical.
Firms that self-report and cooperate with the SEC stand to benefit, emphasizing the importance of internal compliance efforts. To stay ahead of SEC regulations and amendments, broker-dealers need to invest in an archiving solution that captures real-time communication via the network, irrespective of the device or application used.
Contact us for a demo of our network archiver to begin your journey towards proactive compliance.
