In this regulatory roundup, we focus heavily on self-reporting and how financial firms that voluntarily report electronic communications and recordkeeping violations may receive favorable fines from regulatory bodies such as the U.S. Securities and Exchange Commission (SEC).
Self-remediating and self-reporting
The SEC fined a large firm $15 million for widespread and longstanding failures by the firm and its employees to maintain and preserve electronic communications. This proceeding involves the failure of employees, including senior-level staff, to comply with essential requirements and the firm’s own policies. Employees used personal devices to engage in off-channel communications, such as personal text messages and messaging platforms like WhatsApp. The SEC found that these off-channel communications related to the broker-dealer business operated by the firm — but it had failed to maintain or preserve the majority of these communications. The failure to implement policies and procedures prohibiting such communications resulted in a lack of reasonable supervision of employees.
In addition, the CFTC fined the firm $45 million for manipulative and deceptive trading related to swaps with bond issuers, spoofing and supervision, and mobile device recordkeeping failures. While discussions about the manipulative trading were openly held on the firm’s electronic communication systems and recorded phone lines, they were not flagged by any type of surveillance system and were therefore not supervised. Since the SEC has been clear that self-reporting and cooperation will be favorable to offenders, the firm self-reported off-channel communications related to the business and proactively began remediation.
“Today’s actions should not only remind firms of the importance of following SEC recordkeeping requirements, but also the value of disclosing violations when they do occur. Both [firms] self-reported and self-remediated their recordkeeping violations, and the reduced penalties in these cases reflect their efforts and cooperation. As we continue our efforts to ensure compliance with the Commission’s essential recordkeeping requirements, we encourage other firms to take note and likewise self-report.“ – Gurbir S. Grewal, Director of the SEC’s Division of Enforcement.
Initiating a review before self-reporting
In similar news, the SEC fined another large firm $7.5 million for widespread and longstanding failures by the firm and its employees to maintain and preserve electronic communications. This proceeding also involved senior-level staff and their failure to comply with essential requirements and firm policies by using personal devices to engage in off-channel communications related to the firm’s business, while not maintaining or preserving the majority of those written communications. Unlike the first case, this firm discovered these off-channel communications and initiated a review of its recordkeeping failures and a remediation program before self-reporting the issue to the Division of Enforcement.
In addition, the CFTC fined the firm $15 million for failing to maintain, preserve, or produce records that were required to be kept under CFTC recordkeeping requirements, and failing to diligently supervise matters related to their businesses as CFTC registrants.
Self-reporting the deletion of communications records
The SEC handed a large firm a $4 million fine for accidentally deleting approximately 47 million electronic communications from around 8,700 electronic mailboxes. The firm self-reported the deletion event after discovering that many of the records were required business records under regulations 17a-3 and 17a-4.
Firm employees were given deletion tasks as part of a project to remove older communications and documents, but they experienced glitches which deleted unintended documents. This deletion had significant consequences as the firm was unable to retrieve or produce these deleted communications in response to subpoenas and document requests from at least twelve civil securities-related regulatory investigations. The firm has since implemented its own retention coding and strengthened approval processes for data disposition to prevent similar incidents from occurring in the future.
Other firm fines
Failing to supervise a registered representative
FINRA fined a firm $180,000 for failing to reasonably supervise a registered representative and his assistant’s firm email accounts. It was found that the firm should have detected the representative was using firm resources to sell over $7 million in outside securities to its customers and other investors. Additionally, the firm failed to reasonably supervise these activities according to their Outside Business Activities (OBA) policies and procedures.
Restitution and interest
FINRA has imposed a fine of over $637,000 in restitution and interest on a firm for multiple violations. These include:
- Failure to implement a proper supervisory system to ensure compliance with FINRA suitability requirements for variable annuity recommendations
- Inadequate response to red flags indicating unsuitable recommendations
- Lack of effective supervision over the use of an unapproved email address for transmitting securities-related documents to customers
- Failure to retain business-related email communications
Additionally, the firm neglected to establish and enforce written procedures for reviewing electronic correspondence and documenting such reviews. Notably, a representative of the firm and their support staff utilized external email accounts for business purposes, engaging in communication with customers and forwarding incomplete or blank documents for signing.
An individual was fined $10,000 and issued a 30-day suspension for the improper use of WhatsApp. This individual was using WhatsApp to communicate with customers; however, WhatsApp was not an approved communication channel according to the firm’s established policies and the firm did not preserve the individual’s WhatsApp communications as required by regulations, leading to incomplete recordkeeping on the part of the firm.
In 2020, the firm discovered the individual’s use of WhatsApp and subsequently issued the individual a Letter of Education reminding him of the firm’s explicit prohibition against using unapproved electronic messaging platforms. Despite receiving and acknowledging the letter and its terms, the individual persisted in their use of WhatsApp for another 19 months to communicate with firm customers about securities-related matters.
Another individual has been sanctioned by FINRA with a fine of $15,000 and a 15-month suspension due to the use of a personal cell phone to transmit unauthorized text messages containing client documents. Because of this behavior, the individual’s firm failed to uphold the required preservation of business-related text messages. Additionally, the individual provided false information to her firm by falsely asserting that she did not utilize text messaging for business purposes and provided misleading statements to FINRA by denying the transmission of client documents through text messaging.
With the regulatory landscape evolving and fines growing in size and trickling down from firms to individuals, it’s time to embrace compliance failures and limit their impact on your firm. It pays to be proactive and transparent by self-reporting, but the next step is fortifying your communications compliance for the future.
Author: Tiffany Magri – Regulatory Advisor at Smarsh
As a Regulatory Advisor at Smarsh, Tiffany monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Need A Regulatory Marketing Compliance Consultant? A Bit More About Us
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.
We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…
Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.