FINRA is increasing disciplinary actions against firms and individuals for failing to comply with recordkeeping and supervision rules. Last month, FINRA fined firms and individuals for using “unauthorized communication channels” including text messaging, IM, and personal emails.
A brokerage firm was fined $290,000 for failing to establish a system of reasonable supervision, including adequate Written Supervisory Procedures (WSPs). The firm failed to establish and maintain the required systems to supervise the activities of its registered representatives, registered principals, and other persons notwithstanding red flags, suggesting closer supervision was warranted. The findings stated that the firm failed to review a representative’s electronic communications thus failing to adequately supervise a representative’s electronic communications. The firm should have been aware that one of its representatives was using their own personal instant messaging account to conduct firm business. However, it did not preserve records of these IM communications, and as a result, the firm failed to adequately meet their regulatory requirements to keep electronic business records. FINRA takes violations of Rule 17-a-4 very seriously. Firms can no longer look the other way if their brokers use, or if they have a reasonable belief that brokers use, tools outside of the firm’s compliance perimeter.
FINRA also fined a firm $35,000 for failing to establish, maintain and enforce adequate WSPs for the review of email. The findings stated that the firm’s WSPs were deficient because they did not specify the amount of email required to be reviewed; how the firm would supervise the review of email; the timing and frequency of such supervision; or how such supervision was to be documented. Additionally, the WSPs failed to specify a process by which emails from the firm’s president, chief executive officer (CEO), and chief compliance officer (CCO) were to be reviewed. The firm’s WSPs also prohibited registered representatives from using personal email addresses for firm-related business communications – without proper enforcement! As a result, at least three of the firm’s representatives used non-firm email addresses for business purposes. By failing to enforce the policies in the Written Supervisory Procedures, the firm failed to adequately supervise its representatives’ written communications, resulting in steep fines.
FINRA fined a firm $5,000 for failing to maintain and preserve emails as required by FINRA rules and SEC Rule 17a-4. The findings stated that a third-party vendor was used to manage the firm’s email retention system, however, 2,830 firm emails were not retained. While 2,830 emails were retained on the firm’s server, the firm’s server was not Rule 17a-4 compliant. In addition, the firm’s retention system did not prevent it from permanently deleting emails. The findings also stated that the firm failed to document its supervisory email reviews.
Individuals Penalized for Text Messaging
FINRA fined two brokers for texting business-related communications in violation of their firm’s Prohibition policy. A broker was fined $10,000 and suspended from association with any FINRA member in all capacities for five months, then ordered to pay $11,754, plus interest, in deferred restitution to customers. The broker sent more than one hundred text messages about his securities business to a disqualified representative without seeking or receiving the firm’s prior written approval. The broker’s member firm prohibits sharing nonpublic information with disqualified representatives. Essentially, the broker prevented the firm from supervising those communications, creating a risk of harm to customers.
Another broker was also fined for communicating via text message without the firm’s authorization. The broker was fined $2,000 and suspended for texting prospective clients from his personal cell phone. The broker also sent an email from his personal email account to a prospective customer, violating his member firm’s procedures requiring business related emails to be sent through firm-approved systems or devices. The broker’s business-related communications, sent from his personal email account and personal cell phone, were not retained by the firm, causing failure to comply with its recordkeeping obligations. The findings also stated that the broker sent numerous emails to prospective customers, which included a non-approved flier as an attachment describing services that the broker claimed to be able to provide to customers. In the cover emails, the broker falsely stated that he worked as part of a team and made a promissory statement claiming to “mitigate investment risk.” The attached sales flier also touted the broker’s use of a particular investment evaluation tool, which had not been approved for use by his firm.
If your firm is not collecting all of the communications of your brokers (including text and IM) and if your firm does not have a WSP that accurately and adequately supervises those communication, your firm is at risk for fines. Many firms prohibit the use of text message or personal accounts. The above enforcement actions suggest that a prohibition policy will not save firms from fines if their brokers are actually communicating with clients over those prohibited channels. If your firm knows or should know that your brokers are communicating over prohibited channels, your firm is at risk for fines. Text messaging is the most in-demand communication channel which brokers are using to communicate with clients. If you are not archiving text messages, your firm is at risk of being fined.
Firms are obligated to retain records of digital communications that relate to their “business as such” as required by Rule 17a-4(b). A safe approach to compliance for electronic recordkeeping rules is to implement an “archive everything” strategy. Firms need to be aware of the electronic communications environment and ensure they archive all business communications sent to, and received by, their brokers, whether those brokers communicate via email, social media, text messaging, instant messages, or other forms of electronic communication.
Here are a few key steps to this Archive Everything strategy:
Electronic communications must be easily accessible, indexed, and stored on non-erasable and non-rewriteable media as required by Rule 17a-4(f). Engage an archiving vendor that is compliant with the regulatory rules and has the technical ability to capture messaging data including those on popular apps and tools like Facebook, Slack, LinkedIn, Twitter and text messages. Make sure to select a vendor solution with supervision capabilities such as flagging keyword lexicons and reporting options.
Set up Keyword Lexicons: keyword lexicons will save you time and help supervise the activities of the firm employees. You can create keywords and key-phrases to flag the risk of brokers using unauthorized communication channels. Red flag examples include: “respond to my gmail,” “text me,” and “let’s take this offline.” You can also setup lexicons to find promissory statements such as “mitigate investment risk,” “guaranteed to be profitable,” “no downside risk”. Use examples from enforcement cases to create lexicons to target your search and enhance your supervision process. It’s not enough just to have the policies. Firms’ lexicon policies need to be reasonably designed in light of the compliance risks of the firm. It’s important to make sure that lexicons are flagging high risk communications.
Review the adequacy of your electronic communications policy and supervisory systems: At a minimum, your WSPs should identify the reviewers, describe the process the reviewers will follow to conduct each review, the timing and frequency of the review, and how the reviewers will evidence that the required supervisory steps were taken. This would include provision for escalation of regulatory issues to the designated supervisor or other appropriate department. Reviewers may not conduct supervisory reviews of his or her own electronic communications. WSPs should not be updated only to reflect changes to regulations, but also when changes are made to the supervisory process. Ensure the policies are properly enforced and followed by the designated reviewers.
Make sure all employees are trained and well-aware of all policy guidelines and permitted communication channels. Most importantly, enforce the WSPs for the review of electronic communication.
All of these steps will advance your compliance program, supervisory systems, and protect your business. They will also ensure that FINRA rules are followed to protect against accidental violations. New advancements in archiving technology and solutions, make this easy and possible, so brokers can more easily communicate with customers while remaining in compliance.
Author: Marianna Shafir Esq. Corporate Counsel, Regulatory Advisor at Smarsh
About Marianna Shafir
Mariannais Corporate Counsel and Regulatory Advisor at Smarsh, where she’s responsible for legal and regulatory affairs worldwide. In addition, she helps Smarsh clients navigate compliance obligations, technology trends, and new industry regulations through her vast knowledge of best practices related to electronic communications supervision. Prior to joining Smarsh, Marianna worked for BNY Mellon and Invesco in varying compliance roles.
Marianna is an adjunct professor and lecturer of Law at New York Career Institute, where she teaches Law Office Management and Real Estate Law. She earned her J.D. at Nova Southeastern University, and a B.B.A. degree in marketing from Baruch College.
How can we help!