Firms, Individuals, and Compliance Officers fined for failure to retain and supervise all electronic communication

CCO’s are in FINRA’s crosshairs

A CCO was fined in June for failure to comply with FINRA Supervision Rules 3110 and 3130. The CCO failed to have an effective supervisory system in place to retain and review electronic communications. The CCO was fined $40,000 and suspended from association with any principal and supervisory capacity for 30 business days, followed by a two-month suspension from association with any FINRA member in any principal and supervisory capacity. The sanctions were based on findings that the CCO willfully violated Municipal Securities Rulemaking Board 24 Disciplinary and Other FINRA Actions June 2017 (MSRB) Rule G-27 by failing to establish, maintain, and enforce a reasonable supervisory system regarding review of electronic correspondence and failing to adequately review electronic correspondence.

Registered representative fined for use of personal email account

A broker was fined $22,500 and suspended from association with any FINRA member in all capacities for four months. The findings found the broker used a personal email account to conduct firm business in a manner that caused the firm to fail to preserve and maintain all such emails in its books and records.

Firm fined for failure to implement a retention system and supervise

Also in July, a firm was fined $707,000 and suspended, for failure to ensure that it had an effective system in place to retain electronic communications, as the firm’s brokers routinely used personal email accounts bypassing any system of surveillance or monitoring it utilized.

A second firm was fined $65,000. The firms consented to the sanctions and to the entry of findings that two out of the firms’ 87 email servers were not properly reloaded with an email retention and supervision program after a standard server refresh. The findings stated that the firms share email servers and an email monitoring and retention system, and that the system was not reloaded on the two servers due to human error. The firm first discovered the issue as part of an internal compliance review of emails. Upon discovery, the firm identified the extent of the issue and took steps to recover emails that were potentially lost. Despite these efforts, approximately 547,000 emails were lost due to the error over a nine-month period, and the emails of representatives from both firms were impacted. The fact that the firm self-reported to FINRA, and took steps to identify and correct technical deficiencies, was considered in determining appropriate sanctions.
 

So what does this tell us? Issues discovered are costing firms, individuals, and compliance officers more than they ever have before.

To comply with the evolving regulatory landscape, ensure you have a reliable and compliant retention system. A comprehensive archiving system needs to capture all electronic communications, including IM email, social media, mobile/text messaging and websites. Your compliance team should be able to monitor and store content no matter what device, operating system, or carrier your firm or advisors use. One effective archiving system should enable you to manage it all.

Your policies and procedures should set forth standards for all of the devices and applications that the firm uses, so all communications that need to be retained and supervised are. Permissible messaging applications must allow retention of messages. The firm and CCO’s should be aware of the technology used by registered representatives, and must not allow technology that cannot be adequately retained or supervised. Also, must have appropriate training for the firms registered representatives. CCO’s must follow up on red flags that indicate that a registered representative is not following procedures.

Lastly, make sure to regularly use your archiving system and review electronic communications. It’s not enough to just implement a retention system without using it. If you need assistance, utilize any training and webinars available to you. And if you are going to delegate compliance responsibilities, make sure that you are supervising those activities. A great way to streamline the supervision process is with the reporting and queues capabilities. Dashboards track team-based review, queues enable reviewers to quickly see their daily set of messages, track progress, and escalate messages that require further scrutiny. Built-in audit trails show the activities on every message, which helps ensure surveillance of employees’ electronic communications.