United States

The Federal Financial Institutions Examination Council (FFIEC) released guidance for banks, savings associations and credit unions. Non-bank-entities supervised by the Consumer Financial Protection Bureau are grouped in with the type of companies above. The guideline offers general advice, in somewhat vague terms, which gives entities the flexibility to devise risk-management policies that best align with their organizational structure.

FINRA Rule 4511, which is based on the general recordkeeping requirements of NASD Rule 3110(a) and NYSE Rule 440, clarifies that firms are obligated to:

(1) make and preserve books and records as required under the rules of FINRA, the Securities Exchange Act (SEA) and the applicable SEA rules;

and

(2) preserve the books and records required to be made pursuant to the FINRA rules in a format and media that complies with SEA Rule 17a-4.

FINRA Regulatory Notice 12-29, SEC Approves New Rules Governing Communications With the Public, includes details on the new SEC-approved FINRA rules governing broker-dealers' communication with the public. The rules take effect February 4, 2013.

Included in the changes is a reduced number of communication categories from six down to three: retail communication, institutional communication and correspondence.

The Financial Industry Regulatory Authority (FINRA) has a page on their website to make registered representatives aware of the potential liabilities and compliance requirements when using electronic communications and the Web for business purposes. Specific considerations for electronic communication include email, instant messaging and websites including social networking sites, blogs, bulletin boards and personal devices.

The resource includes information on published rules as well as a link to the actual text of the rule or interpretation when possible.

FINRA Rule 8210 has been amended by the SEC to require encryption of information provided via portable media device. As an example, when electronic documents are sent to FINRA via portable media devices like CDs, DVDs, USB drives or portable hard drives, the encryption on these devices must meet "industry standards." FINRA has defined this as being 256-bit or higher encryption. Additionally, the confidential process or key to decrypt the communication must arrive separately from the encrypted portable media device itself.

The Mortgage Acts and Practices - Advertising Final Rule (the MAP Rule) gives the FTC and state authorities the ability to seek civil penalties for deceptive mortgage advertising, and clarifies and provides examples of what constitutes deceptive mortgage advertising. In addition, it institutes record-keeping requirements on mortgage advertisers.

FINRA Regulatory Notice 11-39 (guidance on social networking websites and business communications) is a response to January 2010's FINRA Regulatory Notice 10-06, addressing questions regarding the application of the rules since 10-06's publication. The notice is presented in Q&A format and covers four sections: recordkeeping, supervision, third-party posts, third-party links and websites, and accessing social media sites from personal devices.

Highlights include:

Regulatory Notice 11-32 provides questions and answers from FINRA regarding the application of the new rule to assist member firms in the implementation of new FINRA Rule 4530 requirements (as explained in FINRA Regulatory Notice 11-06). In addition, FINRA Regulatory Notice 11-32 provides the definition of tweets and text messages being "written" material.

The Securities and Exchange Commission is publishing its views on the operation of its rule permitting broker-dealers to store required records in electronic form. Under the Rule 17a-4, electronic records must be preserved exclusively in a non-rewriteable and non-erasable format. This interpretation clarifies that broker-dealers may employ a storage system that prevents alteration or erasure of the records for their required retention period.

The Privacy of Consumer Financial Information, otherwise known as Regulation S-P (Reg S-P, for short), has been adopted by the SEC in accordance with Section 504 of the Gramm-Leach Bliley Act (GLBA). This section requires the SEC and a variety of other US federal agencies to implement safeguards to protect non-public consumer information, and to define standards for financial services firms to follow in this regard.