SEC Fines Broker-Dealer for Failure to Retain Text Messages
This is the SEC’s first penalty against a brokerage firm for failing to retain business-related text messages.
Business-related text message violation
The SEC fined a broker-dealer firm $100,000 for violating the recordkeeping provisions of Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-4. The firm’s policies restricted employees from conducting business over text message or on personal devices, and employees annually attested to their compliance with those policies.
The SEC found that the firm's senior management, including compliance personnel, sent and received business-related text messages. Those messages were not retained by the firm. The SEC also found that, due to the firm’s failure to preserve business-related text messages on a firm-sponsored system, it was unable to produce certain records that were requested by the staff in an unrelated investigation.
Failure to reasonably supervise broker-dealer
FINRA brought a significant supervision case in which a firm was fined $300,000 and the CCO was fined $10,000 and suspended. The firm was also ordered to pay $76,344.20, plus interest, in restitution to a customer. The firm and the CCO failed to reasonably supervise a former broker who permitted her then-husband to conduct a securities business with firm customers while the husband was serving a one-year suspension imposed by FINRA.
The findings stated that throughout the suspension period, with the broker’s assistance, her husband communicated with firm customers, made securities recommendations to them, and placed trades on their behalf. For the most part, firm customers were unaware that the husband had been suspended; instead, they believed that he continued to be their broker and that the wife was his assistant. Shortly after the CCO joined the firm, she learned about the suspension, and two firm employees, including its chief operating officer (COO), told her that based on their interactions with the broker, they did not feel that the broker was competent to handle her husband’s book of business.
Moreover, a third-party consultant hired by the firm specifically recommended that the CCO schedule a surprise inspection of the broker’s branch office to determine whether it was the broker or her husband who was acting as the representative for the firm’s customers. In addition, the CCO received emails from the husband’s business email address during his suspension but failed to take reasonable steps to determine whether he was acting in a registered capacity. The firm ignored red flags that the husband was conducting securities business during his suspension.
The findings also stated that after hiring the husband, the firm and the CCO failed to reasonably supervise him and, as a result, did not identify that he recommended unsuitable trades in several customers’ accounts. Contrary to the firm’s WSPs, the firm and the CCO decided not to place the husband on heightened supervision, even though they knew that he had recently completed a suspension imposed by FINRA. The firm failed to reasonably supervise the suitability of the husband’s securities recommendations.
As a result of the unsuitable recommendations, two customers each suffered losses of approximately $25,000. The firm has reached settlements with these customers. In addition, the husband’s recommendations caused five customer accounts to contain unsuitable concentrations of fixed-to-floating rate securities and to suffer total losses of approximately $148,000. The firm has reached settlements with four of these affected customers.
No supervision system or WSPs
A firm was suspended from engaging in its corporate advisory business, until it has certified its implementation of an independent consultant’s recommendations, fined $100,000, and ordered to retain the independent consultant to review its policies, systems and procedures. In light of the suspension, a business line bar was not imposed. The findings stated that the firm knew about, approved and facilitated the payments of more than $50,000 of its fee received in connection with a block trade to an unregistered finder. The firm’s president sent an email to a firm registered representative detailing how the firm’s fee would be shared among the firm, the broker and the unregistered finder.
In addition, the firm directly deposited more than $2.6 million into bank accounts owned by non-member entities. Each of the non-member entities was affiliated with a person registered with the firm. These payments represented transaction-based compensation earned by the registered persons on securities transactions for the firm. Previously, the SEC had notified the firm that its practice of paying commissions to its registered persons’ entities was among the firm’s deficiencies and weaknesses. The findings also stated that the firm failed to establish and maintain a supervisory system.
Despite recognizing the risks involved in its corporate advisory business, the firm did not implement any system at all to supervise that business and had no WSPs for that business. The CEO’s email review system was also inadequate. The firm did not correct its supervisory deficiencies even after encountering glaring red flags in its dealings with an outside company involved in its corporate advisory business.
The firm also failed to supervise its payment of transaction-based compensation to non-member brokers. The firm’s WSPs regarding its compensation practices were not tailored to its business and the WSPs did not address its payment of transaction-based compensation to unregistered finders or non-member entities affiliated with the firm’s registered persons. Nor did the WSPs explain how the firm would ensure compliance with, or detect violations of, its own WSPs and NASD Rule 2410.
A broker failed to respond to FINRA’s request for information related to an investigation into the circumstances of her termination from her member firm. The findings stated that the requested information was necessary to determine whether the broker used an unapproved email account and mobile device to communicate with firm customers or forged a customer’s initials on a firm document.
Another broker was fined $5,000 for participating in private securities transactions without providing prior written notice to or obtaining advance approval from his member firm. The broker participated by providing the investors with the subscription agreement and by communicating with them verbally and by email to discuss the investments. The findings also stated that the broker incorrectly answered "no" on the firm compliance questionnaires that asked him whether he had participated in any private securities transactions away from the firm.
A broker was fined $10,000 for using an unauthorized personal email account to communicate with his customers concerning securities business. The findings stated that several of these communications contained unprotected sensitive information, such as customer account statements, logins, passwords and two-factor authentication codes. The broker’s member firms generally prohibited their registered persons from communicating with customers using personal email accounts. The firms did not maintain copies of his emails sent to or received by his personal email account related to securities business. In addition, the broker provided false and misleading compliance attestations to his firms regarding his use of third-party applications and/or communications systems to communicate with customers for business purposes. The broker failed to abide by firm policies and procedures and caused the firms to violate recordkeeping requirements.
Takeaways: Text message retention and proper supervision systems
The SEC case serves as a helpful reminder to firms to ensure text messages or other electronic records must be retained in compliance with applicable recordkeeping requirements. (SEC Rule 17a-4 and Rule 204-2). As firms have shifted to remote work and employees use various messaging applications, compliance risk arises.
FINRA clarified in Regulatory Notice 17-18 that financial firms must retain records of communications related to its business that are made through text messaging apps and chat services. The notice states “…every firm that intends to communicate or permit its associated persons to communicate, with regard to its business through a text messaging app or chat service, must first ensure that it can retain records of those communications as required by SEA Rules 17a-3 and 17a-4 and FINRA Rule 4511. SEC and FINRA rules require that, for record retention purposes, the content of the communication determines what must be retained.”
So, while a prohibition policy may have worked before the pandemic — this is no longer a practical strategy for your business. It is an even greater challenge now.
Also, the significant supervision fine noted above provides a clear sign FINRA will continue to hold firms and CCO’s personally accountable for non-compliance with regulatory obligations. Firms should establish a control system of heightened supervision when brokers have a disciplinary background. FINRA’s Regulatory Notice 18-15 provides guidance on when heightened supervision of a broker may be warranted. The guidance has provided a number of factors that firms should consider including in a heightened supervision system, at a minimum:
- Designating a principal with the appropriate training and experience to implement and enforce the plan
- Requiring appropriate additional training for the broker subject to the plan to address the nature of incidents resulting in the plan
- Requiring the written acknowledgment of the heightened supervisory plan by the broker subject to the plan and the designated supervisory principal
- Periodically reviewing the heightened supervision plan to assess its effectiveness
In addition, FINRA has seen effective heightened supervision plans that provide for:
- Heightened supervision of the brokers business activities, including customer-related activities, employee personal trading accounts, outside business activities, and private securities transactions
- Proximity of the supervisor to the broker
- More frequent contact between the supervisor and the broker
- More frequent review of the associated person’s communications, particularly with customers
- More frequent monitoring or inspection of the associated person’s office(s)
- Expediting the handling of customer complaints related to the associated person
In the above enforcement case, firms and the CCO ignored red flags. An issue highlighted by a consultant could be considered a red flag and should be inspected and documented. Another failure was the CCO deciding against implementing heightened supervision. Firms should be vigilant about suspended brokers engaging in securities business. The CCO should have placed the husband on heightened supervision as required by the firm’s WSPs. The firm could have learned that the husband was conducting securities business for customers residing in states where he was not registered. Also, the CCO received emails from the husband’s business email address during his suspension but failed to take reasonable steps to determine whether he was acting in a registered capacity.
I recommend a heightened supervision system that includes a daily review of the high-risk broker's transactions and correspondence. Examine the high-risk broker's communications that involve securities recommendations to clients. Embrace content surveillance to help find patterns or anomalies of potential violations.
The rapid migration to electronic technologies driven by the pandemic brings greater risk for firms. Firms must comply with recordkeeping and supervision requirements to avoid penalties and keep pace with the evolution of new communication tools.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.