FINRA Enforcement for Review and Retention of Communications

Compliance

FINRA Enforcement Cases Emphasize Importance of Retention and Review of Electronic Communication

June 11, 2020by Brian L. Rubin and Amanda Oliveira

On multiple occasions, through enforcement actions, FINRA has shown that it places great emphasis on the review and retention of business-related electronic communication — bringing enforcement actions against representatives, compliance officers and firms.

Sanctions for Unauthorized Use of WhatsApp

A registered representative was sanctioned through a February 2020, Letter of Acceptance, Waiver and Consent (AWC) for using WhatsApp to conduct securities business with overseas customers. The representative initially disclosed to his firm that he had used WhatsApp for business purposes, but he subsequently told the firm that he would use only firm-issued communication devices, and he acknowledged that the firm prohibited text messaging.

Despite his statements and acknowledgment, he exchanged 894 WhatsApp communications, many of which were securities-related, with three customers on his personal cell phone and on his work computer. His firm did not approve his use of WhatsApp and could not capture or review those communications. FINRA suspended the representative for 30 days and fined him $5,000.

CCO Disciplined for Failure to Capture, Retain and Review Business-Related Emails

FINRA disciplined a chief compliance officer (CCO) in April 2019 through an AWC for failing to ensure that his firm captured, retained, and reviewed business-related emails. The firm’s written supervisory procedures (WSPs) delegated the CCO as “responsible for [the firm’s] supervision (including compliance with the [email review and retention] rules identified above), the review of emails, and the maintenance of the firm’s books and records.” The CCO, however, did not take any steps to review or retain on behalf of the firm representatives’ emails. Specifically, the CCO failed to ensure that the firm captured, reviewed, or retained emails sent and received by one representative, as well as certain business-related emails sent and received by the CCO himself through his outside email address.

The CCO failed to fulfill these retention and review requirements concerning an investment banking representative associated with the firm through a d/b/a entity. The CCO knew of the representative’s use of a third-party email address associated with the d/b/a. However, the CCO failed to take any steps to review or capture the representative’s use of email through the d/b/a email domain until January 2015. Even then, although he took steps to capture the emails, they could still have been permanently deleted through June 2015.

With regard to his own emails, the CCO almost exclusively used a third-party email account instead of his firm account to conduct firm business. FINRA found that he sent only three electronic communications, which were calendar invitations, using the firm’s email address during the relevant period. During the investigation, the CCO was unable to produce all of his business-related emails sent via his third-party account. Thus, the CCO failed to adequately retain his own email.

As a result of these violations and other conduct, the CCO was fined $5,000 and suspended for 30 days from associating with any FINRA member in any capacity.

Firm Sanctioned for Failure to Have Written Supervisory Procedures

Finally, a firm was sanctioned in a litigated case for failing to have written supervisory procedures that addressed the review and retention of electronic correspondence. In July 2019, the US Securities and Exchange Commission (SEC) sustained a FINRA disciplinary proceeding finding that a former member firm failed to establish and maintain a reasonable supervisory system for the review of electronic correspondence, among other violations.

In its opinion, the SEC found that between March 2007 and September 2010, the firm’s written supervisory procedures failed to provide a clear procedure for conducting the required review and retention. Specifically, the firm’s WSPs did not provide how supervisors should select which electronic correspondence to review, how they should review it, nor the frequency they should conduct such review. Further, the firm did not maintain a record of any such review. For this violation, among others, the firm was fined $500,000.

Takeaways

Representatives, compliance officers, and firms can be sanctioned for inadequate retention and review of electronic communications
Representatives and compliance officers can be sanctioned for failure to be aware of and follow their firm’s policies and procedures regarding electronic communications
Firms can be sanctioned if their WSPs do not contain sufficient detail regarding the review of electronic communications documentation of that review
Firms may want to pay attention to:
- Third-party and outside email accounts
- New technology and apps for electronic communications such as WhatsApp

Additional Resources:

We recently met with FINRA and gave guidance on best practices for firms balancing remote work and regulatory risk. More on FINRA and SEC violations from the last year in this Regulatory Update Roundup.

Capture and manage content from 100+ of the latest channels, right from the source, with full context preserved

Learn More

Share this post!

Author
Recent Posts

Brian L. Rubin

Partner at Eversheds Sutherland

Brian Rubin is the Washington office leader of the Eversheds Sutherland (US) Litigation group and the head of the firm’s Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA) and state securities enforcement practice. With more than 20 years of experience in federal securities law, first prosecuting and now defending, Brian represents clients being examined, investigated and prosecuted by the SEC, FINRA, other self-regulatory organizations and states. As former NASD (now FINRA) Deputy Chief Counsel of Enforcement and Senior Enforcement Counsel at the SEC, he brings an insider’s perspective to defending broker-dealers, investment advisers, investment companies, public companies and individuals in examinations, investigations, enforcement proceedings, litigation, arbitrations and in counseling.

Latest posts by Brian L. Rubin (see all)

FINRA Enforcement Cases Emphasize Importance of Retention and Review of Electronic Communication - June 11, 2020

Author
Recent Posts

Amanda Oliveira

Litigation Associate at Eversheds Sutherland

Amanda Oliveira advises clients on various complex business litigation matters including securities enforcement, financial services, professional liability and commercial litigation. Prior to joining Eversheds Sutherland, Amanda was an intern for the Catholic Charities of New York where she prepared legal motions for the Board of Immigration Appeals, Family Court and Immigration Court. She also wrote legal briefs for clients seeking asylum in the United States. In 2019, Amanda participated in the Eversheds Sutherland Summer Associate program.

Latest posts by Amanda Oliveira (see all)

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

FINRA Enforcement Cases Emphasize Importance of Retention and Review of Electronic Communication

Sanctions for Unauthorized Use of WhatsApp

CCO Disciplined for Failure to Capture, Retain and Review Business-Related Emails

Firm Sanctioned for Failure to Have Written Supervisory Procedures