The Securities and Exchange Commission (SEC) recently announced a series of enforcement actions centered on several of the largest broker-dealers in the financial sector. The enforcement actions addressed longstanding failures of the firms and their employees to preserve certain electronic communications. The 15 broker-dealers, and one affiliated investment adviser, admitted to the facts as stated, acknowledged their actions violated the securities laws, and agreed to pay a combined $1.1 billion in penalties.
Under the various securities rules, including recordkeeping provisions, broker-dealers and investment advisers are required to maintain and preserve electronic communications of business-related matters. Regulators expect that the written policies and procedures address this requirement and set forth a framework for the firm and firm employee’s compliance with the policies and procedures. To meet the regulatory expectations, firms traditionally have set out parameters for both internal and external communications and prohibited communications outside of those parameters. The goal of this method is to limit the forms of communications to those that the firm can monitor and preserve.
The SEC’s investigation, covering the period from January 2018 through September 2021, uncovered significant violations of the recordkeeping provisions at all levels of the organizations. These violations concerned the use of messaging systems such as WhatsApp, which were not approved for firm communications. Since the message systems were not approved, the firms failed to meet the recordkeeping requirements of the communications. The SEC found that the use of unapproved messaging systems occurred at various levels, including supervisors and senior officials.
The SEC’s actions note that many of the firm’s policies prohibited the use of unapproved communications, the firms held annual training on these policies and procedures, and the firms included annual self-attestations of compliance by employees. However, the SEC found that the firms failed to create a system to follow-up that employees were reasonably abiding by the requirements.
The SEC has previously provided guidance in the form of a 2018 Risk Alert that detailed observations for examinations related to investment advisers’ use of electronic messaging. While not providing bright-line rules, the Risk Alert highlights areas that firms should consider when developing and administering their supervisory procedures. These areas include policies and procedures, employee training and attestations, supervisory review, and control over devices.
While the recordkeeping provisions are not new, technology and how clients and employees communicate is constantly changing. This has been compounded by remote-working and other conditions highlighted by the COVID pandemic. The SEC has consistently granted firms the flexibility to set the policies and procedures regarding communications as long as those policies and procedures are reasonably designed to prevent violations of the securities regulations and the policies and procedures are enforced. This allows firms to address their operational needs within the regulatory framework and adjust those needs as necessary. Once established, firms should follow the policies and procedures to avoid similar enforcement actions.
Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our Investment Adviser Group assists financial service providers with complex issues that arise in the course of their business, including complying with federal and state laws and rules. Please visit our Investment Adviser Practice Group page for more information.