Tuesday, February 9, 2016

Electronic Storage Failure Results in $2.6 Million Fine

If your firm has not reviewed its electronic storage systems and programs recently, now may be the time. While this is a guess, it seems to me that oversights at one firm cost it $2.6 million in fines.

As we all know, the federal securities laws and FINRA rules require that business-related electronic records - emails - be kept in non-rewritable, non-erasable format (also referred to as "Write-Once, Read-Many" or "WORM" format) to prevent alteration. The SEC has stated that these requirements are an essential part of the investor protection function because a firm's books and records are the "primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards."

According to FINRA's release, it found that for a period of three years Scottrade did not have centralized document-retention processes or procedures for all firm departments to follow. Further, FINRA alleged that no one at the firm was charged with responsibility for ensuring a consistent document-retention process, fully compliant with the record-retention rules, including the requirement that all records be retained in WORM format.

FINRA alleges that personnel in different departments of the firm saved certain documents to a restricted shared drive, which was not WORM-compliant. As a result, Scottrade failed to preserve a large number of key securities business electronic records in the required format. The requirement of storage on a WORM-compliant device has been the topic of dozens of releases over the years. It is surprising that any firm, and in particular one the size of Scottrade would not be using such drives, in any business unit.

The release also discusses an allegation that Scottrade also failed to copy more than 168 million outgoing emails to the firm's WORM storage device, resulting in the deletion of those emails. Here is where the oversight was undoubtedly the issue. According to FINRA the these emails were generated automatically by the firm's internal systems or by third-party vendors acting on Scottrade's behalf, and included items such as margin call notices, address change notifications and failed password attempt notifications.

Let this be a reminder. You need to store business relelated emails - even failed log in messages - in accordance with SEC rules, and you need to have that system enacted firm wide.

And make sure someone is checking that it is working. I would make a small wager that Scottrade thought its systems were storing those third party emails. The failure to insure that was the case has cost the firm significant time, and money. And for some firms, the failure to store emails can cause significant problems in arbitrations and investigations.



FINRA Fines Scottrade $2.6 Million for Significant Failures in Required Electronic Records and Email Retention | FINRA.org:



'via Blog this'