As the regulatory landscape is constantly evolving, Compliance Risk Concepts (“CRC”) is issuing its monthly […]
Background & Summary
The Securities and Exchange Commission (“SEC”) entered an order (“Order”) against a broker-dealer for failing to retain text messages relating to the firm’s business with the firm’s required business records. The firm was subsequently fined $100,000. The firm’s policies reportedly prohibited employees from conducting business via text message or utilizing personal devices for business-related communication. In addition, employees certified their compliance with such policies on an annual basis.
However, according to the Order, when the SEC issued a subpoena to the broker-dealer, it was discovered that the broker-dealer’s employees had not only conducted firm-related business using text messages, but that that staff within the firm’s compliance department and management were aware that text messages were sometimes used for discussing firm business, and had even done so themselves. Additionally, all such text messages were not maintained with the firm’s regulatory records and therefore could not be produced in response to the subpoena.
Our Take
It is our position at CRC that recognizing the evolving nature of cybersecurity, privacy, electronic communications, and record maintenance in the financial services industry is key to regulatory compliance. Regulators have continued to display heightened focus cybersecurity and electronic communication. As such, firms should ensure that electronic communications (use of personal email, messaging via social media platforms, text messaging, etc.) are thoroughly addressed in the Compliance Manual. In addition, firms should consider quarterly certifications of comprehension of and compliance with such policies and support such efforts with independent testing and confirmation. If you have concerns regarding your firm’s electronic communications policies, please contact your Compliance Professional, or contact CRC at the information listed below so that we can connect you with a member of our team.
Contact Mitch Avnet at mavnet@compliance-risk.com or (646)346-2468 for more information.