As the regulatory landscape is constantly evolving, Compliance Risk Concepts (“CRC”) is issuing its monthly […]
What: The SEC announced charges against 12 municipal advisors for failures by the firms and their personnel to maintain and preserve certain electronic communications.
Who: The following firms admitted the facts in their respective orders and agreed to pay combined civil penalties of more than $1.3 million to settle the SEC charges.
When: The SEC announced the charges on September 17, 2024.
Why: The SEC launched an initiative in July 2023 to investigate whether municipal advisors were properly retaining messages related to municipal advisory activities.
How: As detailed in the SEC orders, the firms admitted that they failed to maintain and preserve certain communications sent and/or received by their personnel relating to municipal advisory activity during the relevant multi-year periods, and that these communications were records required to be maintained and preserved under the federal securities laws. The failures involved personnel at multiple levels of authority, including supervisors. The firms cooperated by voluntarily reviewing messages found on employees’ electronic devices, and in some instances, also producing those messages.
Why it matters: SEC enforcement related to recordkeeping violations is nothing new, but many of these orders are important because of how direct the SEC was about the inadequacy of relying upon employee attestations without corresponding processes that showed that such reliance was reasonable. (Despite the present firms being municipal advisors, both MSRB Rule G-44(a) and FINRA Rule 3110(a) generally require firms to maintain a supervisory system that is reasonably designed to achieve compliance with applicable securities laws and regulations, including applicable MSRB or FINRA rules, respectively.) Nearly all the firms involved had their employees complete some kind of written acknowledgment or certification regarding compliance with the firm’s electronic communication policies. In some cases, the firms even had training and sent reminders to employees about these policies. Nevertheless, the SEC routinely determined that the reliance on employee acknowledgements or certifications was not reasonably designed to comply with recordkeeping requirements because acknowledgments or certifications are not reliable absent appropriate follow-up measures, which appear from the orders to be processes to review, test, and modify the firm’s reliance on the employee attestations.
With the accumulation of SEC enforcement actions and penalties, it is becoming a financial imperative for compliance programs to embrace ongoing testing and validation of communications and supervisory systems to determine if they are reasonably designed and being followed.
CRC is a business-focused team of senior compliance consultants and executives who bring a unique tailored approach to help our clients succeed in today’s challenging regulatory and economic environment, enabling and empowering our clients to manage the “cost of compliance” without sacrificing the necessary infrastructure and control environment. Please contact Mitch Avnet to setup an introductory discussion: (646)346-2468 | mavnet@compliance-risk.com