Tips for Ensuring Your Books & Records Program is Compliant

Due to increased SEC scrutiny, Silver’s Fizza Khan, CEO, and Nicholas Nunez, Managing Director and Head of Regulatory Compliance, published an article in the National Law Journal about the books and records regulations governing electronic communications, including recent SEC investigations and enforcement actions and record keeping best practices to help firms stay compliant.

Can Your Electronic Communications Compliance Program Stand Up to Increased Regulatory Scrutiny?

By Fizza Khan and Nicholas Nunez

The Covid-19 pandemic has permanently altered the way people engage and relate to one another across both personal and professional settings. In the workplace, the changes have resulted in a more casual work environment, with people working from their home offices instead of office buildings, replacing their work attire for jeans and a golf shirt and occasionally using unsanctioned devices to conduct business. Luckily, due to advancements in technology, most industries were able to pivot to this “new normal” with relative ease, relying on e-mail, video conferencing, instant messaging (IM) platforms and newer applications like WhatsApp to stay in front of clients and conduct business. And while this change has been a lifeline for a lot of companies, it has created enormous problems for highly regulated industries, such as financial services, which are required to track and retain substantive written business communications, including electronic communications, to clients and among colleagues in order to protect investors and avoid market manipulation.

Under the watchful eye of Chair Gary Gensler, the U.S. Securities and Exchange Commission has taken notice of mistakes made by large financial institutions, such as Goldman Sachs, HSBC Holdings Plc and  JP Morgan Securities LLC (JPMS), a broker-dealer subsidiary of JPMorgan Chase & Co., in the way they inadequately collected and retained electronic communications among their employees, which resulted in several ongoing investigations and even a historically steep fine. The agency’s actions against these firms were on top of the previous probes from late last year of other well-known financial entities, such as Bank of America Corp., Citigroup Inc., Morgan Stanley and Credit Suisse Group AG, illustrating the seriousness with which Gensler intends to pursue this type of misconduct.

This does not bode well for unprepared investment advisers and broker dealers, given that Gensler noted that other investigations of this scope and magnitude are already underway, signaling that enforcement actions will likely be on the rise in 2022 and beyond. Therefore, firms of all types and sizes should be taking a hard look at their electronic record preservation systems, reporting abilities and related policies and procedures across the entire organization to ensure that they are compliant.

To help firms gain a better understanding of the current requirements, below is an overview of the books and records regulations governing electronic communications, some insight on the recent investigations and enforcement actions taken by the SEC, as well as record keeping best practices that can help firms stay out of the crosshairs of regulators.

Navigating the Current Recordkeeping Compliance Ecosystem 

“Since the 1930s, record-keeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC’s ability to be an effective cop on the beat,” remarked Gensler in a statement from the SEC following the announcement of charges against JPMS. Here, he is of course referring to the books and records rules (Rule 17a-3 and Rule 17a-4) under Section 17(a)(1) of the Securities and Exchange Act of 1934, which “specif[ies] minimum requirements with respect to the records that broker-dealers must make, how long those records and other documents relating to a broker-dealer’s business must be kept and in what format they may be kept. The SEC requires that broker-dealers create and maintain certain records so that, among other things, the SEC, self-regulatory organizations (“SROs”) and state securities regulators may conduct effective examinations of broker-dealers.”

He has made clear in various testimonies before Congress, and in news releases/statements from the SEC, that he intends to crackdown on Wall Street banks and firms with a “fierce urgency of now” as illustrated by the ambitious agenda he has unveiled since taking the helm under the Biden administration. Chief among Chair Gensler’s primary concerns right now is record-keeping probes and enforcement actions. Nothing drives this point home more than the latest measures taken by the SEC.

Most recently, for instance, Goldman Sachs announced in its annual report on February 25, 2022, that it was cooperating with the SEC and “producing documents in connection with an investigation of the firm’s compliance with records and preservation requirements relating to business communications sent over electronic messaging channels that have not been approved by the firm.” Just a few days before this news was released, HSBC Holdings Plc announced on February 22, 2022 that “it was being investigated in the U.S. for its bankers’ use of WhatsApp and other personal messaging services for business purposes.”

Both of these investigations follow the news from December 2021 about the fines issued against JPMS by the SEC and the Commodity Futures Trading Commission, to the tune of $200 million, for “widespread and longstanding failures by the firm and its employees to maintain and preserve written communications” on mobile devices, messaging apps and personal emails. According to one report of the matter, JPMS’ “unofficial communications involved the exchange of tens of thousands of messages among more than 100 employees using personal text, email and WhatsApp accounts. The communications involved the breadth of the broker’s business, from trading to investment banking.”

In addition to the fines, which is the largest recorded fine to date of this kind, JPMS agreed to hire a compliance consultant to conduct an audit of their processes and employee training mandates in order to help them implement “robust improvements to its compliance policies and procedures to settle the matter.”

Commenting on this case, Gensler stated “[a]s technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight. Unfortunately, in the past we’ve seen violations in the financial markets that were committed using unofficial communications channels, such as the foreign exchange scandal of 2013. Books-and-records obligations help the SEC conduct its important examinations and enforcement work. They build trust in our system. Ultimately, everybody should play by the same rules, and today’s charges signal that we will continue to hold market participants accountable for violating our time-tested recordkeeping requirements.”

Gensler also noted that this will not be the last investigation that the SEC undertakes during its sharpened interest in the inspection of communications practices at all financial services companies. In fact, the SEC explicitly states that “as a result of the findings in this investigation, the SEC has commenced additional investigations of record preservation practices at financial firms.”

These enforcement actions are a telltale sign for broker dealers that they need to get their books and records programs in order or face the consequences from the SEC, but what does this mean for investment advisers specifically? Through the SEC’s actions against bulge bracket firms like Goldman Sachs, HSBC and JPMS, there will surely be similar scrutiny applied against smaller broker dealers, which will inevitably have the same impact on investment advisers when undergoing regulatory examination. And per the Investment Advisers Act of 1940, which stipulates what qualifies as investment advice and who can dispense it, when investment advisers are inspected by the SEC, investment adviser firms may not only be asked to provide proof of retaining all written substantive business communications, but also how these communications support investment decisions made by the adviser. Therefore, this enforcement activity is a warning to investment advisers of what could be coming down the pike for them from regulators if they don’t act now in ensuring their recordkeeping practices are tightened up.

Incomplete Recordkeeping Will Not Go Unnoticed – Tips for Staying Compliant 

The global pandemic has created undue complexities when it comes to maintaining accurate communication retention practices, which happens to be occurring at the same time that proper record keeping practices remain a top priority for regulators, making the issue of record preservation and retention even more challenging right now.  The reality is, whether it’s with respect to communications with international clients or investors, or with investment and trading platforms, firms are now realizing that such third parties prefer, or even require, the use of non-traditional communication channels to conduct business rather than through email and IMs.

Given the SEC’s razor-like focus on proper record keeping practices, it is readily apparent that any misstep could be detrimental to investment advisers and broker dealers that do not exercise caution. Firms of all types and sizes need to take a hard look at their electronic record preservation systems, reporting abilities and related policies and procedures across the entire organization to ensure that they are compliant.

To help firms prepare and mitigate potential risks, below are some tips to consider when it comes to building an effective and successful electronic communications record and retention compliance policy:

  1. Make sure there is an inventory of all forms of electronic communications the firm is using. The firm’s compliance department should be aware of any and all forms of electronic communications the firm’s personnel are using; eliminate those platforms that cannot be archived or are only used by a select few.
  2. Capture all electronic communications, no matter what platform you are using. Utilize traditional electronic communications archiving solutions like Global Relay and Smarsh to its fullest extent to capture not only the firm’s email, but also WhatsApp, Telegram and other non-traditional communications channels.
  3. Consider upgrading your archiving solutions. Supplement the above traditional archiving solutions with new archiving solutions that have the ability to capture platforms they are missing, such as TeleMessage to archive Telegram messages. For example, in the JPMS matter, the firm “installed the call-recording app Movius on their work phones, and employees also must regularly attest they will not use messaging apps for work material.”
  4. Take the guesswork out of recording communications. To ensure all electronic communications are recorded appropriately, initiate the use of firm-issued devices and firm-specific accounts on the non-traditional communication apps (e.g., firm-issued cell phone with firm-issued WhatsApp account) or implement a new policy that gives you the ability to keep track of employees’ personal devices. For example, in December of 2021, Credit Suisse asked its employees to allow it to monitor their personal devices since it does not provide work-issued mobile phones in an effort to tighten its rules around electronic communication record preservation.
  5. Establish firm-wide communication protocols and circulate to employees. Require all substantive business communication to be limited to firm-issued email and IMs. Furthermore, develop protocols and conduct regular training on these protocols for employees in order to ensure that proper record keeping methods are being understood and exercised by everyone at the firm.

The regulatory landscape will continue to evolve and tighten under Chair Gensler, particularly when it comes to the investigation and enforcement of books and records programs. Investment advisers and broker dealers need to be buttoned up when it comes to compliance policies and procedures, especially with regard to electronic communications record keeping.

While engaging the help of an experienced compliance and risk specialist is the best means of ensuring that thorough and comprehensive communications records meet the increasingly stringent demands of regulators, implementing the above best practices will help position investment advisers and broker dealers for success in the event of an investigation and mitigate the likelihood of an enforcement action.

Reprinted with permission from the March 31, 2022 edition of the National Law Journal© 2022 ALM Media Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-257-3382 or [email protected]

 

Share the Post:

SilverVision Archive

The Corporate Transparency Act: Compliance Update for Private Fund Managers

The Corporate Transparency Act (CTA) represents a significant shift in corporate accountability, with potential implications for businesses nationwide. While enforcement is currently on hold, companies should proactively monitor developments, review compliance systems, and gather necessary information to ensure readiness and avoid future penalties.

Read More »