It was a bad winter for 12 firms fined a total of $14.4 million for significant deficiencies related to the preservation of broker-dealer and customer records in the required “write once, read many,” or WORM format. The Financial Industry Regulatory Authority (FINRA) found, in its examinations, that at various times and often for prolonged periods, the following firms failed to maintain electronic records in a manner that prevents the alteration or destruction of records stored electronically:
No WORM = No compliance
Federal securities laws and FINRA rules require that business-related electronic records be kept in WORM format to prevent alteration. The SEC also has stated that these requirements are an essential part of the investor protection function because a firm’s books and records are the “primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards.”
FINRA found that each of these 12 firms had WORM deficiencies that affected millions, and in some cases, hundreds of millions, of records pivotal to the firms’ brokerage businesses, spanning multiple systems and categories of records.
Why WORM matters
Compliant recordkeeping is important in light of the exponential increase in the volume of sensitive financial data stored electronically, and, in the last ten years, the increasingly aggressive attempts to hack into electronic data repositories, which poses a threat to inadequately protected record.
It is these unprotected files that FINRA seeks to protect, according to Brad Bennett, FINRA’s Executive Vice President and Chief of Enforcement, “These disciplinary actions are a result of FINRA’s focus on…ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry.”
No WORM and no supervision
In addition to the recordkeeping exposures, FINRA also found that each of the firms had related procedural and supervisory deficiencies that affected their ability to adequately retain and preserve broker-dealer records stored electronically. Moreover, three of the firms also failed to retain certain broker-dealer records the firms were required to keep under applicable record retention rules.
More to come
According to FINRA, the multimillion-dollar fines are in line with the Authority’s broader crackdown on cybersecurity lapses, which it outlined earlier this year as a regulatory and examination priority.
The moral of this story is to be prepared…
Noncompliance can be costly — we talk about fines and jail sentences in this blog all the time. But, compliance doesn’t have to break the bank. Not when companies like Patrina are offering comprehensive compliance solutions and compliant data capture, file storage, and records archiving specifically designed for the financial services community.
Let’s talk (212-233-1155). Patrina is offering a 90-day, FREE trial of its comprehensive 8-module compliance solution. And that’s just the tip of our iceberg!