It was a bad winter for 12 firms fined a total of $14.4 million for significant deficiencies related to the preservation of broker-dealer and customer records in the required “write once, read many,” or WORM format. The Financial Industry Regulatory Authority (FINRA) found, in its examinations, that at various times and often for prolonged periods, the following firms failed to maintain electronic records in a manner that prevents the alteration or destruction of records stored electronically:

• Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million (It’s been months of bad news for Wells Fargo…);
• RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A., also jointly fined $3.5 million;
• RBS Securities, Inc. also fined $2 million;
• Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC, and First Clearing, LLC were jointly fined $1.5 million;
• SunTrust Robinson Humphrey, Inc., fined $1.5 million;
• LPL Financial LLC was fined $750,000;
• Georgeson Securities Corporation was fined $650,000; and
• PNC Capital Markets LLC was fined $500,000.

No WORM = No compliance

Federal securities laws and FINRA rules require that business-related electronic records be kept in WORM format to prevent alteration. The SEC also has stated that these requirements are an essential part of the investor protection function because a firm’s books and records are the “primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards.”

FINRA found that each of these 12 firms had WORM deficiencies that affected millions, and in some cases, hundreds of millions, of records pivotal to the firms’ brokerage businesses, spanning multiple systems and categories of records.

Why WORM matters

Compliant recordkeeping is important in light of the exponential increase in the volume of sensitive financial data stored electronically, and, in the last ten years, the increasingly aggressive attempts to hack into electronic data repositories, which poses a threat to inadequately protected record.

It is these unprotected files that FINRA seeks to protect, according to Brad Bennett, FINRA’s Executive Vice President and Chief of Enforcement, “These disciplinary actions are a result of FINRA’s focus on…ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry.”

No WORM and no supervision

In addition to the recordkeeping exposures, FINRA also found that each of the firms had related procedural and supervisory deficiencies that affected their ability to adequately retain and preserve broker-dealer records stored electronically. Moreover, three of the firms also failed to retain certain broker-dealer records the firms were required to keep under applicable record retention rules.

More to come

According to FINRA, the multimillion-dollar fines are in line with the Authority’s broader crackdown on cybersecurity lapses, which it outlined earlier this year as a regulatory and examination priority.

The moral of this story is to be prepared…

Noncompliance can be costly — we talk about fines and jail sentences in this blog all the time. But, compliance doesn’t have to break the bank. Not when companies like Patrina are offering comprehensive compliance solutions and compliant data capture, file storage, and records archiving specifically designed for the financial services community.

Let’s talk (212-233-1155). Patrina is offering a 90-day, FREE trial of its comprehensive 8-module compliance solution. And that’s just the tip of our iceberg!

Let’s talk.