FINRA’s 2019 Report
on Examination Findings and Observations looks at Compliant Archiving
In issuing its 2019 Report on Examination Findings
and Observations this month, The Financial Industry Regulatory Authority (FINRA)
made note to carefully distinguish between examination findings and
observations. FINRA defines “findings” as a determination that a firm or
registered person has violated regulatory rules. Observations, on the other
hand, are suggestions to a firm about how it could improve its control
environment to address a perceived weakness that elevates risk but does not
rise to the level of a violation.
Fine. But what does that mean in a compliance
professional’s real life?
What did FINRA’s 2019 Report say about digital communications?
Exchange Act Rules 17a-3 and 17a-4, as well as
FINRA Rule 3110(b)(4) (Review of
Correspondence and Internal Communications) and FINRA Rule Series 4510 (Books and Records Requirements) require firms to
create and preserve, in an easily accessible place, originals of all
communications received and sent relating to its businesses. If a firm permits
its members to use an app-based messaging service or a collaboration
platform, for example, it must preserve records of business-related
communications and supervise the activities and communications of those members
on the application. As a Chief Compliance Officer or other member of a firm’s
management team, you are responsible for conducting due diligence to comply
with the myriad securities laws, FINRA rules, and for follow up on red flags of
potentially violative activity.
What compliance issues did FINRA “find?”
FINRA has noted challenges complying with supervision and
recordkeeping requirements for various digital communications tools,
technologies and services (collectively, “digital channels”). What does that
mean? Well, for example, it cited firms whose members:
- Used prohibited digital channels – For example, some firms prohibit the use of
texting, messaging, social media or collaboration applications (e.g., WhatsApp,
WeChat, Facebook, Slack or HipChat) for business-related communication with
customers. Nothing wrong there. However, these same firms did not have
sufficient processes to track members
use of those impermissible personal digital channels for firm business. They
should have, says FINRA, noted red flags detectable through customer complaints, representatives’
email, outside business
activity reviews or advertising reviews.
- Conducted prohibited electronic sales seminars – According to
FINRA, some registered representatives conducted “electronic sales seminars” in
a chatroom or on digital channels that were not permitted by their firms and
were outside of supervision or recordkeeping programs.
What were FINRA seeing compliance teams doing?
In its Report, FINRA noted that many firms were implementing
effective practices to manage registered representatives’ use of digital
channels. These firms:
- Established comprehensive governance – According to FINRA, some firms maintained
governance processes to manage firm decisions and develop compliance processes
for each new digital channel, as well as new features of existing channels. These
firms worked closely with their marketing, compliance and information
technology departments, as well as their third-party vendors, to monitor
communication technologies available to firm members and firm clients.
- Defined and controlled permissible digital channels – Firms with
holistic supervision and
record retention programs and policies clearly defined permitted and prohibited digital
channels. They blocked access to these channels and/or the prohibited features
of permitted channels. They restricted the use of messaging and collaboration apps that interfere with
compliant recordkeeping requirements (such as apps with end-to-end encryption
or self-destructing messages). They established storage parameters for permitted
communications and implemented supervisory review
procedures for communication and recordkeeping that are appropriate for the
firm’s business model and tailored to each digital channel.
- Managed video content – Some firms implemented Written Supervisory
Procedures (WSPs) to manage the lifecycle of
video content, which could include live-streamed public appearances, scripted
commercials, or video blogs.
- Trained their teams – According to FINRA, some firms implemented
mandatory training programs prior to registered representatives accessing
firm-approved digital channels. The training clarified the firms’ expectations
for business and personal digital communications, and assisted personnel with
using all permitted features of each channel in a compliant manner.
- Disciplined misuse of digital communications – Firms disciplined
representatives who did not comply with digital channel policies, suspending
them temporarily or permanently blocking their access to those channels, and
often mandated additional training.
What is your compliance
team doing about your firm’s digital communication?
That’s where Patrina
comes in. For more than 25 years, Patrina
has been helping compliance professionals like you keep stay on the
“straight and narrow” efficiently and cost-effectively. So, let’s
talk. Call 212-233-1155 to ask about Patrina’s cost-effective, designated
third-party services, our comprehensive 8-module
compliance solution, and compliant data capture & file
storage, and records
archiving specifically designed for the financial services community. Be smart.
Be covered.Let’s talk