FINRA’s 2019 Report on Examination Findings and Observations looks at Compliant Archiving

In issuing its 2019 Report on Examination Findings and Observations this month, The Financial Industry Regulatory Authority (FINRA) made note to carefully distinguish between examination findings and observations. FINRA defines “findings” as a determination that a firm or registered person has violated regulatory rules. Observations, on the other hand, are suggestions to a firm about how it could improve its control environment to address a perceived weakness that elevates risk but does not rise to the level of a violation.

Fine. But what does that mean in a compliance professional’s real life?

What did FINRA’s 2019 Report say about digital communications?

Exchange Act Rules 17a-3 and 17a-4, as well as FINRA Rule 3110(b)(4) (Review of Correspondence and Internal Communications) and FINRA Rule Series 4510 (Books and Records Requirements) require firms to create and preserve, in an easily accessible place, originals of all communications received and sent relating to its businesses. If a firm permits its members to use an app-based messaging service or a collaboration platform, for example, it must preserve records of business-related communications and supervise the activities and communications of those members on the application. As a Chief Compliance Officer or other member of a firm’s management team, you are responsible for conducting due diligence to comply with the myriad securities laws, FINRA rules, and for follow up on red flags of potentially violative activity.

What compliance issues did FINRA “find?”

FINRA has noted challenges complying with supervision and recordkeeping requirements for various digital communications tools, technologies and services (collectively, “digital channels”). What does that mean? Well, for example, it cited firms whose members:

• Used prohibited digital channels – For example, some firms prohibit the use of texting, messaging, social media or collaboration applications (e.g., WhatsApp, WeChat, Facebook, Slack or HipChat) for business-related communication with customers. Nothing wrong there. However, these same firms did not have sufficient processes to track members use of those impermissible personal digital channels for firm business. They should have, says FINRA, noted red flags detectable through customer complaints, representatives’ email, outside business activity reviews or advertising reviews.
• Conducted prohibited electronic sales seminars – According to FINRA, some registered representatives conducted “electronic sales seminars” in a chatroom or on digital channels that were not permitted by their firms and were outside of supervision or recordkeeping programs.

What were FINRA seeing compliance teams doing?

In its Report, FINRA noted that many firms were implementing effective practices to manage registered representatives’ use of digital channels. These firms:

• Established comprehensive governance – According to FINRA, some firms maintained governance processes to manage firm decisions and develop compliance processes for each new digital channel, as well as new features of existing channels. These firms worked closely with their marketing, compliance and information technology departments, as well as their third-party vendors, to monitor communication technologies available to firm members and firm clients.
• Defined and controlled permissible digital channels – Firms with holistic supervision and record retention programs and policies clearly defined permitted and prohibited digital channels. They blocked access to these channels and/or the prohibited features of permitted channels. They restricted the use of messaging and collaboration apps that interfere with compliant recordkeeping requirements (such as apps with end-to-end encryption or self-destructing messages). They established storage parameters for permitted communications and implemented supervisory review procedures for communication and recordkeeping that are appropriate for the firm’s business model and tailored to each digital channel.
• Managed video content – Some firms implemented Written Supervisory Procedures (WSPs)  to manage the lifecycle of video content, which could include live-streamed public appearances, scripted commercials, or video blogs.
• Trained their teams – According to FINRA, some firms implemented mandatory training programs prior to registered representatives accessing firm-approved digital channels. The training clarified the firms’ expectations for business and personal digital communications, and assisted personnel with using all permitted features of each channel in a compliant manner.
• Disciplined misuse of digital communications – Firms disciplined representatives who did not comply with digital channel policies, suspending them temporarily or permanently blocking their access to those channels, and often mandated additional training.

What is your compliance team doing about your firm’s digital communication? That’s where Patrina comes in. For more than 25 years, Patrina has been helping compliance professionals like you keep stay on the “straight and narrow” efficiently and cost-effectively. So, let’s talk. Call 212-233-1155 to ask about Patrina’s cost-effective, designated third-party services, our comprehensive 8-module compliance solution, and compliant data capture & file storage, and records archiving specifically designed for the financial services community. Be smart. Be covered.Let’s talk