Skip to content

Data Preservation and Archiving under FINRA Rules

The Financial Industry Regulatory Authority (FINRA) is a self-regulatory organization for U.S. broker-dealers. It oversees more than 624,000 brokers and analyzes billions of daily market events.

In 2007, FINRA was formed by the consolidation of the enforcement arms of the New York Stock Exchange and the National Association of Securities Dealers.

FINRA develops rules and guidance for securities firms to ensure they are operating legally and ethically. The rules cover a range of issues, including ethics and behavior expected from members, the prohibition on using deceptive, manipulative, and fraudulent tactics, and other professional standards.

The Securities and Exchange Commission (SEC) recently approved rule changes permitting FINRA to place restrictions on broker-dealers with a history of misconduct or who hire someone with such a record. The changes would also mandate requiring member firms employing someone with a history of misconduct to adopt heightened supervisory procedures.

FINRA rules also cover how to properly conduct transactions with clients, communications and disclosure, selling select products, supervisory responsibilities, anti-money laundering practices, operational controls, trading best practices and standards, reporting, and clearing requirements, among others.

The rules cover investigations and sanctions, code of procedure, disciplinary proceedings, other relevant topics, the Uniform Practice Code, arbitration procedures with customers and other members, and mediation rules.

The organization also licenses and registers broker-dealers, administers qualification examinations, and ensures broker-dealers meet continuing education requirements.

FINRA wields power to impose fines, suspensions, and expulsion for members who break its rules, as well as SEC and Municipal Securities Rulemaking Board (MSRB) rules. MSRB is a self-regulatory organization that creates rules and policies for broker-dealers and banks that issue and sell municipal bonds, notes, and other municipal securities.

In addition to FINRA, MSRB rules are enforced by the SEC, the Federal Reserve System, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation.
In 2019, FINRA brought 108 enforcement actions and levied fines totalling close to $58 million, compared to 209 enforcement actions and $74.4 million in penalties in 2018.

Last year, the organization levied the largest fines for problems with anti-money laundering practices, initial public offerings, prospectus delivery procedure, short-sale trading regulations, and background checks.

In that year, 15 broker-dealers were required to pay restitution to the tune of $6.5 million for excessive trading, sales charge discounts, unfair pricing, and other violations. FINRA expelled three broker-dealers for violations involving unregistered securities, the statutory disqualification of associated persons, and fraud.

FINRA Rules on Preserving and Archiving Books and Records

FINRA can assess fines for failure to meet FINRA and SEC rules to preserve and archive books and records. FINRA rules require member firms to make and preserve books and records to show compliance with securities laws, rules, and regulations and enable FINRA and SEC staff to conduct effective audits.
  • FINRA Rule 4511 requires that all books and records be preserved in a format and media that comply with SEC rule 17A-4, which outlines data retention and indexing requirements for securities companies. Records of transactions must be retained and indexed with immediate access for two years and non-immediate access for at least six years. Duplicate records must be kept within the same timeframe at an offsite location. The rule also requires securities firms to preserve six years those books and records for which there is no specific retention period under FINRA or SEC rules. The retention period is six years after the date the account is closed; otherwise, the retention period is six years after such books and records are made.
  • FINRA Rule 4512 requires securities firms to maintain certain information related to customer accounts, such as the name of persons responsible for the account. Also, firms must keep the signature of a partner, officer, or manager of the firm concerning an account. The rule also requires firms to preserve any customer account information that subsequently is updated for at least six years after that update or the original account information, if there are no updates, for six years after the account is closed.
  • FINRA Rule 4513 requires member firms to preserve records of written customer complaints at each office of supervisory jurisdiction for at least four years.

FINRA penalties levied

While fines for failure to comply with data preservation and archiving rules are not common, there have been a few noteworthy FINRA penalties levied over the last few years for shortcomings in this area.

For example, Woburn, Mass.-based Advisory Group Equity Services was fined $20,000 in January 2019 for failing to establish and maintain a “reasonable supervisory system with respect to the retention and review of emails of newly hired representatives.”

Salt Lake City-based Wilson-Davis & Co. was fined $32,500 in April 2019 for not establishing, maintaining, and enforcing a “supervisory system, including written supervisory procedures, reasonably designed to review email correspondence for indications of potential violations of federal securities laws or FINRA rules.”

FINRA explained that “emails selected randomly by the firm’s email vendor did not constitute a reasonable amount of the firm’s overall electronic communications and the search terms that would flag an email for a principal review were not comprehensive enough to yield a meaningful sample of flagged communications.”

In March of last year, Centennial, Colo.-based Spencer Edwards was fined $3.4 million for failing to use “procedures adequate to comply with recordkeeping requirements and its obligation not to participate in unregistered, non-exempt securities offerings.”

Spencer Edwards also did not have an “effective system in place to retain electronic communications, as the firm’s brokers routinely used personal email accounts bypassing any system of surveillance or monitoring the firm utilized.”

FINRA Compliance and Dropsuite

FINRA compliance rules require data to be retained on non-rewritable, non-erasable media. The data must be auditable, discoverable, and secured from loss and theft.

Penalties can be stiff, but the increasing volumes of data within securities firms make it increasingly difficult to manage compliance.

FINRA has compliance tools, including templates, checklists, and directories, designed to assist securities firms in meeting regulatory requirements and protecting investors and the market’s integrity.

FINRA has an annual certification of compliance with FINRA and SEC rules, including record retention rules, for members.

Dropsuite can help with FINRA compliance by ensuring that each record is secured from being modified, overwritten, or deleted until the retention period has expired and legal holds have been released.

We provide broker-dealers with these essential capabilities to comply with FINRA rules: data preservation, data integrity and security, data traceability and searchability, and scale and cost-effectiveness.

Our cloud-based email archiving helps organizations efficiently archive, store, safeguard, manage, and discover data from most email systems.

Securities firms need to have a strong email archiving solution to enable them to stay in compliance and access email records easily if audited. And Dropsuite is here to help.

Share on
Share on facebook
Share on twitter
Share on linkedin