In the wake of blockbuster penalties against some large Wall Street firms for not maintaining records of business communications on personal devices and messaging apps, broker/dealers and RIAs of all sizes should now expect similar scrutiny of their practices from regulators to become "routine."
The charges were a “shot across the bow" and will likely be included on every examination, with every registrant now on the hook to show compliance, said Dan Bernstein, chief regulatory attorney at MarketCounsel.
“It’s going to trickle down; it’s not an instance where it’s only going to be limited to large financial institutions,” he said. “This will be at every level of SEC jurisdiction.”
“There is no difference between the requirements for a large institution versus a small investment advisor," he said. "You can’t use these applications if you’re not maintaining the content in your books and records."
The commission announced settled charges earlier this week against 16 firms, including Goldman Sachs, Morgan Stanley, UBS and others, with penalties totaling more than $1.1 billion. The SEC accused the firms of “widespread and long-standing failures” as employees, from the junior to executive level, communicated about business through personal messages and on apps in which those conversations weren’t captured.
Carlo di Florio, the global advisory leader for ACA Group, initially was stymied by the size of the penalties, as the commission could not point to significant investor harm or fraud. He also said there’d been previous actions by the SEC on the issue, including last December’s settlement with JPMorgan.
But looking at the details, he saw the lapses extended to senior executives, including managers. The “breadth and depth” of the violations likely encouraged the commission to send a message, he said.
“I think these are the biggest financial institutions and brand names in the business, and they’re effectively sending a signal to the industry and to the market that ‘we’ve looked at the biggest, and found these issues,’” di Florio said. “If you think about the fundamental violation here, it applies … to all registrants with the SEC.”
The fact that the firms included the largest entities in the space—with high rep counts and complicated supervisory hierarchies—shows that the commission sees a “systemic issue” in the entire market, according to John Gebauer, the chief regulatory services officer with ComplySci.
Gebauer expects questions about unrecorded communications to become a “routine” part of exams going forward that will ultimately lead to more enforcement actions, though not on the same scale as the recent penalties.
While the record-keeping requirements have long applied to all registrants, Gebauer believed there were some ways in which larger firms were more susceptible, with high-volume institutional trading and the rising popularity of messaging apps on mobile devices.
“The bigger and more distributed the organization is, the harder understanding everything in the organization becomes,” he said. “If there’s a 10-person broker/dealer, you probably know every communication that’s happened between reps and clients. In a 10,000-rep firm, that’s impossible.”
Bernstein said it may be easier for smaller firms to comply with the rules and emphasized that the SEC doesn't prohibit the use of messaging apps like WhatsApp, which some clients may prefer, if the messages are properly recorded and archived. But small firms should be prepared for those questions to be asked and to demonstrate compliance.
Nor should firms think the rules apply only to b/ds, despite the fact that this week’s charges focused on brokerage firms (including one affiliated RIA), Gebauer warned.
“It’s all types of regulated firms that are in financial services that should look at policies and procedures and implement some changes that enable them to detect these violations,” he said. “It’s not just the SEC and FINRA; it’s across the regulatory community where this issue is being presented."