Email security has been in the limelight a lot recently. Last year, current US presidential candidate Hillary Clinton had to face an FBI investigation into her email practices while in office as Secretary of State. The controversy surrounded her use of a personal email address rather than the standard government domain, where her emails would have been stored on highly secure US government servers instead of on a private server. Further controversy emanated when Clinton admitted to deleting nearly 32,000 correspondences ranging from personal to (retroactively) classified. She was, as it turned out, entitled to use her private accounts and server during her time as Secretary of State. But the controversy surrounding the story goes to show just how vital email content can be.
Back in November, the Financial Industry Regulatory Authority (FINRA) fined Scottrade $2.6 million for failing to retain a large amount of security-related electronic records in the required format, and for failing to retain certain categories of outgoing emails. The retail brokerage firm was said also to be lacking a realistic system in place to ensure compliance with the Securities and Exchange Commission (SEC) and FINRA books and records rules, which contributed to its record-retention failures and subsequent fine.
In this post we’ll cover just what the FINRA email retention requirements are and what they mean for your organization.
Who is FINRA?
Despite its governmental sounding name, FINRA is an independent, not-for-profit organization authorized by US Congress to protect America’s investors by making sure industry operates fairly and honestly. Its responsibility is to:
- Write and enforce rules governing the activities of more than 3,935 security firms with approximately 640,795 brokers
- Examine firms for compliance with those rules
- Foster market transparency
- Educate investors
FINRA essentially audits banks and other financial institutions to make sure they are playing by the rules. Their job is to enforce ethical standards, and bring necessary expertise to regulation, so as to help safeguard investors and the integrity of the markets. In a country like the United States where free market capitalism rules, it is essential there are regulatory bodies entrusted to oversee fairness in financial markets.
In 2015, FINRA brought 1,512 disciplinary actions against both a broad range of financial institutions and individual brokers, including insider trading cases to the U.S. Securities and Exchange Commission (SEC), imposing $95.1 million in fines, and ordering $96.6 million in restitution to affected investors.
So what had Scottrade failed to do that cost them so heavily?
Email retention requirements
The rules overseen by FINRA, are based on the SEC17a-4 regulations regarding the archiving of all electronic data, including email correspondence. You might think that this is all very straightforward, namely – make sure you archive your information. But consider the amount of electronic documents being sent, received and produced via email by companies of any size and you can see how organizing, prioritizing and quickly accessing the right electronic information for compliance protocols could become a problem.
To comply with the regulations, financial institutions and securities must:
- Retain electronic correspondence with customers and other relevant communications for at least 3 years on non-rewriteable and non-erasable storage, AKA Write Once, Read Many (WORM)
- Store files on a system that prohibits alterations, erasure or loss of files
- Index communications for ease of access
- Keep a duplicate copy of each record stored in a separate location
FINRA collaborates with members of the International Organization of Securities Commissions and the World Federation of Exchanges to support and improve oversight of firms with global operations. They establish relationships and integrate cross-border collaboration to support international regulatory intelligence and analysis. So this isn’t just something that applies to companies within U.S. borders.
Not kidding around
The compliance criteria are stringent and violations sternly punished. Five of the largest investment banks in the world have been fined at one time or another for failure to implement the right policies and processes:
- Deutsche Bank Securities Inc.
- Salomon Smith Barney
- Citigroup Inc.
- Morgan Stanley
- U.S. Bancorp Piper Jaffray Inc.
Twelve years ago, Bank of America Securities agreed to pay $10 million to settle alleged violation of recordkeeping. According to the authorities, BofA Securities were unable to provide files and documents repeatedly requested by the SEC. They also provided misinformation about the availability of records, and went out of their way to delay obtaining emails, and other compliance records.
harmon.ie can help protect your company
Keeping on the right side of FINRA (or your country’s equivalent regulation agency) and avoiding noncompliance penalties is harder than ever due to the sheer volume of content we create, send and receive every day. What is important for your company is finding a way to separate, organize and prioritize documents, files and other content as they arrive in your possession.
harmon.ie’s solutions are designed to help you retain appropriate content in an organized and straightforward manner. SharePoint is capable of retaining email, but as content increases so too does users’ confusion; how should emails be classified? And then searching for them becomes a major issue. With harmon.ie, that’s all taken care of.
harmon.ie provides easy email retention, improving your ability to know where the most essential files and content is stored.
For more information on email retention technologies, contact us today to learn more about how we can help.