A broker-dealer settled FINRA charges for failing to adequately retain records, screen associated persons and supervise the creation and dissemination of consolidated reports.
In a Letter of Acceptance, Waiver and Consent, FINRA stated that the broker-dealer failed to (i) maintain required electronic records, and maintained electronic records in the incorrect format, (ii) notify FINRA before using electronic storage media and (iii) send required account notices at 36-month intervals to customers for whom a suitability determination had been made.
In addition, FINRA found that the broker-dealer failed to fingerprint non-registered persons, leading to statutorily disqualified individuals remaining associated with the firm. FINRA also found that the broker-dealer did not sufficiently supervise certain consolidated reports, a deficiency that enabled a former registered representative to perpetrate a Ponzi scheme using customer funds.
As a result of its findings, FINRA determined that the broker-dealer violated NASD Rule 3010, FINRA Rules 3110 ("Supervision"), 2010 ("Standards of Commercial Honor and Principles of Trade") and 4511 ("General Requirements"), Sections 17(a) ("Rules and Regulations") and 17(f) ("Missing, Lost, Counterfeit, and Stolen Securities") of the Exchange Act, SEA Rules 17a-4 ("Records to Be Preserved by Certain Exchange Members, Brokers and Dealers"), 17a-3 ("Records to Be Made by Certain Exchange Members, Brokers and Dealers") and 17f-2 ("Fingerprinting of Securities Industry Personnel"), and Article III, Section 3(b) of FINRA's By-Laws.
To settle the charges, the broker-dealer agreed to (i) a censure, (ii) a $6,500,000 fine and (iii) an undertaking to comprehensively review its supervisory system.
Commentary
It is vital for firms to regularly review the sufficiency of their recordkeeping technology and related procedures, particularly when on notice of recordkeeping deficiencies from previous enforcement actions. While there has been uncertainty as to the specific technology necessary for satisfying WORM requirements, it should be reasonably clear that using local computer drives without any additional controls to prevent alteration or deletion of records is not sufficient. This enforcement action serves as a reminder that outsourcing recordkeeping obligations does not eliminate a firm's responsibility for complying with the rules. It should also emphasize the importance of performing sufficient diligence when selecting vendors.
Primary Sources
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
