The Financial Industry Regulatory Authority has been intensifying efforts to crack down strongly on broker-dealers for poor e-mail oversight. In 2013, FINRA fined a financial advisory firm a whopping US$7.5 million for 35 significant failures in e-mail oversight over a five-year period and in 2017 a Broker-Dealer was fined $2 million for failing to properly supervise email messages. FINRA found that during a nine-year review period, the firm’s email review system was significantly flawed, allowing millions of emails to evade meaningful review. This created the unacceptable risk of such misconduct by firm employees going undetected.
The 2019 Report on Examination Findings and Observations released by FINRA brings to light the rapidly growing compliance challenges and risks for financial institutions in their increasing use of unified communication and collaboration tools. The report states, “If a firm permits its associated persons to use a particular application — for example, an app-based messaging service or a collaboration platform — the firm must preserve records of business-related communications and supervise the activities and communications of those persons on the application.”
Thus, it creates a mandate on broker-dealers to store e-mail correspondence and to form written policies and procedures regarding the e-mail review process considering the establishment’s size, structure, and customers.
The objective behind email surveillance is to make certain that the employees and C-level executives are not indulging in any transgression. Sometimes employees are found guaranteeing a rate of return and engaging in undisclosed external activities resulting in breach of SEC and FINRA regulations.
Email surveillance provides an opportunity to monitor employees’ adherence to the firm’s written communications policy but email surveillance can also serve as a tool to effectively ensure that they are not indulging in unlawful activities, including insider trading, sharing of proprietary information, distribution of unapproved and non-compliant marketing materials, and potentially fraudulent statements.
Since employees would know they are being watched, they are very unlikely to use obvious words. Therefore, compliance directors should prepare a list of words or phrases based on their discussions with business line managers and their other industry peers that they believe could be used by employees to game the email monitoring system.
For instance, checking e-mails for phrases such as “Let’s take this offline or let’s use my personal email’ are red flags that the employee could be engaged in an illegal activity.
The first step to the right compliance program is to use the right technology to ensure comprehensive and customizable reporting. There are some effective regulatory compliance programs in the market that offer Anti-Money Laundering (AML) screening software solutions and email archiving products to securely archive your business emails.
While choosing a service provider caution must be exercised to ensure the vendor has supervisory capabilities to automatically flag emails containing words or phrases that are likely to warrant a review. It is also important to note that regardless of the provider selected, it is the broker-dealers alone who are responsible for implementing an annual review of e-mails and storing the results. The review can be conducted either internally or through a third-party expert.
A review of the entire email oversight process should be done if the firm has been sanctioned, fined or being investigated for any other wrongdoing. FINRA will be checking into e-mail correspondence to determine whether the firm has violated any other regulations.
Here’s a checklist to ensure you are on the right side of regulatory compliances:
LegalEase Solutions offers corporate legal departments and law firms innovative support with Regulatory Compliance, Contract Lifecycle Management, Legal Analytics and more. Our email review services have saved financial companies 120 hours and resulted in 60% cost savings, not to mention the additional mind space, to focus on other compliance policies. Our team is designed to function as an extension to your legal practice/department, providing you the capabilities and resources to stay up to date with your needs. If you have a project you need a hand with, feel free to reach out to us at firstname.lastname@example.org. Our team is happy to assist.