A sizable, well organized record collection is always impressive – but we’re not talking about the vinyl. While you might not find a record player in every office, record retention is as essential as ever for banking and finance firms.
Managing, capturing, and storing all critical business materials, including records, documents, and communications, assures that organizations have an evident collection of their data in case information is lost or needs to be audited by a federal entity. Moreover, regular retention is part of the day-to-day of business, as inevitably, data will need to be accessed and reviewed at a later time.
When organizations archive their records and establish compliance measures, all should be well. Yet, many companies face fines and breaches for recordkeeping failures. So much so that the Securities and Exchange Commission (SEC) underscored its intolerance for inadequate retention and warned companies to keep in line, or else they may be next.
Even when recordkeeping rules are in place, there are regular examples of organizations not maintaining them correctly, causing noncompliance. Such was the case with J.P. Morgan Securities LLC in December 2021. The company failed to store written communications and could not present requested records when subpoenaed by the SEC.
Besides meeting federal requirements, the threat of a potential data breach speaks to the vitality of appropriate recordkeeping. Supervising and reviewing communications records can identify and mitigate possible breaches, protecting organizations from harm and compromised data, as well as the reputational damage associated with a data breach.
The minutiae of everyday dealings may seem inconsequential, but all pieces of information could be relevant to business operations. Stay vigilant, and make sure nothing goes unnoticed or unrecorded.
So, why do companies need to retain their records?
All companies should collect records and valuable data to refer to when needed. Not only does retention assist in tracking and authenticating information, but it is also beneficial for proof of investments, accounts, transactions, interactions, and more.
For financial firms and data, recordkeeping is a fundamental system. Without successful retention, the industry could not operate. If financial information is jeopardized or unverifiable, it can threaten the very existence of a company. Besides being unable to validate business relations and dealings, federal entities would have no way to track vital data and confirm compliance.
In a statement concerning updates to electronic recordkeeping requirements in October 2022, the Securities and Exchange Commission (SEC) Commissioner Caroline Crenshaw commented on the importance of record retention:
“Recordkeeping is not an especially flashy topic. However, for regulators, a robust recordkeeping regime is fundamental to our ability to oversee our regulated entities. Without accurate and complete records, it is difficult or impossible to assess compliance with our rules.”
Failure to follow regulations can result in disciplinary action and tremendous fines that can be detrimental to organizations. In 2022, the total amount issued by the SEC for fines and recordkeeping failures stood at $6.4 billion.
(Record)keep on top of things
Per SEC and the Financial Industry Regulatory Authority’s (FINRA) requirements, retention timelines can vary based on record type. Detailed information on how long each record must be kept is covered in section 17 (a)(1) of the Securities Exchange Act of 1934. FINRA also has its own requirements. Notably, SEC Rule 17a-4 had remained unchanged until October 2022, when it was amended for the first time in 25 years to modernize recordkeeping requirements and reflect industry changes.
A ledger reflecting all assets and liabilities, for example, must be preserved for at least six years, while originals of all communications received and copies of all communications sent by a national security exchange member or broker-dealer must be preserved for at least three years.
To abide by and support a successful retention system, organizations should maintain a schedule detailing how long they’ve had (and will need to retain) a range of records. Well-defined documentation makes it easier to sort through records and confirm that businesses are following procedures accurately.
On top of that, organizations should have policies around compliant communications, which is a huge aspect of recordkeeping failure and associated fines. Off-channel communications are consistently making headlines, so it is imperative that companies mandate communication and messaging procedures around all relevant platforms to manage and record all internal and external business interactions in case federal entities come knocking.
In October 2021, Gurbir Grewal, Director of the SEC’s Division of Enforcement, urged organizations to be proactive in creating policies to maintain compliant communications:
“A proactive compliance approach requires market participants to not wait for an enforcement action to put in place appropriate policies and procedures to preserve these communications and anticipate these emerging challenges.”
Businesses can ensure their records are suitably stowed and maintained by obtaining an archiving tool from a third-party vendor. Researching a comprehensible, trusted, and compliant archive system is key to meeting recordkeeping requirements.
Safety first, second, and third
A particularly crucial reason that retaining information is required of all financial organizations is because of the safety risks associated with the industry. Often, bad actors’ main goal is monetary gain. Who better to target than an institution dealing with sensitive financial information?
Record retention is advantageous in safeguarding organizations from harm. If an employee shares sensitive information over a non-compliant messaging platform, for example, and is hacked by a cybercriminal, or if the person they are messaging is not who they think they are, it can cost a lot of money. Not to mention, this situation can significantly impact a company’s reputation.
Now that’s stored away
Recordkeeping has been, and will likely remain, a hot topic in finance. While federal regulators continue to stress the importance of proper retention, news consistently demonstrates that it is an ongoing concern.
When regulators come around, don’t end up a target of recordkeeping failure fines. Take charge by applying and upholding policies around record retention, remaining compliant with federal requirements, effectively storing records to protect important information, and making sure all your corporate communications are ‘on the record’.