Keeping financial institutions ahead of electronic recordkeeping regulations.

There are two key regulatory bodies that oversee the electronic recordkeeping regulations discussed in this whitepaper—the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA). This section breaks down their responsibility, authority level, and registered positions.

Securities and Exchange Commission

The SEC is a federal agency established by Congress. They oversee the US securities markets and regulate investment advisers, broker-dealers, and other market participants.

The SEC exercises broad regulatory and enforcement authority. The SEC also includes cooperating and sharing information with other regulatory authorities including FINRA, the OCC, and the Commodities Futures Trading Commission to protect investors and maintain market authority.

Information-sharing includes:

• Examinations
• Enforcement actions
• Emerging trends

Financial Industry Regulatory Authority.

FINRA is a self-regulatory organization authorized by Congress and overseen by
the SEC. FINRA oversees US brokerage firms and individually registered
representatives.

FINRA can also create and enforce rules specific to brokerages—if those rules
don’t conflict with the SEC’s regulations. Authority-wise, FINRA can examine
and take disciplinary action against representatives and firms for violation of
its rules.

FINRA works in tandem with the SEC on regulations impacting US
broker-dealers. The SEC also reviews and approves FINRA’s budget, rules,
procedures, operations, and changes.

Let’s highlight three key policies in the compliance space—the Securities Exchange Act, the Investment Advisers Act, and FINRA Rule 4511. Each section covers which group is regulated and the core elements.

Securities Exchange Act.

Electronic recordkeeping under the Securities Exchange Act (SEA) Rule 17a-4 refers to the storage and maintenance of business records in an electronic format. The goal is to ensure the integrity, accessibility, and preservation of electronic records that pertain to security activities and transactions.

Five core components of the SEC electronic recordkeeping regulatory requirements.

• Maintenance of records: Creation and maintenance of electronic forms, digital documents, or databases that provide records related to securities transactions, financial statements, and other activities.

• Accessibility and retrieval: The ability to access and retrieve electronic records promptly upon request. This also refers to the appropriate systems and procedures a financial institution implements to maintain the electronic records.

• Security and preservation: Storage, protection, and retention measures to preserve records for potential audits, investigations, or legal proceedings.

• Audit trails: Capturing and preserving audit trails associated with electronic records. Audit trails are a time-stamped complete record that includes modifications, deletions, date and time of actions, and identity of the individual(s) modifying the document.

• Compliance and recordkeeping policies: The establishment and enforcement of compliance policies and procedures to meet regulatory requirements—includes documenting recordkeeping policies, employee training on recordkeeping practices, and conducting periodic reviews or audits to ensure regulation adherence.

Investment Advisers Act.

The Investment Advisers Act of 1940 (IAA) regulates investment advisers. Advisers registered with the SEC are required to make and keep records related to its business—including communications conveyed electronically. The IAA rules forth requirements of electronic recordkeeping.

Five core components of the IAA electronic recordkeeping regulatory requirements.

• Preservation of records: Client agreements, transaction records, and correspondence that are preserved and accessible in electronic format.

• Duration of recordkeeping: Investment advisers must maintain and retain records for at least five years from the end of the fiscal year in which it was created.

• Safeguard original records: Authenticity, reliability, and accuracy of the electronic records. This can also include security measures to prevent unauthorized alteration or deletion of the records.

• Accessibility and retrieval: Systems and processes in place to locate and retrieve specific records when needed.

• Examination and inspection: The ability to immediately provide electronic records for examination and inspection by the SEC.

FINRA Rule 4511.

FINRA Rule 4511 requires FINRA members to make and preserve books and records as required by FINRA, the SEA and applicable SEA rules, and preserve those books and records in a format and media that complies with SEA Rule 17a-4.

Six core components of FINRA Rule 4511’s electronic recordkeeping regulatory requirements.

• Record retention: Brokerage firms must retain customer account information, trade confirmations, account statements, and communications related to business activities for the specified retention period, and for at least six years for records that have no specified retention period.

• Data integrity and security: Measures implemented to prevent unauthorized access, data loss, or tampering of electronic records—including but not limited to encryption and secure backup systems.

• Accessibility and retrieval: Organization, indexing, and retrievability of electronic records for regulators, auditors, or as part of legal proceedings.

• Supervision and review: Processes in place to supervise and review email or instant message electronic communication.

• Business continuity: Contingency plans in case disasters or system failures impact the availability or integrity of electronic records—can include backup systems, disaster recovery strategies, and regular testing.

• Record format: Formats that are accurately reproduced and retained throughout the required six-year retention period. Must be readable and unaltered regardless of technology.

It’s a challenging task to find the right balance between meeting the communication needs of customer-facing teams and adhering to regulations required by compliance teams.

Compliance requirements are difficult to understand—leading to errors and non-compliance. Here are several consequences financial institutions face if they are not compliant:

• Regulatory investigations and enforcement actions
• Civil penalties and monetary fines
• Legal proceedings and criminal charges
• Remedial actions and injunctions
• Reputational damage and lowered investor confidence
• Civil lawsuits (by affected parties)

Adapt quickly and meet customer and regulatory needs with T-Mobile MultiLine. MultiLine is the only carrier-agnostic cloud-based solution for electronic communications recordkeeping in Financial Services—compliant with SEC and FINRA requirements.

The MultiLine app enables messaging and voice calling on a mobile phone and desktop. Here are five ways this solution can add value to financial institutions:

1. Automate compliance in mobile communications internationally
2. Safeguard and manage B2B/B2C communications
3. Maintain continuity of service and client preference within one app
4. Reduce business risk with workforce changes
5. Remain compliant with changing FINRA and SEC regulations

IT teams need to ensure reliable coverage of communications technology and have their new solutions integrate with their existing management, archival, and security tools. Check out how MultiLine gets the job done.

Communication management for remote and in-the-field teams.

When onboarding or updating employees’ devices, IT teams can quickly scale compliant communications with an app that is installed in minutes. This app is compatible with the employees’ own or company-provided devices. For finer control, IT Administrators can leverage rapid provisioning, compliance management, and reporting tools.

Text capture from customer communications and CRM integration.

MultiLine lets organizations produce searchable, consolidated mobile recordings and easy data discovery. Additional archival and CRM integrations support text messages and voice calls while existing mobile device management (MDM) solutions provide streamlined deployment. This app is compatible with the Actian, ASC, Verba, Nice, Verint, and Redbox archival platforms. MultiLine is also compatible with Blackberry and Microsoft Intune MDM solutions.

Maintaining a balance of regulatory compliance and free-flow communication.

The MultiLine app is a safeguarded platform that helps protect sensitive communications and client data. This app offers automatic blocking and redaction of sensitive information—lessening the burden of data stewardship for end users that can tailor to individual business needs.

Messaging within the app is end-to-end encrypted and supports PII redaction. This includes text redaction that integrates with WhatsApp.

Stay prepared for on-premises and offline employee communications audit.

MultiLine enables businesses to support workers on the go through carrier-grade voice, data, and Wi-Fi calling. Simultaneously, this app produces consolidated message and voice call recordings that are transferred to supported archival providers.

The problem.

The SEC fined a global financial institution a $125 million fine for failing to comply with electronic communications record-keeping regulations. As a result, this institution wanted to automate compliance with an easy-to-deploy solution.

The solution.

This institution leveraged MultiLine for employee devices and corporate-liable phones. The goal was targeted at automating electronic record-keeping compliance for customer-facing employees. Our app stood out since they needed a solution that was:

• Cloud-based and carrier-agnostic
• Single app for all compliance communications features (voice, SMS capture)
• Integration with WhatsApp
• Able to implement at-scale

The outcome.

Our solution resulted in 8,000 lines added—comprising of 58% of the institution’s US employees. Ultimately, MultiLine helped them achieve their goal of compliance with electronic record-keeping regulations—reducing the risk of future fines.