The Securities Exchange Commission (SEC) recently announced sanctions against U.S. broker-dealers and an affiliated investment advisor for their failure to maintain and preserve records of business communications exchanged through text messages and other text messaging platforms such as WhatsApp. As a result, the SEC levied more than $1.1 Billion in fines against major U.S. broker-dealers for their record-keeping violations.
What you need to know
- The SEC recently sanctioned broker-dealers and an affiliated investment advisor for their failure to maintain records of business communications exchanged on personal devices.
- The sanctioned firms agreed to pay combined penalties of more than $1.1 billion and were required to improve their compliance policies and procedures.
- While Canadian Securities Regulators are also starting to tackle this issue, we expect that Canadian firms’ record-keeping practices will attract increase scrutiny.
Background
On September 27, 2022, the SEC announced sanctions against 16 broker-dealers and one affiliated investment advisor for widespread and long-standing failures by the firms and their employees to maintain and preserve electronic communications. In an age where employees are permitted and/or encouraged to use their own devices for work-related activities (sometimes referred to as “bring your own device” or “BYOD”), these sanctions serve as a reminder that compliance with record-keeping rules applies beyond firm-issued devices, and firms must have policies in place to preserve all firm business-related communications, no matter where they are stored.
Between January 2018 and September 2021, the sanctioned firms’ employees, including senior and junior investment bankers, as well as debt and equity traders, routinely used their personal devices to communicate about business matters through text messages. The firms did not maintain records of the vast majority of these communications, in violation of U.S. federal securities laws. These violations impacted the SEC's ability to fulfill its mandate and conduct fulsome investigations into other potential securities violations. The sanctioned firms agreed to pay combined penalties of more than $1.1 billion and were required to improve their compliance policies and procedures.
Canadian firms’ record-keeping obligations
While these sanctions were levied by a U.S. regulator, Canadian firms have similar record-keeping requirements. In Canada, National Instrument 31-103 (NI 31-103) and provincial securities legislation require market registrants to maintain proper records of their business activities, financial affairs, client transactions, and compliance with securities legislation.1 The Investment Industry Regulatory Organization of Canada and Mutual Fund Dealers Association of Canada impose further record-keeping requirements on registrants.2
For example, registrants’ obligation to maintain adequate records of client transactions includes, among other things, an obligation to accurately and fully document transactions entered into on behalf of a client, including buy and sell transactions, referrals, margin transactions and any other activities relating to a client’s account. Registrants are also expected to maintain records of all actions leading to trade execution, settlement and clearance, such as trades on exchanges, alternative trading systems, over-the-counter markets, debt markets, and distributions and trades in the prospectus-exempt market.
These obligations relate to the content of a communication – not its form. Therefore, registrants must maintain records of all forms of oral and written communications, which include but are not limited to text messages, instant messages, social media messages, voicemails, and voice notes, whether coming from a personal device or a firm-provided device.3
A failure to maintain proper records or otherwise maintain proper internal controls and systems in violation of Ontario securities laws can result in significant sanctions, including considerable fines.
In the absence of any further guidance by Canadian securities regulators, a policy precluding communication with clients by text messages may not be sufficient to comply with registrants’ record-keeping obligations, as the record-keeping obligations are not limited to client communications.4 In the U.S., the SEC also took issue with internal text messages between employees relating to the broker-dealer’s business, including investment strategy, discussions of meetings, and discussions about market colour, analysis, activity trends, and industry events.5
It may also be insufficient to implement a policy precluding the use of unapproved electronic communications methods, including on employees’ personal devices, if there is no follow-up or review systems in place to determine whether employees are reasonably following the firm’s policies.6
Canadian securities regulators are also tackling this issue. IIROC recently held that a Registered Representative’s use of WhatsApp and Signal Messenger for business purposes, in contravention of her employer’s policies and procedures, is not consistent with a registrant’s obligation to observe high standards of conduct.7 However, the SEC’s recent enforcement action against investment firms may signal that there is more come from Canadian securities regulators.
Key takeaways
This decision is a reminder that record-keeping obligations extend to any communications on personal devices. Policies prohibiting the taking of client instructions on personal devices may not be sufficient to meet regulators' expectations and comply with the rules. Firms should review their policies and procedures to ensure not only that they are sufficient to comply with record-keeping and perseveration obligations, but also that controls are in place for follow-up review.
1 See for example, Securities Act, RSO 1990, c S.5, s. 19(1); Securities Act, RSA 2000, c S-4, s. 60.1; Securities Act, CQLR, c V-1.1, s. 158; Securities Act, RSBC 1996, c S.3.1.1.
2 IIROC Rule 3804; MFDA Rule No. 5.
3 See e.g. Ontario Securities Commission, “OSC Staff Notice 15-708: Enforcement Branch Document Production Guidance” (July 22, 2021).
4 Ontario Securities Commission, CP 31-103.
5 In the matter of Barclays Capital Inc, Order Instituting Administrative and Cease-And-Desist Proceedings, Pursuant to Sections 15(b) and 21C of the Securities Exchange Act of 1934, Making Findings, And Imposing Remedial Sanctions And A 6 Cease-And-Desist Order (September 27, 2022).
6 In the Matter of BofA Securities, Inc. and Merrill Lunch, Pierce, Fenner & Smith Incorporated, Order Instituting Administrative and Cease-And-Desist Proceedings, Pursuant to Sections 15(b) and 21C of the Securities Exchange Act of 1934, Making Findings, And Imposing Remedial Sanctions And A Cease-And-Desist Order (September 27, 2022).
7 Re Sweeney, Settlement Agreement dated August 17, 2022; Re Barber, Statement of Allegations dated August 15, 2022.
