If securities regulators were to start enforcing e-mail retention rules today, independent advisors would in be big trouble. Based on my recent conversations with advisors and compliance consultants, I’d estimate that a majority of independent advisors are out of compliance with the e-mail retention rules set by the Securities & Exchange Commission and the National Association of Securities Dealers.
RIAs are subject to less onerous rules then registered reps and broker/dealers. They have to retain their e-mails in case of an audit by the SEC. Reps affiliated with a B/D, however, are subject to tougher rules. Their B/D must retain all their e-mails in a non-rewriteable format, but the B/D must also have a procedure in place to review all the e-mails to and from every rep.
It’s easy to argue that e-mail is so new that you’d have to give time for a B/D or RIA to catch up to the rules, especially since forcing financial firms to spend money on expensive compliance systems in a bear market is asking a lot. But the Internet has been around long enough, and regulators have been more than patient in closing their eyes while e-mail has become the main medium for correspondence between many advisors and their clients. So it’s only a matter of time before regulators get serious about compliance on the Internet by independent advisors.
E-mail has already figured prominently in brokerage enforcement cases. In December, five brokerage firms were fined $8.25 million for violating record-keeping retention requirements concerning e-mail communications. Deutsche Bank Securities, Goldman, Sachs, Morgan Stanley, Salomon Smith Barney, and U.S. Bancorp Piper Jaffray signed a consent order. Each will pay a $1.65 million penalty after being charged with failing to keep their e-mail records in accordance with Section 17(a) of the Exchange Act, specifically Rule 17 a-4 as well as NYSE Rule 440 and NASD Rule 3110.
The most infamous e-mail-related enforcement action to date, however, was settled on April 28. That is when 10 of the largest brokerages in the country agreed to disgorge $387.5 million, pay $432 million to fund independent research, and pay $487.5 million in penalties, while neither admitting nor denying charges by New York Attorney General Elliot Spitzer. Undoubtedly, the case would not have been as airtight were it not for the fact Spitzer found e-mails written by research analysts that privately disparaged stocks that the firms recommended publicly. In fact, one notorious e-mail message described as “a piece of junk” a company that had at the same time received the brokerage’s highest stock rating. That patently exposed the conflict of interest that wirehouses face in rating stocks they also underwrite and that generate lucrative investment banking fees for them.
Why have the giant brokerages been brought so low during this three-year bear market, while independent reps and RIAs have avoided major scandals? I have some theories. Regulators tend to find wirehouses more fertile ground for their efforts because the giant Wall Street firms, with thousands of employees, are susceptible to systemic corruption that can damage thousands of clients. Corruption at an independent B/D or RIA is likely to be isolated because of the separation between independent branches or RIAs. Plus, independent advisors don’t generate proprietary research. That alone averts a potentially significant conflict of interest.
But the business of the independent RIA giving advice to wealthy individuals may be remarkably devoid of big scandals because individuals who are entrepreneurial enough to set up their own advisory business may simply be less likely to defraud customers or treat them badly. And regulating and conducting examinations of independent advisors–one unique branch or one RIA at a time–is more difficult than regulating the standardized, uniform businesses at wirehouses. In wirehouses, where all branches use the same products, technology platform, and interoffice systems, it’s probably much easier to conduct an inspection than in small branches or RIA offices that all do things differently.
Still, with e-mail proving to be such a valuable way to track correspondence between a brokerage employee and customers, vendors, and supervisors, it is a good bet that the regulators will not continue to allow widespread violation of the rules by independent RIAs and reps. Part of the reason there have been no fines or major cases brought against independent B/D’s is that the technology for fulfilling e-mail compliance can be difficult to implement. An independent B/D needs reps to cooperate. Many don’t understand the issues or regard e-mail compliance as an encroachment on their independence.
Rules for B/D Reps
Let’s look at the rules for e-mail, first focusing on considerations most relevant to independent reps and B/Ds, and then RIAs. Broker/dealers need to retain e-mails in a place accessible to regulators for two years, and keep them for three years. This includes interoffice memos as well as customer communications. Marianne Czernin, a senior VP and director of broker/dealer client services at National Regulatory Services in Lakeville, Connecticut, says that retention is only part of the requirement. Review of e-mails is the other part.
Czernin says that when e-mail first began to become a serious mode of communication in the mid-1990s, broker/dealers simply required reps to print out copies of their e-mail correspondence with clients. Anything to do with an order, recommendation, proposal, or ad would need to be printed out and reviewed as well as retained. But over the years, she says, e-mail has probably come to comprise a majority of client communications. Only smaller broker/dealers, and a small number of medium-sized ones, continue to rely on review and retention of e-mails printed out on paper. Larger firms have moved to electronic systems.
Broker/dealer e-mail compliance systems work on an easy-to-understand premise. The B/D hosts an e-mail server dedicated to serving e-mails for its reps. The server can be owned by the B/D and be on its premises or located at an Internet service provider’s data center. As long as all incoming and outgoing e-mails to and from reps go through the B/D’s e-mail server, software can be set up to review the e-mails and retain them.
A Mid-sized Problem
Czernin say that although some firms have set up such servers and software systems, many have not. “The huge firms have the money and the people to deal with this, and the small firms with four or five reps can do it manually and it is not an issue for them,” says Czernin. “It is the small and medium-sized firms that this is impacting from a cost and time perspective. No one is ignoring the issue,” Czernin adds. “They know that it is an issue and it is something they need to deal with.”
Czernin says firms “are pretty much doing” what is needed: buying or leasing e-mail servers and compliance software to monitor e-mail. But Brian Hamburger, managing director of Market Counsel, a Teaneck, New Jersey, compliance consulting firm, maintains that “a significant number of firms, large and small, have simply not addressed this issue.”
Hamburger says advisors have become a big impediment to the successful implementation of e-mail compliance systems. Maybe it is because B/D compliance departments often tie up reps in paperwork on seemingly trivial issues and have created great animosity with reps. Maybe it is because reps fear ceding day-to-day control of their e-mail service to their B/D. Indeed, many reps ignore the request of their broker/dealer to use their B/D-hosted e-mail address. I know from my own experience that many reps refuse to use their broker/dealer’s e-mail server. But I am pretty sure that is going to have to change.
Czernin says that broker/dealers that don’t oblige representatives to use their e-mail server “are basically not supervising their reps. They are at serious risk. It is just like deciding not to audit a branch or check your order tickets,” she says. “It’s a requirement.”
While I know how frustrating it can be to have your materials approved by compliance, this may actually be an instance where the broker/dealers should persevere. Like most compliance issues, you ultimately must submit. And, besides, letting your B/D host your e-mail should not be any different from running your e-mail through AOL, Hotmail, or your own local ISP.
If your B/D allows it, you should still be able to use your firm’s domain name in your e-mail address and there is no technological necessity to use your B/D’s name in your e-mail address. Your e-mail should be delivered as fast as if you use any other service to host your e-mail. The only difference is your B/D’s e-mail server will have special software on it that will let the B/D review the e-mails and retain them.
Retaining the e-mails, while not trivial, is fairly straightforward for broker/dealers. They need to be able to provide an NASD or SEC examiner with all of a rep’s correspondence with a particular client. The archive of e-mails must be retained on a non-rewriteable medium to comply with NASD rules. This can reasonably assure regulators that the e-mails have not been altered.
The review of the e-mails is where it can be trickier. Czernin says that there is no need for every e-mail to be reviewed prior to being delivered to the rep or sent out from the rep. However, she says the messages should be reviewed within a day or two of their arrival on the B/D’s e-mail server. With the volume of e-mail growing so rapidly, that’s an enormous job.
Czernin says she recently visited a B/D with 500 reps. The firm had set up its own e-mail server and established a policy requiring review of every incoming and outgoing e-mail. But she says that when she asked the compliance officer responsible for the reviews what he does with all the e-mails, “he said the firm was still sorting it all out.”
Scanning for Sensitive Words