The Financial Industry Regulatory Authority (FINRA) announced today that it has fined five affiliates of ING $1.2 million for failing to retain or review millions of emails for periods ranging from two months to more than six years.
NASD rules require that firms develop procedures for the review of email correspondence with the public, and FINRA is taking it very seriously.
The five firms, indirect broker-dealer subsidiaries of ING Groep N.V., are Directed Services LLC; ING America Equities Inc.; ING Financial Advisers LLC; ING Financial Partners Inc.; and ING Investment Advisors LLC.
The firms violated other related rules by failing to establish and maintain procedures that were reasonably designed to comply with their email and electronic messaging review and retention obligations, the consent order alleges.
“As a result of broad systemic failures, these firms failed to capture and retain emails from hundreds of representatives and other associated persons, and failed to take adequate steps to ensure that their principals were fulfilling their responsibilities to review emails,” stated Brad Bennett, FINRA’s chief of enforcement. “Email retention and review continues to be an important regulatory responsibility and an issue of concern for FINRA.”
FINRA fined broker-dealer Ausdal Financial Partners Inc. of Davenport, Iowa, $25,000 and censured the company last year, for allegedly failing to establish email addresses on the server for newly-registered representatives and associated personnel, due to user error, for more than two years. The firm did not admit nor deny the allegations, but consented to the settlement. The findings also stated that the firm allowed its registered representatives to use their personal email addresses, as long as they forwarded securities-related emails to any of the email review boxes the firm established. However, for a period, the emails sent to one of these email review boxes were deleted on a weekly basis because the review box would become full and would not accept any additional emails. (See FINRA Case #2011028992201)
FINRA has also taken numerous other actions resulting in fines and censures, as reported this month by its February disciplinary action roundup, involving emails, against individuals and multiple companies for allegedly failing to supervise their firm’s retention and review of email when, for a period, the firm failed to retain or review all of the emails.
In many cases, the email preservation issues show up alongside other compliance shortcomings, so email system preservation and review are checked by FINRA examiners as a matter of course.
In one recent case, FINRA found one firm failed to employ a systematic and consistent method for confirming that its registered representatives were forwarding all securities-related emails for retention. This firm also allegedly failed to have an adequate system in place to confirm whether outside business email addresses were being used for securities-related correspondence and whether all were being retained. The firm failed to reasonably enforce its supervisory procedures to ensure that all securities-related emails registered representatives sent or received were captured, reviewed.
With ING companies in particular, the fine or enforcement was not in addition to other compliance shortcomings for email issues, but was instead focused on email systems and one of the largest of its kind there.
FINRA found that the firms failed to properly configure hundreds of employee email accounts to ensure that the emails sent to and from those accounts were retained and reviewed at various times between 2004 and 2012.
In addition, four of the firms failed to set up systems to retain certain types of emails, such as emails using alternative email addresses, emails sent to distribution lists, emails received as blind carbon copies, encrypted emails and “cloud” email (emails sent through third-party systems).
This means firms need to retain emails sent on the firm’s computer, even if those emails are not work email addresses. Users at the firms were able to permanently delete emails from the software provider’s application, resulting in their permanent deletion.
As a result of these failures, emails sent to and from hundreds of employees and associated persons were not retained; and because the emails were not retained, they were not subject to supervisory review.
In addition, four of the firms failed to review millions of emails that the firms’ email review software had flagged for supervisory review. At various times between January 2005 and May 2011, nearly six million emails flagged for review went unreviewed by supervisory principals because the email review software was not properly configured.
In concluding the consent order and settlement the firms neither admitted nor denied the charges, but consented to the entry of FINRA’s findings. The firms waived all procedural appeals and rights to claim bias or prejudgment.
The consent order was signed by ING America Equities Inc. President and CEO Margaret Wall on Jan. 22, ING Financial Partners CEO Karl Lundberg on Jan. 25, then ING Investment Advisors LLC President Patrick Kennedy on Jan. 28
The matter must be reviewed and accepted by the National Adjudicatory Council (NAC) or a review subcommittee of the NAC or the office of disciplinary affairs.
FINRA ordered the firms to conduct a comprehensive review of their systems for the capture, retention and review of email, and to subsequently certify that they have established procedures reasonably designed to address and correct the violations.
“We are pleased that this matter has been resolved with FINRA,” ING said in a statement. “It did not impact our customers, nor did it result from any customer issue.
“The five broker-dealers communicated this information to FINRA in a series of self-reports that began in October 2010. The broker-dealers also undertook an extensive internal review of their policies, procedures and systems and have cooperated fully with FINRA’s investigation. As a result, the impacted broker-dealers have engaged in significant efforts to improve their email retention and supervisory practices.”