Close
ThinkAdvisor

Regulation and Compliance > Federal Regulation > FINRA

Scottrade to Pay $2.6M FINRA Fine Over Email Retention Failures

X
Your article was successfully shared with the contacts you provided.

Scottrade, Inc. agreed Monday to pay $2.6 million to the Financial Industry Regulatory Authority for failing to retain “a large number” of securities-related electronic records in the required format, and for failing to retain certain categories of outgoing emails.

FINRA said that Scottrade also did not have a reasonable supervisory system in place to achieve compliance with certain Securities and Exchange Commission and FINRA books and records rules, which contributed to its record-retention failures.

Federal securities laws and FINRA rules require that business-related electronic records be kept in non-rewritable, non-erasable format (also referred to as “Write-Once, Read-Many” or “WORM” format) to prevent alteration.

WORM-formal rules, the SEC has stated, are an essential part of the investor protection function because a firm’s books and records are the “primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards,” FINRA states.

Scottrade neither admitted nor denied the charges, but consented to the entry of FINRA’s findings.

From January 2011 to January 2014, FINRA states that Scottrade did not have centralized document-retention processes or procedures for all firm departments to follow. “Further, no one at the firm was charged with responsibility for ensuring a consistent document-retention process, fully compliant with the record-retention rules, including the requirement that all records be retained in WORM format.”

Personnel in different departments of the firm saved certain documents to a restricted shared drive, which was not WORM-compliant, according to FINRA. “As a result, Scottrade failed to preserve a large number of key securities business electronic records in the required format.”

Over a related time frame, FINRA found that Scottrade also failed to copy more than 168 million outgoing emails to the firm’s WORM storage device, resulting those emails being deleted.

These emails were generated automatically by the firm’s internal systems or by third-party vendors acting on Scottrade’s behalf, and included items such as margin call notices, address change notifications and failed password attempt notifications, FINRA states.

“Firms must maintain sound supervisory systems and procedures to ensure the integrity, accuracy, and accessibility of electronic books and records,” said Brad Bennett, executive CP and chief of Enforcement, in a statement.

– Related on ThinkAdvisor: Cybersecurity: A Checklist for Advisors