The COVID-19 pandemic has permanently altered the way people engage and relate to one another across both personal and professional settings. In the workplace, the changes have resulted in a more casual work environment, with people working from their home offices instead of office buildings, replacing their work attire for jeans and a golf shirt and occasionally using unsanctioned devices to conduct business. Luckily, due to advancements in technology, most industries were able to pivot to this "new normal" with relative ease, relying on email, video conferencing, instant messaging platforms and newer applications such as WhatsApp to stay in front of clients and conduct business. And while this change has been a lifeline for a lot of companies, it has created enormous problems for highly regulated industries, such as financial services, which are required to track and retain substantive written business communications, including electronic communications, to clients and among colleagues in order to protect investors and avoid market manipulation.

Under the watchful eye of Chair Gary Gensler, the U.S. Securities and Exchange Commission has taken notice of mistakes made by large financial institutions, such as Goldman Sachs, HSBC Holdings Plc and JP Morgan Securities LLC (JPMS), a broker-dealer subsidiary of JPMorgan Chase & Co., in the way they inadequately collected and retained electronic communications among their employees, which resulted in several ongoing investigations and even a historically steep fine. The agency's actions against these firms were on top of the previous probes from late last year of other well-known financial entities, such as Bank of America Corp., Citigroup Inc., Morgan Stanley and Credit Suisse Group AG, illustrating the seriousness with which Gensler intends to pursue this type of misconduct.

This does not bode well for unprepared investment advisers and broker dealers, given that Gensler noted that other investigations of this scope and magnitude are already underway, signaling that enforcement actions will likely be on the rise in 2022 and beyond. Therefore, firms of all types and sizes should be taking a hard look at their electronic record preservation systems, reporting abilities and related policies and procedures across the entire organization to ensure that they are compliant.

To help firms gain a better understanding of the current requirements, below is an overview of the books and records regulations governing electronic communications, some insight on the recent investigations and enforcement actions taken by the SEC, as well as recordkeeping best practices that can help firms stay out of the crosshairs of regulators.

|

Navigating the Current Recordkeeping Compliance Ecosystem

"Since the 1930s, record-keeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC's ability to be an effective cop on the beat," remarked Gensler in a statement from the SEC following the announcement of charges against JPMS. Here, he is of course referring to the books and records rules (Rule 17a-3 and Rule 17a-4) under Section 17(a)(1) of the Securities and Exchange Act of 1934, which "specif[ies] minimum requirements with respect to the records that broker-dealers must make, how long those records and other documents relating to a broker-dealer's business must be kept and in what format they may be kept. The SEC requires that broker-dealers create and maintain certain records so that, among other things, the SEC, self-regulatory organizations ('SROs') and state securities regulators may conduct effective examinations of broker-dealers."

He has made clear in various testimonies before Congress, and in news releases/statements from the SEC, that he intends to crackdown on Wall Street banks and firms with a "fierce urgency of now" as illustrated by the ambitious agenda he has unveiled since taking the helm under the Biden administration. Chief among Gensler's primary concerns right now is recordkeeping probes and enforcement actions. Nothing drives this point home more than the latest measures taken by the SEC.

Most recently, for instance, Goldman Sachs announced in its annual report on Feb. 25, 2022, that it was cooperating with the SEC and "producing documents in connection with an investigation of the firm's compliance with records and preservation requirements relating to business communications sent over electronic messaging channels that have not been approved by the firm." Just a few days before this news was released, HSBC Holdings Plc announced on Feb. 22, 2022, that "it was being investigated in the U.S. for its bankers' use of WhatsApp and other personal messaging services for business purposes."

Both of these investigations follow the news from December 2021 about the fines issued against JPMS by the SEC and the Commodity Futures Trading Commission, to the tune of $200 million, for "widespread and longstanding failures by the firm and its employees to maintain and preserve written communications" on mobile devices, messaging apps and personal emails. According to one report of the matter, JPMS' "unofficial communications involved the exchange of tens of thousands of messages among more than 100 employees using personal text, email and WhatsApp accounts. The communications involved the breadth of the broker's business, from trading to investment banking."

In addition to the fine, which is the largest recorded to date of this kind, JPMS agreed to hire a compliance consultant to conduct an audit of their processes and employee training mandates in order to help them implement "robust improvements to its compliance policies and procedures to settle the matter."

Commenting on this case, Gensler stated "[a]s technology changes, it's even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight. Unfortunately, in the past we've seen violations in the financial markets that were committed using unofficial communications channels, such as the foreign exchange scandal of 2013. Books-and-records obligations help the SEC conduct its important examinations and enforcement work. They build trust in our system. Ultimately, everybody should play by the same rules, and today's charges signal that we will continue to hold market participants accountable for violating our time-tested recordkeeping requirements."

Gensler also noted that this will not be the last investigation that the SEC undertakes during its sharpened interest in the inspection of communications practices at all financial services companies. In fact, the SEC explicitly states that "as a result of the findings in this investigation, the SEC has commenced additional investigations of record preservation practices at financial firms."

These enforcement actions are a telltale sign for broker-dealers that they need to get their books and records programs in order or face the consequences from the SEC, but what does this mean for investment advisers specifically? Through the SEC's actions against bulge bracket firms such as Goldman Sachs, HSBC and JPMS, there will surely be similar scrutiny applied against smaller broker-dealers, which will inevitably have the same impact on investment advisers when undergoing regulatory examination. And per the Investment Advisers Act of 1940, which stipulates what qualifies as investment advice and who can dispense it, when investment advisers are inspected by the SEC, investment adviser firms may not only be asked to provide proof of retaining all written substantive business communications, but also how these communications support investment decisions made by the adviser. Therefore, this enforcement activity is a warning to investment advisers of what could be coming down the pike for them from regulators if they don't act now in ensuring their recordkeeping practices are tightened up.