A quick guide to regulator’s requirements for the financial industry.
In our remote and hybrid working world, financial firms are using a varied range of digital communication channels to conduct business and interact with clients. Read our quick guide, which summarises what regulators specify in regard to monitoring communications to manage conduct, and mitigate the risk of financial crime.
The Hybrid / Remote Working Picture
The Financial Conduct Authority (FCA) has released guidance which specifies that financial businesses must monitor and keep a record of all business-related communications which include telephone conversations and ‘electronic communications’ such as emails and instant messages.
SYSC 10A.1.6 | A firm must take reasonable steps to record phone conversations and keep a copy of electronic communications that relate to financial activity that are made with, sent from, or received on equipment provided by the firm to an employee or contractor; or the use of which by an employee or contractor has been accepted or permitted by the firm.
SYSC 10A.1.7 | A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy.
SYSC 10A.1.8 | The telephone conversations and electronic communications recorded in SYSC 10A.1.6 must include those that intend to result in financial activity, even if those conversations or communications don’t end up resulting in financial activity.
SYSC 10A.1.14 | The records (including phone and electronic communications records) kept in accordance with this chapter must be provided by the firm to the client involved upon request; and kept for a period of five years and, where requested by the FCA, for a period of up to seven years.
ESMA (EU & UK)
The European Securities and Markets Authority (ESMA) has established a set of rules (MIFIID II) that apply to financial firms in the EU and the UK which require investment firms to record all communications relating to the “reception, transmission, and execution of client orders.”
MIFIID II, Article 16(7) | Records must be kept of telephone conversations and/or electronic communications relating to a transaction and the provision of client order services that relate to the reception, transmission and execution of client orders.
Records of such telephone conversations and electronic communications must include all activity that intends to result in a transaction, even if the transaction doesn’t end up happening.
An investment firm shall take all reasonable steps to record relevant telephone conversations and electronic communications, made with, sent from or received by equipment provided by the investment firm to an employee or contractor or the use of which by an employee or contractor has been accepted or permitted by the investment firm.
An investment firm shall take all reasonable steps to prevent an employee or contractor from making, sending or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the investment firm is unable to record or copy.
The telephone and electronic communications records must be kept for a period of five years and, where requested by the competent authority, for a period of up to seven years.
The U.S. Securities and Exchange Commission (SEC) has established rules which require financial businesses to monitor and retain all written and electronic communications relating to their business.
Rule 17a-3 | Brokers and dealers must create and preserve comprehensive records of each securities trade, including copies of blotters, account statements, trade confirmations, cancelled checks, communications with the public and more. All records must be preserved for a period of not less than 6 years, the first two years in an easily accessible place.
Rule 17a-4(b)(4) | Brokers and dealers must preserve originals of all communications received and copies of all communications sent by the member, broker or dealer (including inter-office memoranda and communications) relating to its business for a period of not less than three years, the first two years in an easily accessible place.
Rule 17a-4(f) | The records preserved for Rule 17a-3 and 17a-4 may be immediately produced or reproduced by means of an electronic recordkeeping system or by means of micrographic media and be maintained and preserved for the required time in that form.
- The term micrographic media means microfilm or microfiche, or any similar medium;
- The term electronic recordkeeping system means a system that preserves records in a digital format in a manner that permits the records to be viewed and downloaded.
Rule 17a-4(f)(2) An electronic recordkeeping system must have a time-stamped audit trail that includes details of:
- All modifications to and deletions of the record or any part thereof;
- The date and time of actions that create, modify, or delete the record;
- If applicable, the identity of the individual creating, modifying, or deleting the record; and
- Any other information needed to maintain an audit trail of the record in a way that maintains security, signatures, and data to ensure the authenticity and reliability of the record and will permit re-creation of the original record if it is modified or deleted; or
- Preserve the records exclusively in a non-rewriteable, non-erasable format;
- Have the capacity to readily download and transfer copies of a record and its audit trail (if applicable) in both a human-readable format and in a reasonably usable electronic format and to readily download and transfer the information needed to locate the electronic record.
Rule 204-2(a) | Investment advisers must keep certain books and records relating to their investment advisory business, including originals of all written communications received and copies of all written communications sent by the investment adviser in an easily accessible place for a period of not less than five years, the first two years in an appropriate office of the investment adviser relating to:
- Any recommendation made or proposed to be made and any advice given or proposed to be given
- Any receipt, disbursement or delivery of funds or securities
- The placing or execution of any order to purchase or sell any security
- The performance or rate of return of any or all managed accounts or securities recommendations.
Rule 204-2(a)(11)(B) | Investment advisers must make a copy of each notice, circular, advertisement, newspaper article, investment letter, bulletin or other communication that the investment adviser circulates or distributes, directly or indirectly, to ten or more persons in an easily accessible place for a period of not less than five years, the first two years in an appropriate office of the investment adviser.
The Financial Industry Regulatory Authority (FINRA) has issued several rules around the written procedures and supervisory systems that financial firms (primarily broker-dealers) must establish to monitor their communications.
Rule 3310(a) | Each member shall establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations.
Rule 3310(b)(1) | Each member shall establish, maintain, and enforce written procedures to supervise the types of business in which it engages and the activities of its associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.
Rule 3110(b)(4) | The supervisory procedures shall include procedures for the review of incoming and outgoing written (including electronic) correspondence and internal communications relating to the member’s investment banking or securities business and must require the review of:
(A) Incoming and outgoing written (including electronic) correspondence to properly identify and handle in accordance with firm procedures, customer complaints, instructions, funds and securities, and communications that are of a subject matter that require review under FINRA rules and federal securities laws.
(B) Internal communications to properly identify those communications that are of a subject matter that require review under FINRA rules and federal securities laws.
Reviews of correspondence and internal communications must be conducted by a registered principal and must be evidenced in writing, either electronically or on paper.
Supplementary material .07 Evidence of Review of Correspondence and Internal Communications | The evidence of review required in Rule 3110(b)(4) must be chronicled either electronically or on paper and must clearly identify the reviewer, the internal communication or correspondence that was reviewed, the date of review, and the actions taken by the member as a result of any significant regulatory issues identified during the review. Merely opening a communication is not sufficient review.
Rule 3120(a)(1) | Each member shall establish, maintain, and enforce a system of supervisory control policies and procedures that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.