FINRA fined 12 firms a total of $14.4 Million (including individual fines of $4 Million, $3.5 Million and $2 Million) for failing to retain electronic records in the proper format. FINRA charges that, over extended time periods, the firms failed to maintain required broker-dealer and customer records in “write once, read many” (aka WORM) format as required by Rule 17a-4(f)(2)(ii)(a) (BD records must be preserved “exclusively in a non-rewriteable, non-erasable format”). FINRA asserts that retaining records in WORM format protects such records from cyber-crimes. FINRA maintains that the failures affected hundreds of millions of records “spanning multiple systems and categories.” FINRA’s Enforcement Chief empasized “FINRA’s focus on ensuring that firms maintain accurate, complete and adequately protected electronic records.”
OUR TAKE: These are significant fines for IT breakdowns in the absence of further allegations of customer harm or a specific hacking incident. Operations professionals should work with their IT teams and compli-pros to ensure that records retention follows regulatory requirements.