Show
The mortgage industry has very specific regulations around the recordkeeping requirements for advertising materials, including brochures, business cards, and even social media. That can be a daunting task for any mortgage lender when loan officers are their own marketing departments on social media, but ActiveComply automates this process for lender partners. See the state-by-state requirements below:
Written by SteelEye | Feb 9, 2022 9:06:54 PM
As regulators continue to put pressure on financial firms to maintain robust record keeping processes, it is vital to be aware of your regulatory obligations and ensure that your firm has the tools at its disposal to remain compliant. In this blog, we explore communications record keeping compliance in North America, including the key books and records requirements, the risks of getting compliance wrong, and the next generation tech solutions that can help you meet your regulatory record keeping obligations. Topics covered: Why robust communications record keeping is importantRobust record keeping is a key pillar of compliance. From record retention and archiving to retrieval and auditing, global regulatory directives stipulate the processes that organizations must follow to store their records. These requirements (often referred to as Books and Records rules) are intended, in part, to provide regulators with the ability to access and review business records so that they can effectively oversee the financial markets. Record keeping data is used by regulators to identify and investigate any potentially fraudulent activity, market abuse or other forms of financial crime. Generally, the record keeping rules require firms to securely archive and store their data, including communications (such as emails, messaging, meeting notes and, in some jurisdictions, phone conversations) and monitor their books and records to identify potential malpractice. The push for greater transparency in financial servicesThe SEC, FINRA, IIROC and new regulations under Dodd-Frank have introduced increasingly stringent rules around the requirement for tamper-proof books and records retention in a push to increase transparency and reduce the likelihood of another financial crash like the one in 2008. Who governs the North American Financial Services markets and ensures compliance with Books and Records requirements?In the U.S., the Securities and Exchange Commission (SEC) - a government organization set to protect investors and ensure the integrity of the securities market - governs the books and records retention requirements and wider financial services compliance rules. The SEC was established after the great stock market crash in 1929, following the implementation of two major securities laws in the US; the Securities Act of 1933 and the Securities Exchange Act of 1934. Another key regulatory body in the U.S. is the Financial Industry Regulatory Authority (FINRA), which handles the licensing and regulation of broker-dealers. Although it has regulatory powers, FINRA (which is overseen by the SEC) is not part of the government. It is the largest self-regulatory organization in the securities industry within the U.S. In Canada, Securities commissions in each jurisdiction combined with self-regulatory organizations oversee the investment industry to protect investors. The self-regulated organization, Mutual Fund Dealers Association of Canada (MFDA), regulates certain mutual fund dealers in Canada through regulatory standards, compliance audits, investigations and enforcement actions. There is also the Investment Industry Regulatory Organization of Canada (IIROC), which regulates all investment dealers. IIROC carries out its regulatory responsibilities through setting and enforcing rules regarding the proficiency, business and financial conduct of Canadian investment dealer firms. Several acts and regulations play into the overall data retention, archiving and record keeping compliance rules for North America, with various intricacies and reams of legislative text. Let’s take a look at the key things you need to know. The key rules around communications and record keeping in North AmericaThere are rules and regulations across the globe for communications record keeping compliance that apply to financial firms, but these vary slightly in different countries and regions around the world. In this section, we look at the key rules and considerations for North American firms, in particular books and records retention requirements for communications. Required format for the storage of communications recordsIn the U.S. and Canada, communications and record keeping rules require that communications must be recorded in a written or electronic format. Data must be stored for a fixed period in a secure environment, and should be in an immutable, tamper-proof, Write Once, Read Many (WORM) format. Key components of WORM storage include:
What forms of communications are required to be captured and archived?Today, firms carry out communications in various ways and mediums. Communications that need to be captured and archived include the following forms:
For dedicated information and insights on eComms and vComms archiving, read our article: Record Keeping – All you need to know about eComms & vComms archiving. What are the main rules and how long do firms need to keep communications records?What are the key rules around communications record retention in the U.S.?In the United States, communications records must be kept for up to 7 years, but the retention period varies according to certain factors.
What are the key rules around communications record retention in the Canada?In Canada, financial entities must retain communications records for a minimum of 5 years, in accordance with IIROC rules including:
How do firms demonstre record keeping compliance for auditing and retrieval purposes?The most important thing is that financial firms ensure the quality and legibility of all required communications records related to regulated activities. Firms, auditors and regulators must be able to decipher the content from conversations that are captured and archived. Here are some of the things to be aware of:
SteelEye's Record Keeping Factsheet Key challenges for firms in meeting Communications record keeping compliance obligationsThe wide range of communication channels and formats available today has made the job of recording and storing employee communications much more challenging. This is especially true in the wake of the Covid-19 pandemic which caused an increased use of instant messaging platforms like WhatsApp, Signal and Telegram. Covid-19, remote working and changing behavioursThe global pandemic has forced a shift in working conditions, behaviors and how interactions between financial firms, institutions and clients are operated. This has presented both challenges and opportunities. However, for communications and record keeping compliance, it has meant additional pressure. Off-premise communicationsCapturing, monitoring and arching communications data is now a trickier proposition. As the pandemic hit, certain record keeping solutions were not able to capture staff communications taking place at off-premise locations. Initially, this meant that many firms had to find new and often manual ways of ensuring that communications are tracked and logged. New channels emergingThe fast pace of technological change and introduction of remote working has resulted in a wealth of new communications channels being used to engage with clients, colleagues and partners. This has created complexities around integrating additional data channels or using corporate policies to ban the use of specific communications platforms. Increased riskWith communications carried out off-premises and via new channels, there is a greater level of risk of something falling through the cracks and not being recorded properly. Plus, detecting potential market abuse can be more difficult as the volume of data that needs to be recorded increases. Unstructured data and silosA big challenge for firms meeting record keeping compliance requirements is the time and resources needed for recording, managing and monitoring communications data. This is because communications data is unstructured, meaning that one piece of data looks very difficult from another. Legacy systems and processes are not well equipped to handle unstructured pieces of information, such as voice calls and text messages, and have therefore historically led to data silos, time-consuming manual workflows and difficulties consolidating data from different sources. Regulatory changeIn the financial services sector, regulatory change is one of the biggest challenges and highest priorities for banks, asset managers and other financial institutions, as updating policies and processes to accommodate changes is a big undertaking. Future-proofing internal systems for regulatory compliance is key. The risks of getting record keeping compliance wrongFalling foul of books and records rules and communications record keeping compliance comes at a cost, both financially and from a reputational perspective. Compliance breaches can be damaging for your brand, whilst hitting your pocket and even leading to criminal prosecution. Compliant record keeping for communications is important for firms who want to:
Increasing regulatory penalties for communications record keeping breachesPenalties for communications record keeping violations in North America depend on the nature and severity of the violation. Fines range from $1000s for one-off incidents and $100,000s for repeated or continued violations, right up to multi-million-dollar penalties. In September 2020, the US Securities and Exchange Commission (SEC) handed a broker-dealer a fine of $100,000 for failing to retain text messages. In December 2021, JP Morgan Securities agreed to pay $125 million to the SEC and $75 million to the Commodity Futures Trading Commission (and other related entities) for violations between January 2018 and November 2020, where the investment management giant failed to preserve communications by employees about their securities business on personal devices, email and other communication platforms and was therefore unable to produce responsive materials. Technology solutions to help firms meet books and records requirementsIt’s important to embrace technology that can empower your firm to meet books and records retention requirements for communications. RegTech software for record keeping and communications surveillance can help firms to streamline books and records compliance and stay up to date with the latest regulations. These solutions provide communications capture and monitoring capabilities, powered by automation, to enable firms to archive records, transcribe voice calls, and translate communications from multiple languages and monitor communications. Cloud-based systems can help with fast retrieval of communications data, storage scalability and greater efficiency and auditability for regulators. Leading cloud providers like AWS provide SEC compliant storage options to allow vendors and financial firms to meet these specific demands. How SteelEye can support North American firms with communications record keeping complianceSteelEye’s Comms Oversight product is a complete communications compliance platform for record keeping, analytics, monitoring and surveillance. Our market-leading platform captures communications data from a wealth of eComms, vComms and traditional channels (consolidating structured and unstructured data) and stores records in a compliant, immutable format, in line with regulations such as FINRA, SEC, IIROC, Dodd-Frank, MAR and MiFID II. So, for firms based in North America, rest assured it can support your compliance needs. Key benefits of SteelEye’s communications records-keeping system and solutions
SteelEye’s compliance tools are suitable for a range of roles and organizations. Our cutting-edge platform simplifies communications capture, archiving, eDiscovery and surveillance. This enables you to save time and money, reduce risks and streamline your record keeping compliance processes. Learn more about our communications record keeping solutions or get in touch with SteelEye to discuss your firm’s needs or book a demo of our award-winning record keeping platform. Book a demo |