While the use of email continues to grow, newer forms of messaging and interaction are expanding far faster. Instant messaging, texting, and social networking sites such as Facebook or LinkedIn are rapidly multiplying the ways individuals connect. In the securities industry, they are also providing new ways to interact with customers-and therein lies a problem.

The new communication technologies "will challenge your ability to ensure compliance with regulatory requirements," Rick Ketchum, chairman and CEO of the Financial Industry Regulatory Authority (FINRA), told an October 27 meeting of industry executives. "They raise new regulatory challenges."

For the brokerage industry, ever the early adapter, instant messages "have supplanted email as the primary electronic communication," declares Jeffrey Plotkin, a partner in the New York office of law firm Day Pitney who represents broker-dealers involved in enforcement actions brought by the Securities and Exchange Commission (SEC). "If a trader or broker is not following the firm's guidelines, then those [e-communications] go under the radar."

To address the problem, Ketchum said, FINRA has formed a social networking task force to explore how regulation can deal with new developments in e-communications.

Ever since 2002, when the SEC meted out more than $8 million in fines to Deutsche Bank, Goldman Sachs, Morgan Stanley, Salomon Smith Barney and U.S. Bancorp for failing to archive emails, securities firms have been sensitive to the rules and guidelines requiring them to capture and preserve e-communications.

These include SEC rules, FINRA guidelines, and the U.S. Federal Rules of Civil Procedure (FRCP).

Since 1939, the SEC's Rule 17a-4 has required broker-dealers to preserve communications relating to their business. A 1997 interpretation of this rule requires broker-dealers to retain all emails "which relate to the broker-dealer's 'business as such.'"

NASD Rule 3110 also requires broker-dealers and exchange members to preserve all electronic communications pertaining to the firm's business, in a format that cannot be overwritten or erased, for three years.

On December 1, 2006, changes to the FRCP became effective that require companies to have enterprise-wide policies in place for retaining all electronic communications that may be subject to legal e-Discovery.

In December 2007, NASD successor FINRA issued guidance on review and supervision of electronic communication that makes it "crystal clear," in Plotkin's words, that brokerage firms are required to preserve and review all forms of electronic communication transmitted through employees' handheld devices, including email, Webmail messages, text messages, IMs, and device-to-device messages.

"There is not a single firm that is not aware of the protocols," says Plotkin, an expert on trading abuses. Moreover, he adds, "The compliance industry is so sophisticated that the first question they ask [about a new form of electronic communication] is, 'how can we capture and monitor it?'"

The Rouge Employee

Still, Plotkin is far from sanguine about the state of e-communication capture in the securities industry. "The concern is always going to be the rogue employee," he says. "It is a huge concern."

In many of his cases involving SEC enforcement actions, Plotkin says brokers have their own Web sites, where they can build a social network that is outside the firm's compliance structure. "The lack of personal contact between fraudster and victim has a tendency to escalate [the problem]," he says.

When it comes to insider trading, he says it is "much easier now" for people to spread information to each other electronically: "It will be the same types of fraud, conveyed by different methodologies. There are many more ways people can communicate that are off the radar."

Different financial services companies are taking things at a different pace with respect to capturing and archiving newer forms of e-communication, says Jeff Goldberg, senior analyst at Boston-based research firm Celent. "Whether there are regulations or not, the security of the data is critical," he says. "The problem with email has been when folks have used it informally-information they never would have put in writing. We will definitely have the same problem with IMs."

Goldberg sees two archiving issues: "One, a lot of companies are archiving so it is practically unusable. They are archiving too much so that it is difficult or impossible to retrieve when needed. It's like looking for a specific drop of water in the ocean when you need it." Second, he says, is the problem of those that are not archiving at all and having real-time chats: "That is going to get people in trouble, because the other side is likely keeping a record of it."

Supplier Solutions

Mark Kenney, director of product management at Boston-based IT service provider Eze Castle Integration, says there are two main ways to capture emails, as distinct from IMs. The typical method is to use a functionality called "journaling," which makes a copy of all information that hits an exchange server and puts it in a mailbox to forward to the vendor of choice: "This is the "push" method, in that the client is pushing traffic to the vendor," he says.

In the other, "pull" method, the vendor goes into the mailbox and pulls traffic out of the mailbox and archives it.

IM capture is different, he notes: "You have to insert the solution into the middle of traffic-a piece of IM capture software is constantly running."

Suppliers of software for archiving email include Eze Castle, EMC, Global Relay Communications, Smarsh and LiveOffice. For IM capture, these include FaceTime, Symantec and Ikonix.

Eze Castle's archiving system goes beyond just email. Its Eze Archive service captures a wide range of different types of electronic communications, including e-mail, instant messages, Bloomberg Mail and Bloomberg IM. As archived, it is delivered as a hosted service. That means copies of all the traffic are archived at a data center that is offsite from the client's production environment.

Content management and archiving software firm EMC, known more for its storage hardware, also can suck in and store electronic communications for a user. The Hopkinton, Mass., company's SourceOne document management software allows customers to capture e-communications in multiple formats, including IMs and emails sent from exchange servers and the Internet. SourceOne does not handle blogs and wikis, but to date the firm has seen little demand for archiving these newer forms of communication. "IM is the next hurdle," says Kelly Ferguson, EMC's senior manager for global product marketing. "As far as blogs and other newer media, I do not have a single customer who has any idea what to do about [archiving] it."

Over the Web and Under the Radar: Brokers are saying too much and firms are capturing too little

Selling Via Tweets

"The newer generation of technology must be monitored to meet the regulations," Kenney says. "A tweet can be viewed as sales literature. People post a 140-character tweet that may contain information that should be archived. What was up-and-coming it is now mainstream. Social networking is here to stay, and needs to be recognized as such and addressed in policies and procedures."

Going forward, Kenney says "you will see development of methods to capture the Twitters and blogs." Now, he says, these methods are being developed on a "freeware" basis for disaster recovery: "That will be built upon to enable that information to be archived in a compliant format. You are going to see the functionality to archive tweets and blogs. That is just starting to come into its own."

Meanwhile, Plotkin says that brokerage firms need to be most concerned about text messages from cellphones: "Beefing up [SEC] enforcement will catch more of it, but that is usually after the cows have left the barn. The SEC will not learn about it unless someone brings it to their attention. Then, highly experienced people need to be put in touch points and move quickly. Shoot first, and ask questions later-95 percent of the time, the shot will be accurate."

One spur to action could be a highly publicized legal case, Goldberg thinks: "You are going to see companies whose employees said things in one of these contexts that they should not have said and wind up in court. As soon as that happens, firms will clamp down."

Archiving Mandates

Securities and Exchange Commission

Mandate:Rule 17a-4

Date effective: 1939

Updated: 1997

Applies to: Broker-dealers

Description: Requires broker-dealers to preserve communications relating to their business. The 1997 interpretation requires broker-dealers to retain all emails "which relate to the broker-dealer's 'business as such.'"

NASD (predecessor to the Financial Industry Regulatory Authority)

Mandate: Rule 3110

Date effective: 1939

Applies to: Broker-dealers and exchange members

Description: Must preserve all electronic communications pertaining to the firm's business, in a format that cannot be overwritten or erased, for three years.


Mandate: Guidance

Date effective: December 2007

Applies to: Brokerage firms

Description: Brokerage firms are required to preserve and perform supervisory reviews of all forms of electronic communications transmitted via employees' handheld devices, including including email, Webmail, text messages, instant messages, and device-to-device messages.

U.S. Federal Rules of Civil Procedure

Mandate: Changes pertaining to enterprise-wide retention policies

Date effective: December 2006

Applies to: All companies

Description: Companies must have enterprise-wide retention policies in place for all electronic communications that may be subject to legal eDiscovery.

Source: S.I.N. research

This article can also be found at SecuritiesIndustry.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access