Vedder Price

Vedder Thinking | Articles SEC Focus on Recordkeeping Obligations Continues: Regulated Entities Face Enhanced Scrutiny


Reader View

On June 22, 2023, a wholly owned broker-dealer subsidiary of a large Wall Street bank agreed to pay a civil money penalty of $4 million to settle Securities and Exchange Commission (“SEC”) charges arising from a failure to properly maintain electronic communications for the required retention period in violation of the Securities Exchange Act of 1934 (“Exchange Act”).  

The announcement comes on the heels of recent high-profile settlements involving so-called “off-channel” communications by employees of registered entities and underscores the SEC’s continued focus on enforcing recordkeeping requirements.  Just last month, the SEC agreed to settle charges with two additional financial institutions for failing to preserve certain off-channel communications, including text messages and messaging platforms, such as WhatsApp, regarding the firms’ business matters in violation of Sections 17(a) and 15(b)(4)(E) of the Exchange Act.  Pursuant to the settlement agreements, after self-reporting the recordkeeping failures to the SEC and engaging in remedial actions, the two large banks agreed to pay over $22 million total in civil money penalties.  

Gurbir Grewal, Director of the SEC’s Division of Enforcement, recently stated that settlements of this nature “should not only remind firms of the importance of following SEC recordkeeping requirements, but also the value of disclosing violations when they do occur.”  

I. SEC Continues to Pursue Enforcement Actions for Off-Channel Communications

The June 22, 2023 SEC settlement with a broker-dealer concerning its failure to properly preserve electronic communications is the latest example in a line of recordkeeping violation enforcement actions that began roughly two and a half years ago.  In December 2021, the SEC announced its first high-profile settlement concerning a large Wall Street firm’s failure to properly preserve off-channel communications.  The firm agreed to pay a $200 million civil money penalty after admitting that its senior supervisors, managing directors, and senior-level employees routinely utilized nonapproved communication methods to discuss business matters.  The Wall Street firm informed the SEC that it was aware of its employees’ frequent use of unapproved communications methods, despite the fact that the firm’s policies and procedures that prohibited such practices.  Due to a failure to adhere to its recordkeeping obligations under the Exchange Act, the firm was unable to collect or produce various business communications requested during the SEC’s investigation.  In addition to admitting the violations, the settlement required the firm to retain a compliance consultant to conduct a comprehensive review of the firm’s policies and procedures relating to the retention of electronic communications found on personal devices and the firm’s framework for addressing noncompliance by its employees with those policies and procedures.    

In September 2022, the SEC and 15 broker-dealers and one affiliated investment adviser settled similar recordkeeping charges for a combined $1.1 billion in civil penalties.  The SEC found that the 16 firms routinely communicated about business matters using personal devices that did not maintain or preserve the substantial majority of the off-channel communications.  Moreover, the settlements required that the various firms admit the securities law violations and agree to retain compliance consultants to conduct comprehensive reviews of the policies and procedures concerning off-channel communications.  The Commodity Futures Trading Commission also announced settlements with these same firms for similar conduct, which resulted in an additional $710 million in penalties.

Most recently, in May 2023, the SEC reached a settlement with two financial institutions for failing to properly preserve off-channel communications.  Despite proactively conducting an internal investigation concerning the effectiveness of their recordkeeping policies, and self-reporting all violations to the SEC, the two banks were assessed civil money penalties totaling approximately $22.7 million.  Moreover, both parties were required to admit to violations of federal securities laws and agreed to retain compliance consultants to conduct comprehensive reviews of policies and procedures relating to the retention of electronic communications on personal devices and the frameworks for addressing noncompliance by any employees.  According to the SEC, the settlement agreements reflected reduced penalties in exchange for the financial institutions’ self-reports and cooperation.

II. Latest SEC Enforcement Action Underscores the SEC’s Focus on Recordkeeping Obligations 

In the June 22, 2023 settlement, the SEC found the broker-dealer firm failed to properly preserve communications in thousands of electronic mailboxes, in direct violation of recordkeeping requirements under Section 17(a) of the Exchange Act and Rule 17a-4(b)(4) thereunder.  Specifically, while attempting to delete communications that fell outside of the retention period, a vendor engaged by the broker-dealer failed to apply the firm’s default retention settings, which would have prevented the permanent deletion of records still within the retention period.  As a result of this error, approximately 47 million communications from the retention period were permanently deleted and not recoverable.  The settlement order noted that, although there were eight ongoing SEC investigations involving the firm, the broker-dealer notified just one of the SEC’s investigative teams that the firm’s subpoena responses had been compromised by this deletion.  As part of the settlement order, the broker-dealer agreed to pay a $4 million civil money penalty.

III. Key Takeaway: Regulatory Scrutiny of Recordkeeping Obligations Shows No Sign of Abating

The latest settlements reflect the SEC’s sustained efforts to enforce recordkeeping requirements over the past few years.  In the event of a violation, regulated entities face significant civil money penalties, as well as other sanctions, including but not limited to admission of wrongdoing and the requirement for a compliance consultant to oversee ongoing remedial efforts.   Given the highly publicized focus on recordkeeping violations, regulated entities would be well served to evaluate their current policies and procedures to ensure compliance with all recordkeeping requirements and to evaluate potential self-reporting of any known deficiencies. 


Jason B. Sobelman


Brooke E. Conner