Broker-dealers, including principal underwriters of insurance products, may retain required records in electronic format, subject to satisfaction of longstanding conditions. One such condition is that the records must be preserved "exclusively in a non-rewritable, non-erasable format." This condition is often referred to as "write once, read many" or "WORM."
The WORM requirement was designed to ensure that electronic records are capable of being accurately reproduced for later reference, thus addressing, among other things, SEC enforcement concerns with unscrupulous broker-dealers who improperly alter or destroy records — such as order tickets and other transactional records — to conceal fraudulent activities.
In late 2016, FINRA announced that it fined 12 firms — including some prominent industry names — a total of $14.4 million for not maintaining electronic records in WORM format. In addition to finding that the 12 firms had WORM deficiencies that affected "millions of records," FINRA found that each of the firms had procedural and supervisory deficiencies affecting the firm's ability to adequately retain and preserve electronic records. In settling the actions, the firms neither admitted nor denied the charges, but consented to FINRA's findings.
In its 2017 regulatory and examination priorities letter, FINRA also announced that it will continue to assess firms' programs to mitigate risks related to cybersecurity and electronic recordkeeping, including compliance with WORM requirements by vendor-provided email review and retention services.
The recent fines levied by FINRA suggest more than isolated instances of non-compliance within the broker-dealer community, and other firms would be well advised to review their own WORM compliance, if they have not done so recently.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
