Be Proactive About Data Handling
Compliance with FINRA and similar regulations can pose serious challenges to organizations. Understanding and learning to navigate these potential challenges will go a long way in avoiding excess fines for non-compliance.
The numbers are staggering: Last year, the Financial Industry Regulatory Authority (FINRA) brought 1,434 disciplinary actions against registered individuals and firms and levied $176.3 million in fines for non-compliance with its regulations. The agency also ordered $27.9 million in restitution to harmed investors.
Though some of these fines may have been unavoidable, others could likely have been circumvented had the organizations involved been more proactive in their approach to adherence to FINRA’s rules. Such a stance extends to the manner in which data is handled. With a deeper understanding of this issue, companies can increase their potential to steer clear of financial repercussions resulting from FINRA violations. That understanding starts with the answers to four key questions.
- It has been said that the issue of FINRA and FINRA compliance surrounding data creates a real conundrum for financial firms. Why is this so?
Financial firms have seen a marked increase in internet use for conducting investment research and tracking account details, internally and by customers. At the same time, the growing population of “digital natives” (i.e., millennials) who want little or nothing to do with using paper-based systems is establishing a strong presence in the financial products and services markets.
Companies want to cater to this new customer demographic, as well as to better serve all clients, by providing them with both the accurate, personalized real-time information they demand and the tools through which to access it (e.g., social media platforms and online investment calculators, to name a few). At the same time, they want to avoid running afoul of FINRA regulations.
Moreover, unlike the information conveyed by financial entities in printed literature, statements and other traditional communication vehicles shared with existing and prospective customers, this information is dynamic rather than static. Interest rates and other details change often—even by the hour. Calculations and projections vary in accordance with such factors as individual customers’ assets. Other parameters differ by state and country.
- What is entailed in FINRA compliance when it comes to customer interaction and the sharing of information with clients and prospects?
Under FINRA, organizations must be able to furnish proof of exactly what information they have conveyed to customers and prospects at any time, be it investment projections, transaction records, terms and conditions, details of available products and more. FINRA also puts the onus on companies to preserve records of customers’ journeys to making financial decisions on their websites. This includes individuals’ use of online investment calculators, access to terms and conditions and harnessing of any other interactive website features.
Proof of steps taken by analysts to conduct online research—for instance, web searches related to a particular set of possible trades—also must be retained and made accessible to regulators on request.
- What are the most significant steps firms can take to foster FINRA compliance and avoid fines?
The most significant step toward FINRA compliance and fine avoidance includes implementing a solution that enables collection, preservation and retrieval of legally defensible data related to all social media and online interactions on individual screens and web pages. This encompasses interactions that occurred on public-facing platforms and internal collaboration tools, as well as on internal websites. Such a solution should also facilitate the archiving of internal and external emails, and of all documentation pertaining to trades and the research that preceded them.
In addition to supporting FINRA compliance itself, the right archiving solution reduces the cost of compliance by decreasing the time needed to respond to regulators’ demand for information.
It benefits organizations to choose a solution that provide archives in a native format, so every archived replica of documents, platforms, web pages and customer journeys is legally defensible. Such legal defensibility is a cornerstone of FINRA compliance.
- What are other best practices that organizations can implement to decrease the likelihood of violating FINRA regulations and facing subsequent financial repercussions?
Companies can also benefit from being proactive about data management, consistently collecting and archiving new data as it is generated and as it changes, rather than in “fits and starts.” This way, all data that should be gathered and stored will be so, with no inadvertent oversights. Even tools that are provided to customers must be archived with each change. Investment calculators comprise a good example. Analyzing existing archives for any potential FINRA violations is also a good idea.
Following both of these practices not only makes it easier to comply with FINRA rules, it also facilitates cooperation with regulators should an investigation of possible non-compliance be launched.
One final note: Along with financial services companies that are headquartered in Europe, U.S. firms that maintain operations within the European Union (EU) will want to apply at least some of the above technology recommendations to compliance with the Markets in Financial Instruments Directive (MiFID). Applicable across the EU since November 2007, MiFID is a critical element in the EU’s regulation of financial markets. Fines for non-compliance with MiFID can be as steep as those for non-compliance with FINRA regulations.
Kevin Gibson is CEO & Chairman of 
