Regulators Rip Records Managers

It's expensive to run afoul of data compliance regulations

October 14, 2006

4 Min Read
Network Computing logo

Enforcement agents in financial services are aggressively pursuing firms to make sure that electronic records, including email, are adequately managed. And they're showing no mercy.

The last few weeks have produced a cornucopia of fines and sanctions for companies caught with their electronic pants down. Here's a sampling (all emphasis added):

  • October 4: National Association of Securities Dealers (NASD) fined New York's Oppenheimer & Co. Inc. $800,000 for what it calls "failures to respond to regulatory requests for information; failures to report, or to report timely and accurately, thousands of municipal securities transactions, and failure to retain business-related internal email."

  • Sept. 19: NASD announces the imposition of separate $5 million fines on three companies owned by MetLife -- MetLife Securities Inc. (MSI) of New York, New England Securities Inc. (NES) of Boston, and Walnut Street Securities Inc. (WSS) of St. Louis -- "for providing inaccurate and misleading information to NASD, allowing late trading of mutual funds, failing to produce e-mails in a timely fashion and other conduct that violates NASD's rules."

  • Sept. 13: Wachovia Corp. is fined $600,000 by New York Stock Exchange (NYSE) Regulatory Inc. for failing to meet email retention rules from 1999 through April 2006. In the NYSE's words, Wachovia "failed to provide for the review and/or retention of certain e-mail communications as required by NYSE Rules and the federal securities laws, on both operational and supervisory levels." What's more, the firm failed "to appropriately monitor or supervise" the process of backing up emails, and to "take due care to ensure that certain records could be retrieved. With regard to certain e-mail and instant messaging systems, the firm failed to review such electronic communications."

Despite all this, it's not clear that the message to better manage email is getting across to IT managers. In a recent AIIM survey profiled by Byte and Switch, just 17 percent of 1,043 respondents -- of which 14 percent work for financial or insurance companies -- reported they "use a product to search across e-mail systems and archives to fulfill compliance requirements or legal discovery demands." A full 61 percent said they don't use anything like the tack described. (See Email Looms as IT Threat.)

And in a July 2006 study commissioned by Iron Mountain and email filtering software maker Orchestria, 61.4 percent of 533 IT managers polled answered "No" when asked whether they "have a way of efficiently identifying different types of email within your archive." (See Stop That Email!) In the same survey, even though 82 percent of respondents claimed receive fewer than 25 requests to dig up historical emails annually from regulators or their own companies, 64.5 percent said external or regulatory pressures are their top concern for 2007 regarding archiving electronic records.

The ongoing problem is also reflected in a slew of disciplinary actions that haven't made the headlines this past year. In some cases, the wording of the judgments -- in which the accused companies admitted no wrongdoing -- show the level of scrutiny NASD is using:

  • A.C.R. Securities of Cedarhurst, N.Y. -- fined $10,000 by NASD in September.

  • Keating Securities LLC of Greenwood Village, Colo. -- fined $25,000 by NASD in September, after work done on its email backup system prevented emails from being saved.

  • Salomon Grey and Rowe of Texas -- expelled from NASD in part for failure "to maintain electronic communications in violation of ... federal securities laws." The firm was also criticized for failing to "enforce the provisions that prohibited use of non-corporate email accounts for securities-related communications."

  • NYLife Securities of New York City -- fined $150,000 by NASD in July 2006. In this case, the president of the firm must "testify on a periodic basis, for a year and a half, that the firm is retaining electronic communications."

  • Desjardins Securities Int'l Inc. of Montreal -- fined $130,000 in May 2006 for failing to "maintain and preserve all email and instant messaging communications required by SEC rule 17a-4."

  • Diversified Investors Securities of Purchase, N.Y. -- fined $2.2 million by NASD in March 2006.

  • Tejas Securities Group Inc. of Austin, Texas -- fined $225,000 by NASD in February 2006 for failing "to provide notification of retention of electronic correspondence by means of electronic storage media."

While it's not exactly clear that NASD and other bodies are issuing more penalties for email management flaws than they were a couple of years ago, there has certainly been more attention paid to the issue this last while.

Things aren't going to get easier, either. In December, the U.S. Federal Rules of Civil Procedure are set to change, a move that could put IT pros under even more pressure to get their email -- and messaging -- archives in order. (See Retention Rules Set to Change.)

Mary Jander, Site Editor, Byte and Switch

  • Iron Mountain Inc. (NYSE: IRM)

  • Orchestria Corp.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights