NYSE Fines Brokerage Firm for Failing to Supervise the Use of Smartphones
NYSE fined a brokerage firm $45,000 for compliance failures including failure to reasonably supervise the use of cell phones by its floor brokers on the NYSE floor.
Violations for the use of mobile phones on the NYSE floor
During the period of March 2018 to August 2019, the firm allowed two of its brokers to utilize their personal smartphones to conduct business on the NYSE floor. While those phones were properly registered pursuant to Rule 36, the firm failed to properly supervise the use of those phones to communicate by means other than phone calls (e.g., text messages, emails, social media applications, etc.).
Additionally, the firm failed to take any steps to prevent anyone calling the two phones in question from using caller ID block or other means to conceal the number from which the call was being made.
NYSE Rule 36.21 permits brokers to utilize cell phones to conduct business on the NYSE floor if they register the phones with the exchange and otherwise comply with the requirements set out in that rule, including applicable books and records and supervision requirements.
NYSE Rule 36.21(c) requires that brokers “must implement procedures designed to deter anyone calling their cellular or wireless phone from using caller ID block or other means to conceal the phone number from which a call is being made. Members and member organizations are required to make and retain records demonstrating compliance with such procedures.” Based on the foregoing, the firm violated NYSE Rule 36.
According to the Letter of Acceptance, Waiver and Consent, the NYSE found that the firm did not:
- Supervise the use of personal smartphones on the NYSE floor
- Establish and maintain written supervisory procedures and a supervisory system reasonably designed to achieve compliance
- Establish, document and maintain a system of risk management controls and supervisory procedures reasonably designed to manage the financial and regulatory risks of its business activity, including in connection with setting and adjusting credit limits and establishing erroneous order controls
- Demonstrate that its credit limits were reasonable based on customers' financial conditions and trading activity
- Monitor trading for potentially manipulative or otherwise violative activity
The firm was found in violation of SEA Rule 15c3-5 ("Risk Management Controls for Brokers or Dealers with Market Access"), NYSE Rule 407A ("Disclosure of All Member Accounts"), NYSE Rule 36 ("Communications between Exchange and Members' Offices") and NYSE Rule 3110 ("Supervision").
Mobile messages are subject to compliance and supervision regulations
The above enforcement action serves as a helpful reminder for firms to ensure text messages or other electronic records are retained in compliance with applicable recordkeeping and supervision requirements. As firms have shifted to remote work and employees use various messaging applications, compliance risk arises.
Firms are beginning to implement archiving technology that can record all smartphone content, including text messages. They can manage compliance by adopting these comprehensive solutions and developing policies and procedures to ensure proper supervision, review and retention. Archiving software solutions reduce risk for brokers and clients, streamline supervision and compliance activities and protect sensitive firm and client data.
FINRA Rule 3110 requires a firm’s supervisory system to provide for the establishment and maintenance of policies and procedures. Firms that have not already done so should implement and periodically review formal written electronic communication policies. As your firm works through creating and maintaining policies and procedures, consider the following:
- Policies and procedures must be tailored to the specific risks of the firm and address all activities in which your firm engages. Policies should be appropriate for the size and structure of the firm’s business
- Policies and procedures should set forth standards for devices and applications that may be used so all communications can be retained and supervised
- Permissible messaging applications must allow message retention
- Policies and procedures should be updated to reflect regulatory changes, as well as changes made to the supervisory process
- FINRA recommends that firms adopt a combination of lexicon and random review of electronic correspondence
- A manual internal review process is recommended
- All applicable departments should be involved in the creation of the firm’s written electronic policy (management, IT, legal, compliance, marketing, operations, trading)
- All policies and procedures must specify basic parameters for reviewing electronic communications. There is no prescribed formula for determining how many emails to review, but enough should be reviewed for an advisor to be able to defend it as reasonable. Policies and procedures are not required to specify exact percentages or quantities to review
- The most important takeaway is to review as many messages as are specified by the firm’s policies. If the policies call for a review of four percent of all emails each month, reviewing only two percent in a quarter is missing the mark
It’s critical that your firm review its current written electronic communication retention and supervision policies to ensure those policies keep up with the pace of technology.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US