The Financial Industry Regulatory Authority (FINRA) has issued a fine to a member firm for failure to “preserve and review over 1.25 million business-related electronic communications” – the “vast majority of which” were marketing emails sent directly to audiences.
This fine has combined elements of two risk areas that firms are navigating – recordkeeping regulations and marketing communications. With increasing expectations that firms retain records of their marketing communications, and that those communications be fair and balanced, how can compliance and marketing teams ensure they’re on the right side of regulators and risk?
Missed the mass marketing mark
On April 1, 2024, FINRA announced that it had fined H2C Securities $250,000 and issued a censure for failures in its recordkeeping regime:
“From at least January 2013 to June 2021, H2C Securities failed to preserve and review over 1.25 million business-related electronic communications on four platforms, the vast majority of which were mass marketing emails.”
Alongside the mass marketing emails, H2C Securities failed to retain adequate records of “internal and external emails, instant messages … and documents requiring customer’s electronic signatures.” The ruling summarizes that during the period:
“The firm’s supervisory system, including written supervisory procedures, was not reasonably designed to achieve compliance with the firm’s obligation to capture, retain, and review communications sent or received using these electronic communication platforms.”
This failure of the firm’s supervisory procedures meant that it violated several rules around recordkeeping, including:
- Securities and Exchange Commission (SEC) Rule 17a-4 – Requiring firms to maintain records of communications using an Electronic Recordkeeping System (ERS) that preserves electronic records in a manner that permits the recreation of an original record if modified or deleted
- FINRA Rule 3110 – Requiring firms to establish and maintain a system to properly supervise the activities of their associated persons
- FINRA Rule 4511 – Requires firms to create and maintain legible, true, accurate, and complete records in a required format for a specified length of time
- FINRA Rule 2010 – Requiring firms to exhibit high standards of commercial honor and to uphold respectable, ethical business practices that prioritize integrity and fairness in the financial sector
By not keeping full records of the communications, H2C Securities did not meet requirements that firms “preserve, for a period of at least three years the originals of all communications received, and copies of all communications sent” related to their business. While the firm has since retrieved some of the communications sent, it was unable to recover most of them.
Following the (Marketing) Rule
This case is another example of the ongoing regulatory crackdown around recordkeeping, something we have seen multiple times over the last few years. Enforcements for recordkeeping failures were the driving force behind the SEC’s “war on WhatsApp.” But this FINRA actions has also encompassed an area of business communications we have seen regulatory expectations sharply increase: marketing communications.
In September 2023, the SEC raised charges against nine registered investment advisors using its Marketing Rule. The charges (and accompanying $850,000 in fines) resulted from the firms advertising “hypothetical performance to the general public on their websites.” Interestingly, the SEC ruling also highlighted that two of the charged firms violated the Marketing Rule because they failed to keep records of their advertisements. A risk alert regarding the Rule states:
“Advisers Act Rule 204-2 (Books and Records Rule), as amended, will require investment advisers to make and keep certain records, such as records of all advertisements they disseminate, including certain internal working papers, performance related information, and documentation for oral advertisements, testimonials, and endorsements.”
A prior SEC statement on updates to requirements for ERS systems underlined the regulator’s stance on recordkeeping:
“Recordkeeping is not an especially flashy topic. However, for regulators, a robust recordkeeping regime is fundamental to our ability to oversee our regulated entities. Without accurate and complete records, it is difficult or impossible to assess compliance with our rules.”
Firms need to ensure that their marketing communications are compliant both with recordkeeping rules and, increasingly, with initiatives like the SEC’s Marketing Rule that place onus on the messaging in marketing materials being fair and representative – a baton regulators worldwide are picking up and running with.
Playing fair
Regulators across the financial space are setting an increasingly high bar around how firms market their services and products, specifically via channels like social media and email marketing. Regulations, including FINRA Rule 2010 and the SEC’s Marketing Rule, place heavy emphasis on the concept of “fairness,” with FINRA’s rule setting our expectations around “high commercial honor” and “ethical business practices that prioritize integrity and fairness.” We have seen a mounting number of recent regulatory actions and statements amplifying the messaging that firms need to play fair when it comes to marketing messaging.
- FINRA vs. Finfluencers – On
- Not about the likes, but the law – The Financial Conduct Authority (FCA) has also set out clear expectations around firms’ marketing and social media practices. On March 26, 2024, the regulator issued a statement giving influencers guidance on its expectations around social media advertising. The FCA requires “any marketing for financial products must be fair, clear, and not misleading.” Lucy Castledine, Director of Consumer Investments at the FCA, stated that “promotions aren’t just about the likes, they’re about the law” and confirming the regulator would pursue “those touting financial products illegally.” The FCA has also emphasized that firms wishing to promote cryptoassets in the U.K. must ensure promotions are “clear, fair, and not misleading, [and] labelled with prominent risk warnings.”
- Cleaning up AI washing and fraud – The SEC has also made inroads into enforcements around social media messages and advertising. On February 27, 2024, the regulator charged Paul A. Pereira, former CEO and co-founder of Alfi Inc., with “making materially false and misleading statements on social media about the company’s financial and performance metrics in an attempt to boost the … company’s stock price.” The case “demonstrates the SEC’s commitment to holding officers of public companies accountable when they violate their legal obligation of candor and fair and full disclosure to investors.” On March 26, 2024, the SEC announced settlements with two firms over “AI washing,” where the firms had made “false and misleading statements about their purported use of artificial intelligence,” including on their websites
When it comes to marketing communications, whether distributed by email or social media channels, it’s clear that firms need to make sure their communications are captured, recorded, and that those communications are fair and representative. Firms should have high expectations that risk is managed by both their marketing and compliance teams – because regulators certainly do.