United States Recordkeeping Regulations
Online content—webpages, social media accounts, mobile text messages, and enterprise collaboration content—are governed by the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA).
The SEC defines “social media” as “an umbrella term that encompasses various activities that integrate technology, social interaction, and content creation. Social media may use many technologies, including but not limited to blogs, microblogs, wikis, photos and video sharing, podcasts, social networking, and virtual worlds.”
Based on this definition, financial services organizations need to not only carefully moderate, capture, and preserve content from their websites and official social media accounts, but also from mobile text messages, enterprise collaboration platforms, and even direct messages and private conversations on social media platforms. Rule 17a-3 and 17a-4 outlines the following requirements:
- The retention and preservation of all transactions and official business records—including all communications;
- Store electronic records in a secure, non-erasable location;
- Ensure that original and duplicate copies of electronic records are stored in separate locations;
- Retain these records in line with the appropriate record retention schedules;
- Have records available for independent audits and have an auditing system in place
- Have authentic, current records available for examination by regulators;
- Appoint an independent third party to have access to electronic records for regulatory purposes.
FINRA Regulatory Notices 10-06 and 11-39 similarly state that the nature of the communication channel is not as important as the actual content of the message. Because of this, FINRA recordkeeping regulations apply to online data and demand that all communications be captured and preserved in order to show compliance.
Because of the above regulations, financial services organizations need to capture and archive not only public-facing content on websites and social media channels, but also internal communications on enterprise collaboration platforms, and all text messages containing official communications.
Canadian IIROC Recordkeeping Requirements
In Canada, the Investment Industry Regulatory Organization of Canada (IIROC) has specifically addressed the management and recordkeeping requirements of online data. It has done so in the forms of IIROC Rule 29.7 and Regulatory Notice 11-0349.
When it comes to online data, these two documents state that:
- As with other communications, organizations are expected to retain information that was communicated via online channels in order to comply with recordkeeping regulations;
- Organizations are obligated to monitor and manage online communication channels in the same way it would other forms of communication;
- Policies and procedures have to be put in place that oversee online communications—both in order to meet recordkeeping requirements and to protect the public from misleading statements;
- Third-party communications such as likes and shares could conceivably be considered endorsements. Because of this, it’s important that organizations keep accurate records of all online interactions, including comments and reactions to posts.
In order to adopt best practices related to electronic recordkeeping and ensure that they’re ready for any regulatory audit related to online data, financial services organizations should retain all records related to webpages, social media accounts, enterprise collaboration platforms, and social media text messages.
Pagefreezer assists financial services organizations in tackling the following critical challenges:
Financial Services Recordkeeping Compliance
Financial services regulations demand that online data such as webpages, social media posts, mobile text messages, and enterprise collaboration conversations be captured and preserved to comply with recordkeeping requirements. This data should also be stored in a way that makes it easy to find, search, and export specific content during regulatory audits.
eDiscovery & Litigation Readiness
Website, social media, mobile text, and enterprise collaboration content is increasingly forming part of the eDiscovery and litigation process. Because of this, financial institutions need to be able to capture, preserve, and eventually present this data in a defensible format that complies with legal rules of evidence.
Monitoring and Data Loss Prevention
Website content should be archived and regularly reviewed to ensure that messaging complies with financial industry industry regulations. Similarly, social media accounts should be monitored to ensure that no non-compliant or inaccurate claims are being made to the public, and team communication tools should be monitored for data loss prevention.
Placing Content on Legal Hold
Most organizations have a retention policy in place that outlines exactly how long online data is retained before disposal. But what happens if legal teams need a record to be kept and a retention schedule overridden? How is a social media comment or website record placed on legal hold and preserved for litigation?
Pagefreezer Recordkeeping Solutions
Pagefreezer allows financial services organizations to monitor, collect, and archive the following online data:
See how Pagefreezer can help your organization
Get in touch with us to learn more and see Pagefreezer’s solutions in action.
Subscribe to our Blog
Get targeted Industry news, great tips and valuable insights