Author: Sonia Chowdhury
10 January 2024
Books and records are integral to not only ensuring compliance of individual firms but for upholding the integrity of the financial markets overall. They ensure transparency, facilitate audits, and help prevent financial misconduct or fraud. Therefore, how they are maintained, stored, and archived by financial services professionals is increasingly becoming a priority to regulators.
This blog explores the books and records requirements of key regulators, as well as what brokers, banks, and investment firms need to know to ensure their books and records are compliant.
Books and records compliance requirements by geography and business type
What are the challenges firms face in books and records compliance?
Books and records compliance requirements refer to the legal obligations imposed on businesses and organizations to maintain accurate and complete financial records and documentation of their activities. These requirements vary by jurisdiction and industry but generally involve keeping records of financial transactions, contracts, invoices, tax filings, and other relevant documents for a specified period.
The Securities and Exchange Commission (SEC) defines “Books and Records” as “all books and records, ledgers, employee records, customer lists, files, correspondence, and other records of every kind (whether written, electronic, or otherwise embodied) owned or used by a person, or in which a person’s assets, the business, or its transactions are otherwise reflected…”.
Books and records are critically important for several reasons. Firstly, they are essential for regulatory audits, ensuring that businesses comply with financial regulations. These records must be captured and stored for specified periods, readily accessible to regulators when needed.
Record keeping is fundamental for meeting various other regulatory requirements related to monitoring and surveillance, which in turn, optimize business processes and functions. Maintaining comprehensive data oversight can enable firms to establish a universal data governance system. A universal data governance system aims to break down data silos, improve data quality and consistency, enhance data security, and promote a culture of responsible data management throughout the organization.
The significance of books and records was highlighted prominently after the 2008 financial crisis. Regulators recognized that robust record keeping plays a pivotal role in safeguarding financial markets by identifying and addressing suspicious activities, prompting the implementation of financial regulations aimed at preserving the integrity of these markets. Consequently, ensuring books and records compliance is fundamental for firms to meet the demands of global regulations, which are designed to enhance transparency and stability in the financial industry.
Books and records compliance requirements can vary significantly depending on the jurisdiction, industry, and type of organization.
North America |
UK/Europe |
The SEC oversees financial markets in the United States and has specific regulations related to record-keeping and reporting for publicly traded companies. | ESMA is responsible for securities regulation in the EU and provides guidelines on record-keeping and reporting for financial institutions. |
FINRA regulates the securities industry and has rules regarding record-keeping for broker-dealers and investment firms. | MiFID II is a comprehensive EU regulation governing investment services and activities, including record-keeping requirements for financial firms. |
The CFTC regulates the derivatives and commodities markets in the U.S., including record-keeping requirements for market participants. | GDPR, while primarily focused on data protection, also includes provisions related to the handling and retention of personal data, which can impact record-keeping practices. |
IIROC sets regulations and standards for investment dealers and trading activities in Canada. |
FINRA and the SEC
Books and records requirements continue to be a top priority for regulating bodies such as FINRA and the SEC. In FINRA's recently released 2024 Annual Regulatory Oversight Report, the North American regulator dedicated an entire section to the obligations and considerations firms should be conscious of when managing their books and records.
FINRA and SEC-enforced rules 17a-3 and 17a-4 of the Securities Exchange Act (SEA) specify the minimum requirements with respect to the records that broker-dealers must make, how long these records and other documents relating to a broker-dealer’s business must be kept for, and in what format they may be kept.
SEA Rule 17a-3 requires broker-dealers to retain records for a period of between three and six years, with SEA Rule 17a-4 requiring broker-dealers to retain them for a period of three years. Notably, the enforcement currently being prioritized by North American regulators is Rule 17a-4(f), which explicitly states the requirements of preserving electronically stored records in a tamper-proof, non-rewritable, non-erasable format.
A comprehensive list of records required to be preserved, as well as the specific details to be included in each, can be found here.
CFTC
CFTC’s Rule 17 CFR §1.31 requires broker-dealers trading in futures to maintain all regulatory records for a period of five years (with readily available access for the first two years), in a form and manner that ensures the authenticity and reliability of such records.
If the records are maintained electronically, appropriate systems and controls that ensure the authenticity and reliability of the electronic regulatory records need to be established. These include systems that maintain the security, signature, and data of the records and ensure the availability of such regulatory records in the event of an emergency or disruption.
IIROC
IIROC Content of Books and Records Rule 3800 states that “maintaining complete and accurate records is a fundamental responsibility of a Dealer Member. A Dealer Member’s records provide an audit trail to support the Dealer Member’s supervision of its business and are necessary to prepare regulatory financial reports and to report accurately to clients.”
Books and records compliance requirements are of particular importance to banks in the United States, where comprehensive regulatory frameworks are in place to safeguard financial institutions and customer data. The Gramm-Leach-Bliley Act (GLBA), requires banks “to have secure access controls for protecting information storage and email retention periods of six years” in order to demonstrate that private information is securely stored in line with the Act’s requirements.
Under CFR Title 12: Banks and Banking, records of domestic and international funds transfers by insured depository institutions need to be retained for a period of five years. Alternatively, they must be filed, or stored in such a way as to be accessible within a reasonable period of time, taking into consideration the nature of the record and the amount of time that has expired since the record was made. This is to ensure compliance within agencies who deem such records as having a “high degree of usefulness in criminal, tax, or regulatory investigations or proceedings.”
Investment firms, such as hedge funds, are required to follow additional, more specific regulations, such as the SEC’s Investment Advisers Act and the Hedge Fund Transparency Act.
Specifically set out by the SEC for investment advisers, the Investment Advisers Act Rule 204-2 (“Books and Records Rule”), requires investment advisers to make and keep certain books and records relating to their investment advisory business, including:
To comply with the Hedge Fund Transparency Act, hedge funds are required to maintain such books and records that the SEC would require, as laid out in the above Rule 204-2.
For Canadian investment firms, the IIROC requirements stipulated under Rule 3800 still apply, as rules applicable to “Dealer Members” extend to “Dealer Member firms” as well. Similarly, the requirements of CFTC Rule 17 CFR §1.31 also apply to investment firms dealing in commodity futures trading.
Firms encounter a multitude of challenges in achieving books and records compliance. SteelEye’s 2023 Annual Compliance Health Check Report revealed that the biggest challenge that 62% of UK firms deal with pertain to data management.
This data management debacle is only aggravated by growing data volumes and outdated legacy systems that are no longer fit for purpose in today’s regulatory landscape. Furthermore, a firm’s asset class, business type, or geographical region can further impact their data management systems and continue to deepen their data silos.
These challenges encompass the intricate tasks of integrating communications and trades and streamlining structured and unstructured data into a consolidated and normalized format. The situation is further exacerbated by the continual growth in data volumes and the persistence of outdated legacy systems that are no longer suited for the modern regulatory landscape. A single system makes recording keeping, and therefore compliance, easier. Not to mention the fact that a unified approach is necessary for future-proofing compliance. While adopting a unified system for record keeping holds the promise of simplifying compliance efforts, it remains far from standard practice in most firms. However, the urgency of such a system cannot be overstated, as it is essential not only for immediate compliance but also for safeguarding firms against evolving regulations and the increasing complexity of data management.
Books and records are integral to not only ensuring compliance of individual firms but for upholding the integrity of the financial markets overall. Moreover, they provide crucial insights for brokers, banks, and investment firms alike. While the specific compliance requirements set forth by key regulatory bodies for different segments of the financial industry vary in detail, they share the common objective of maintaining accurate and accessible records. It is evident that while adopting unified systems for record keeping can significantly ease firms' compliance efforts, this practice is not yet commonplace among most firms. Nevertheless, it is clear that there must be a sense of urgency for the modernization of systems, not only for immediate compliance but also for future-proofing against evolving regulations and data complexities. In a world where data is paramount, embracing efficient record keeping practices becomes imperative for financial institutions.
SteelEye is a RegTech solution provider with a unique approach to bringing structured and unstructured data together. Awarded the Best Integrated Surveillance Firm by With Intelligence in the 2023 HFM US Services Awards, we know the importance of data for regulatory compliance and have developed the technology to make record keeping and data oversight as efficient as possible.
Our integrated compliance platform enables effective record keeping and data oversight while providing you with the intelligent insights needed to identify and address risk and future proof your compliance processes.
Achieve books and records compliance with solutions from SteelEye
About
LOCATIONS
United Kingdom - 5th Floor, 55 Strand, London, WC2N 5LR
United States - 600 Fifth Avenue, New York, NY 10020
Singapore - 600 North Bridge Road #23-01 Parkview Square Singapore 188778
Portugal - Av. da Liberdade 747 1ºD, 4710-251 Braga
India - No. 613, 12th Main, HAL 2nd Stage, Bangalore - 560008
STEELEYE LIMITED, A COMPANY REGISTERED IN ENGLAND AND WALES WITH COMPANY NUMBER: 10581067, VAT NUMBER: 260818307 AND REGISTERED ADDRESS AT 55 STRAND, LONDON, WC2N 5LR.