Scottrade, Inc. agreed to pay $2.6 million to the Financial Industry Regulatory Authority to resolve charges brought by FINRA that, from January 30, 2011, through January 29, 2014, the firm did not retain certain records in a non-rewritable and non-reversible format – known as Write-One, Read-Many or WORM – required by a rule of the Securities and Exchange Commission. The records included suspicious activity reports, written supervisory procedures, tax forms and certain customer account statements, among other documents. According to FINRA, during the relevant time, Scottrade personnel saved relevant documents in a restricted shared drive that was not WORM-compliant. The firm did not have a centralized department to ensure that all departments “followed a consistent document retention process, fully compliant with record retention rules,” said FINRA. FINRA also alleged that, from September 1, 2011, through September 1, 2014, Scottrade did not keep over 160 million mass marketing emails transmitted by third parties on its behalf; did not have an adequate supervisory system to ensure its compliance with the SEC’s record-keeping requirements; and, between May 30 and August 17, 2012, did not report nine customer complaints for damages in excess of US $25,000, as required. In accepting Scottrade’s offer of settlement, FINRA acknowledged the firm’s cooperation in self-reporting its document retention and preservation issues and undertaking a review of its relevant supervisory procedures.

Compliance Weeds: Both the Securities and Exchange Commission and the Commodity Futures Trading Commission have strict rules regarding the electronic storage of mandatory records, including retention periods. These rules – which generally apply to all SEC brokers, dealers and exchange members, and all CFTC registrants – specify the format in which such documents must be kept (WORM format); back-up requirements; written operational procedures and control requirements; how information in such documents may have to be produced; and how compliance with SEC and CFTC requirements must be back-stopped through use of mandatory technical consultants. Certain required records must always be retained in native format even if also maintained electronically. Registrants periodically should double-check to ensure there are no gaps in their document retention process prompted by new, amended or discontinued businesses or processes.