Raymond James Financial Services, Inc., agreed to pay a fine of US $2 million to the Financial Industry Regulatory Authority for not maintaining an adequate system to review emails by its registered representatives. According to FINRA, the firm—which relied on a surveillance system that automatically identified emails containing certain preprogrammed words—did not choose words or phrases that would identify potentially problematic conduct in light of the nature of the firm’s business and prior disciplinary action taken against firm employees. Although the firm added and subtracted words over time, FINRA claimed it did so principally to reduce the volume of false positives rather than to ensure it captured all relevant emails. FINRA also claimed that the firm did not maintain adequate personnel and resources to monitor emails and “unreasonably” excluded certain firm personnel from monitoring, including persons in its headquarters office who serviced customer accounts in addition to other activities. The firm also agreed to augment its relevant policies and procedures as part of its settlement, as well as to conduct a select retrospective review of emails to assess potential securities laws violations.

Unrelatedly, JP Morgan Securities LLC consented to pay US $2.8 million to FINRA to resolve allegations that, from March 2008 through June 2016, it failed on occasion to segregate customers’ fully-paid-for foreign and domestic securities in good control locations as required by law. FINRA claimed this error occurred because of “design flaws and coding and data errors” in its computer systems that calculated its possession or control obligations. The systems were apparently legacy systems of Bear Stearns Securities Corporation which JPMS acquired in March 2008 and renamed JP Morgan Clearing Corporation (JPMCC merged with JPMS in October 2016). FINRA claimed that JPMCC did not have a “reasonable process” to ensure its possession and control systems worked properly or procedures to test its segregation process. In resolving this matter, FINRA noted JPMCC’s “extraordinary cooperation” by, among other actions, unilaterally engaging an independent consultant to review its possession or control issues and implementing new tools and systems.

Compliance Weeds: In 2007, FINRA issued helpful guidance regarding the review and supervision of electronic communications (click here). Although intended for FINRA members, the guidance has useful information for all Securities and Exchange Commission- and Commodity Futures Trading Commission-registered entities. In assessing the effectiveness of any lexicon-based automated review system, FINRA recommended that a system include a “meaningful” list of phrases and/or words (including industry jargon) based on the size of the firm, its type of business, its customer base and its location. FINRA suggested that this might necessitate inclusion of foreign language components. Overall, said FINRA, “[t]he lexicon system should be comprehensive enough to yield a meaningful sample of ‘flagged’ communications.” Any system should have the ability to add and delete words or phrases over time, and existing words or phrases should be periodically reviewed for effectiveness. Any system should have the ability to review attachments and identify attachments that might circumvent review, and have the ability to exclude any trailers or disclaimers that routinely include potentially problematic words that should not ordinarily be excluded (e.g., “firm does not guarantee”). Lists of employed words or phrases should be restricted.