The Commodity Futures Trading Commission proposed revised records retention rules that aim to eliminate many existing antiquated requirements and to be “technology neutral” in order to accommodate future advances in recordkeeping technology. Among other things, the revised rules would eliminate the existing requirement that electronic records be maintained in their native file format and preserved exclusively in a non-rewritable, non-erasable format (commonly referred to as write once, read many or “WORM”). Instead, the revised rules would be more principles-based. Generally, regulatory records would be broadly defined to include all books and records required to be maintained by law or CFTC regulation, including all records of any correction or other amendments. For books and records stored electronically, regulatory records would also include data that shows how, when and by whom (if relevant) such “stored information was collected, created, accessed, modified or formatted” (e.g., metadata). Electronic records would have to be maintained in a manner that ensures their reliability and authenticity, and each person required to maintain regulatory records would have to create, put in place and adhere to written policies and procedures “reasonably designed” to ensure the person’s compliance with the Commission’s recordkeeping requirements. The procedures must provide for appropriate training of relevant personnel and ongoing monitoring of a firm’s compliance with its record creation and retention obligations. As now, required records would have to be retained for certain minimum enumerated time periods and be open to inspection by CFTC and Department of Justice staff. Requested documents would have to be produced “promptly” upon request by CFTC staff. The CFTC will accept comments to its proposed revised record-keeping rules for 60 days following their publication in the Federal Register.
Compliance Weeds: Just prior to the end of 2016, the Financial Industry Regulatory Authority assessed a total of US $14.4 million in fines against 12 firms for “significant deficiencies” in their retention of required books and records on electronic storage media. FINRA claimed that the sanctioned firms typically did not retain electronic records in WORM format, failed to have a required audit system regarding such records, did not obtain or maintain a required attestation from a third-party vendor regarding their ability to provide data to the Securities and Exchange Commission, FINRA or any other regulator if a firm could not, and did not have adequate written supervisory procedures reasonably designed to ensure compliance with applicable requirements. (Click here for details regarding FINRA’s actions in the article “FINRA Sanctions 12 Member Firms for Failure to Maintain Electronic Records in Required Format” in the January 8, 2017 edition of Bridging the Week.) Current CFTC rules regarding electronic records are roughly equivalent to those of the SEC applicable to broker-dealers. (Click here to access CFTC Rule 1.31(b) and here to access the relevant SEC Rule, 17 CFR 240.17a-4(f).) Although the CFTC’s proposed revised record retention rules are more principles-based and technology neutral than its existing requirements, they still impose comprehensive creation and retention requirements including rigorous controls. As the notice of proposed rule-making makes clear in referencing the ongoing training requirement under the revised rule, “[t]he obligation to remain current on the legal requirements regarding compliance with §1.31 is one that a records entity ignores at its peril. The Commission takes a similar view towards the proposed obligation for each records entity to monitor compliance with the entities policies and procedures on a ‘regular’ basis.”