Scottrade Fined $2.6 Million for E-Records Failures

    Dec 22, 2015

    The Financial Industry Regulatory Authority (FINRA) has fined Scottrade Inc. $2.6 million for failing to retain a large volume of securities-related electronic records in the required format and for not retaining certain types of outgoing e-mails, Reuters reported.

    The regulatory agency also reprimanded Scottrade for not having a reasonable supervisory system in place to enable compliance with Securities and Exchange Commission (SEC) and FINRA books and records rules, which contributed to its records retention failures.

    Federal securities laws and FINRA rules require business-related e-records to be stored in non-rewritable, non-erasable format – also referred to as "write-once, read-many" (WORM) – to prevent alteration. The SEC has stated that these requirements are a crucial part of the investor protection function because a firm’s books and records are the "primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards."

    According to media reports, FINRA found that from January 2011 to January 2014, Scottrade did not have centralized document retention processes or procedures in place for all its departments to follow.

    In addition, no one at the firm was responsible for ensuring a consistent document retention process, fully compliant with the records retention rules, including the requirement that all records be retained in WORM format. Staff in various departments saved certain documents to a restricted shared drive, which was not WORM-compliant. As a result, Scottrade failed to preserve a large number of key securities business e-records in the required format.

    According to Reuters, FINRA also found that Scottrade failed to copy more than 168 million outgoing e-mails to the firm’s WORM storage device, resulting in the deletion of those e-mails. These e-mails were generated automatically by the firm’s internal systems or by third-party vendors and included items such as margin call notices, address change notifications, and failed password attempt notifications.

    Scottrade neither admitted nor denied the charges but agreed to the entry of FINRA's findings.

    ARMA International’s Generally Accepted Recordkeeping Principles® (Principles) draw attention to corporations’ need to comprehensively understand the laws and regulations that impact their business processes. The Principle of Compliance states: “An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies.” Of course, this is not new with information governance; it is long-established bedrock of records and information management (RIM) programs and requirements.

    ARMA offers a number of resources for those that want to ensure they are meeting their legal and regulatory requirements. Even if a retention schedule is in place, it must be routinely reviewed and updated to remain current with changes in regulations and legal requirements.

    RIM programs benefit from periodic assessments to ensure that:

    • It is being continuously improved to stay current with changes in business practice
    • Employees know and understand their obligations related to handling records and information
    • Employees are complying with written policies and procedures.

    Check out these ARMA resources for more guidance:


    © 2017, ARMA International