Financial Industry Regulatory Authority (FINRA) Imposes $9 Million Penalty for Email Failures
FINRA announced that it fined brokerage firm LPL Financial LLC (LPL) $7.5 million for significant email system failures, which allegedly prevented LPL from "accessing hundreds of millions of emails and reviewing tens of millions of emails," and for making misstatements to FINRA. FINRA also ordered LPL to establish a $1.5 million fund to compensate brokerage customer claimants potentially affected by LPL's failure to produce email. LPL neither admitted nor denied the charges, but consented to the entry of FINRA's findings.
Brad Bennett, Executive Vice President and Chief of Enforcement at FINRA, said, "As LPL grew, it did not expand its compliance and technology infrastructure; and as a result, LPL failed in its responsibility to provide complete responses to regulatory and other requests for emails. This case sends a strong message to firms to make sure your business does not outgrow your compliance systems."
FINRA found that from 2007 to 2013, LPL's email review and retention systems failed at least 35 times, leaving the firm unable to meet its obligations to capture email, supervise its representatives and respond to regulatory requests. Because of LPL's deficiencies in retaining and monitoring emails, FINRA determined that LPL failed to produce all requested email to certain federal and state regulators and FINRA, and also likely failed to produce all emails to certain private litigants and customers in arbitration proceedings.
LPL's registered representatives are independent contractors and many operate under one or more "doing business as" (DBA) names and use DBA email addresses in addition to an lpl.com email address for their business. FINRA found that LPL did not review 28 million DBA emails sent and received from thousands of representatives over a three-year period.
In addition, FINRA alleged that LPL made material misstatements to FINRA concerning its failure to supervise the DBA emails. According to FINRA, LPL inaccurately stated that the issue had been discovered in June 2011 even though certain LPL personnel had information that would have uncovered the issue as early as 2008. Moreover, LPL claimed that there were not any "red flags" suggesting any issues with DBA email accounts when, in fact, there were numerous red flags related to the supervision of DBA emails that were known to many LPL employees.
Ignites reports that more than half the participants in a recent survey said they had increased the resources -- both time and money -- allocated to e-mail compliance over the past year. In addition, half the survey participants expect to increase those resources in the next year. "E-mail challenges still face a lot of companies," says Stephen Marsh, CEO of Smarsh, the e-mail and social media archiving firm that conducted the survey. Smarsh surveyed 284 compliance professionals who have direct compliance supervision responsibilities at an array of financial services firms. The survey was conducted between January and March of 2013.
Sources: LPL to Pay $9 Million for Systemic Email Failures and for Making Misstatements to FINRA; LPL Fined $7.5 Million and Ordered to Establish $1.5 Million Fund to Compensate Affected Customers; FINRA News Release (May 21, 2013); Financial Industry Regulatory Authority Letter of Acceptance, Waiver and Consent No. 2012032218001 (May 21, 2013); Paula Vasan, Former SEC Official Joins LPL Financial, Financial-Planning.com (June 20, 2013); Beagan Wilcox Volz, Firms Boost Spending on E-Mail Compliance: Survey: Ignites (May 29, 2013).