Books and records are integral to not only ensuring compliance of individual firms but for upholding the integrity of the financial markets overall. They ensure transparency, facilitate audits, and help prevent financial misconduct or fraud. Therefore, how they are maintained, stored, and archived by financial services professionals is increasingly becoming a priority to regulators.
This blog explores the books and records requirements of key regulators, as well as what brokers, banks, and investment firms need to know to ensure their books and records are compliant.
Books and records compliance requirements refer to the legal obligations imposed on businesses and organizations to maintain accurate and complete financial records and documentation of their activities. These requirements vary by jurisdiction and industry but generally involve keeping records of financial transactions, contracts, invoices, tax filings, and other relevant documents for a specified period.
The Securities and Exchange Commission (SEC) defines “Books and Records” as “all books and records, ledgers, employee records, customer lists, files, correspondence, and other records of every kind (whether written, electronic, or otherwise embodied) owned or used by a person, or in which a person’s assets, the business, or its transactions are otherwise reflected…”.
Whyare booksand recordsimportant?
Books and records are critically important for several reasons. Firstly, they are essential for regulatory audits, ensuring that businesses comply with financial regulations. These records must be captured and stored for specified periods, readily accessible to regulators when needed.
Record keeping is fundamental for meeting various other regulatory requirements related to monitoring and surveillance, which in turn, optimize business processes and functions. Maintaining comprehensive data oversight can enable firms to establish a universal data governance system. A universal data governance system aims to break down data silos, improve data quality and consistency, enhance data security, and promote a culture of responsible data management throughout the organization.
The significance of books and records was highlighted prominently after the 2008 financial crisis. Regulators recognized that robust record keeping plays a pivotal role in safeguarding financial markets by identifying and addressing suspicious activities, prompting the implementation of financial regulations aimed at preserving the integrity of these markets. Consequently, ensuring books and records compliance is fundamental for firms to meet the demands of global regulations, which are designed to enhance transparency and stability in the financial industry.
books and records requirements By Geography and business type
Books and records compliance requirements can vary significantly depending on the jurisdiction, industry, and type of organization.
The SEC oversees financial markets in the United States and has specific regulations related to record-keeping and reporting for publicly traded companies.
ESMA is responsible for securities regulation in the EU and provides guidelines on record-keeping and reporting for financial institutions.
FINRA regulates the securities industry and has rules regarding record-keeping for broker-dealers and investment firms.
MiFID II is a comprehensive EU regulation governing investment services and activities, including record-keeping requirements for financial firms.
The CFTC regulates the derivatives and commodities markets in the U.S., including record-keeping requirements for market participants.
GDPR, while primarily focused on data protection, also includes provisions related to the handling and retention of personal data, which can impact record-keeping practices.
IIROC sets regulations and standards for investment dealers and trading activities in Canada.
Books and recordsrequirementsforbrokers
FINRA and the SEC
Books and records requirements continue to be a top priority for regulating bodies such as FINRA and the SEC. In FINRA's recently released 2024 Annual Regulatory Oversight Report, the North American regulator dedicated an entire section to the obligations and considerations firms should be conscious of when managing their books and records.
FINRA and SEC-enforced rules 17a-3 and 17a-4 of the Securities Exchange Act (SEA) specify the minimum requirements with respect to the records that broker-dealers must make, how long these records and other documents relating to a broker-dealer’s business must be kept for, and in what format they may be kept.
SEA Rule 17a-3 requires broker-dealers to retain records for a period of between three and six years, with SEA Rule 17a-4 requiring broker-dealers to retain them for a period of three years. Notably, the enforcement currently being prioritized by North American regulators is Rule 17a-4(f), which explicitly states the requirements of preserving electronically stored records in a tamper-proof, non-rewritable, non-erasable format.
A comprehensive list of records required to be preserved, as well as the specific details to be included in each, can be found here.
CFTC’s Rule 17 CFR §1.31 requires broker-dealers trading in futures to maintain all regulatory records for a period of five years (with readily available access for the first two years), in a form and manner that ensures the authenticity and reliability of such records.
If the records are maintained electronically, appropriate systems and controls that ensure the authenticity and reliability of the electronic regulatory records need to be established. These include systems that maintain the security, signature, and data of the records and ensure the availability of such regulatory records in the event of an emergency or disruption.
IIROC Content of Books and Records Rule 3800 states that “maintaining complete and accurate records is a fundamental responsibility of a Dealer Member. A Dealer Member’s records provide an audit trail to support the Dealer Member’s supervision of its business and are necessary to prepare regulatory financial reports and to report accurately to clients.”
Books and records compliance requirementsfor banks
Books and records compliance requirements are of particular importance to banks in the United States, where comprehensive regulatory frameworks are in place to safeguard financial institutions and customer data. The Gramm-Leach-Bliley Act (GLBA), requires banks “to have secure access controls for protecting information storage and email retention periods of six years” in order to demonstrate that private information is securely stored in line with the Act’s requirements.
Under CFR Title 12: Banks and Banking, records of domestic and international funds transfers by insured depository institutions need to be retained for a period of five years. Alternatively, they must be filed, or stored in such a way as to be accessible within a reasonable period of time, taking into consideration the nature of the record and the amount of time that has expired since the record was made. This is to ensure compliance within agencies who deem such records as having a “high degree of usefulness in criminal, tax, or regulatory investigations or proceedings.”
Books and recordscompliance requirements for investment firms
Specifically set out by the SEC for investment advisers, the Investment Advisers Act Rule 204-2 (“Books and Records Rule”), requires investment advisers to make and keep certain books and records relating to their investment advisory business, including:
Financial Journals - cash receipts and disbursements
Ledgers - general and auxiliary
Order Memoranda - purchase or sale of securities
Banking Records - checkbooks, bank statements, canceled checks, cash reconciliations
Billing Records - bills, statements, paid, unpaid
Financial Statements and Audit Papers
Communication Records - received and sent written communications
Policies and Procedures, including annual review records
Records for Covered Associates
To comply with the Hedge Fund Transparency Act, hedge funds are required to maintain such books and records that the SEC would require, as laid out in the above Rule 204-2.
For Canadian investment firms, the IIROC requirements stipulated under Rule 3800 still apply, as rules applicable to “Dealer Members” extend to “Dealer Member firms” as well. Similarly, the requirements of CFTC Rule 17 CFR §1.31 also apply to investment firms dealing in commodity futures trading.
What are thechallengesfirms face in books and records compliance?
This data management debacle is only aggravated by growing data volumes and outdated legacy systems that are no longer fit for purpose in today’s regulatory landscape. Furthermore, a firm’s asset class, business type, or geographical region can further impact their data management systems and continue to deepen their data silos.
These challenges encompass the intricate tasks of integrating communications and trades and streamlining structured and unstructured data into a consolidated and normalized format. The situation is further exacerbated by the continual growth in data volumes and the persistence of outdated legacy systems that are no longer suited for the modern regulatory landscape. A single system makes recording keeping, and therefore compliance, easier. Not to mention the fact that a unified approach is necessary for future-proofing compliance. While adopting a unified system for record keeping holds the promise of simplifying compliance efforts, it remains far from standard practice in most firms. However, the urgency of such a system cannot be overstated, as it is essential not only for immediate compliance but also for safeguarding firms against evolving regulations and the increasing complexity of data management.
Books and records are integral to not only ensuring compliance of individual firms but for upholding the integrity of the financial markets overall. Moreover, they provide crucial insights for brokers, banks, and investment firms alike. While the specific compliance requirements set forth by key regulatory bodies for different segments of the financial industry vary in detail, they share the common objective of maintaining accurate and accessible records. It is evident that while adopting unified systems for record keeping can significantly ease firms' compliance efforts, this practice is not yet commonplace among most firms. Nevertheless, it is clear that there must be a sense of urgency for the modernization of systems, not only for immediate compliance but also for future-proofing against evolving regulations and data complexities. In a world where data is paramount, embracing efficient record keeping practices becomes imperative for financial institutions.
How SteelEye can help
SteelEye is a RegTech solution provider with a unique approach to bringing structured and unstructured data together. Awarded the Best Integrated Surveillance Firm by With Intelligence in the 2023 HFM US Services Awards, we know the importance of data for regulatory compliance and have developed the technology to make record keeping and data oversight as efficient as possible.