What you need to know about the Securities and Exchange Commission

SEC - regulating the US securities market

The mission of the Securities Exchange Commission (SEC) is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. The SEC’s goal is to promote a market environment that the public finds trustworthy. In order to accomplish this, SEC oversight of the financial sector includes the following activities:

  • Inform and protect investors
  • Facilitate capital formation
  • Enforce U.S. securities laws
  • Regulate securities markets
  • Provide data

SEC oversight responsibilities

The SEC is responsible for oversight of 24 national securities exchanges in the U.S., with the two largest being the New York Stock Exchange (“NYSE”) and the National Association of Securities Dealers Automated Quotations (“NASDAQ”). This oversight includes supervision of all activities by more than 29,000 market participants that operate on the 24 different national securities exchanges.

Record keeping a core focus for the SEC in 2024

The record-breaking fines and enforcements handed out by the SEC over the past two years are due in large part to widespread record keeping failures. Many of the world's largest tier-one firms have been hit with massive fines for both their use of unauthorized communications channels as well as failing to meet their record keeping requirements. Regulators have indicated on multiple occasions that they have no plans of slowing down in 2024.

SEC Record Keeping Rules

The original SEC record keeping rules were outlined in the Securities and Exchange Act of 1934 (“SEA”). Given all the changes that have taken place with respect to technology, data and privacy, the SEC has implemented several updates which better align record keeping rules with today’s financial markets and institutions. Key changes or amendments that were put in place were Rules Title 17, Chapter 2, part 240 Rule 17a-3 and Rule 17a-4 as well as Rule 18a-5 and Rule 18a-6.

What is SEC rule 17a-3?

Rule 17a-3 of the SEA highlights examples of the books and records broker-dealers are required to retain, such as:

  • Brokerage orders and dealer transactions, including blotters and confirmations
  • Account statements
  • Customer account records
  • Customer complaints
  • Compensation
  • Any communications with the public

While Rule 17a-3 primarily outlines what types of books and records must be retained, Rule 17a-4 primarily outlines how the records must be retained and the length of time for which they must be retained.

What is SEC rule 17a-4?

According to 17a-4, records must be retained and indexed for a period of no less than three years with immediate access for two years. In certain cases, records must be retained for a minimum of six years. Rule 17a-4(f) states that the “records required to be maintained and preserved” can be stored on “micrographic media … or by means of electronic storage media.” The rules for ‘electronic storage media’ are as follows:

  • Records must be preserved exclusively in a non-rewriteable, non-erasable format, write once and read many (“WORM”)

  • The quality and accuracy of the storage media recording process must be automatically verified 

  • Originals need to be serialized and, if applicable, units of storage media must be duplicated and have the time-date for the required retention period on the storage media

  • The media recording process must contain the ability to readily download indexes and the preserved records to any medium

What challenges do financial firms face with regard to SEC record keeping?

There are a number of broad challenges related to record keeping, regardless of the regulatory agency rules.


SEC Record keeping challenge 1: Identifying which records need to be retained 

One of the first and biggest challenges relates to being able to identify which records need to be retained and produced.

Building the inventory of records requires an understanding of which products/services the institution operates within, and then based on this, which rules and records are within scope. 

SEC Record keeping challenge 2: Keeping up with new rules

In addition, new record keeping rules require institutions to review any new requirements and assess whether improvements in technology are required to meet minimum standards for SEC record keeping. This can be costly in terms of both time and money.

SEC Record keeping challenge 3: Growing data volumes

Another challenge includes the volume of data and the complexity of technologies. The sheer amount of data institutions are faced with capturing and retaining creates a serious challenge as far as what is to be collected and how to retain it.

SEC Record keeping challenge 4: Capturing and storing communications data like WhatsApp and iMessage

The complexity of technology such as outside messenger services like WhatsApp creates a number of challenges as far as tracking and retaining these communications. As more and more interactions, both internally and externally, are being conducted on mobile or non-work devices, tracking and keeping those records has become increasingly difficult. 

Recent SEC Surveillance Enforcements for Off-Channel Communications

In 2023, there were a number of enforcements by the SEC related to the use of unauthorized communications platforms by market participants. Two large violations that have occurred more recently include:

August 2023 – SEC and CFTC fine 13 firms a combined $549M for record keeping failures. Learn more >

September 2023 – SEC fines firms $79M for electronic communications breaches. Learn more >

SteelEye Record Keeping

SteelEye provides an efficient and reliable response to firm's SEC record keeping needs. The platform brings together structured and unstructured data from a wealth of sources and stores it in an immutable format, WORM compliant format. 

SEC Trade and Communications Surveillance

Under SEC rules, firms are required to establish, maintain, and enforce written supervisory policies and procedures for operational oversight or trade and communications surveillance. They are also required to implement internal controls to detect and prevent compliance breaches, such as the misuse of material non-public information.

This practice is done to ensure that firms are not participating in any manipulative or deceptive trading practices. Market manipulation rules by the SEC fall within sections 9 and 10 of the Securities and Exchange Act of 1934, which prohibits manipulation of security prices and regulates the use of manipulative and deceptive devices. This, therefore, gives the SEC the right to issue enforcement actions against firms for any violation of rules set out in Sections 9 or 10.

Additionally, SEC Rule 206-4 requires investment advisors to implement internal compliance controls that will detect and prevent regulatory violations; establish supervisory policies and procedures for client communications; and monitor the accuracy of disclosures made to investors, clients, and regulators, among other things.

Meeting SEC Supervisory Oversight rules

To meet SEC trade surveillance and market manipulation rules it is imperative that firms have in place a supervisory oversight program covering trades and communications. Such a program should include policies, processes and controls designed to ensure there is no violation of the regulations and rules.

While the SEC does not prescribe exactly the way in which surveillance of trades and communications must be carried out, there are aspects of supervisory oversight that firms must adhere to in order to meet SEC regulatory guidance. Firms should be aware of the fact that the SEC retain the right to examine surveillance and communications programs in order to check whether the programs are appropriate to meet the regulations at hand.


What does SEC market manipulation look like?

The concept of market manipulation is broad in nature, but may include any of the following activities:

  • Spoofing is a market abuse behavior where a trader moves the price of a financial instrument up or down by placing a large buy or sell order and canceling it before execution, thus creating the impression of market interest in that instrument.

  • Layering is a specific form of Spoofing where the individual places multiple orders at defined price levels (layers) to give an impression of market liquidity. The orders are not intended to be executed and will be canceled once the price has moved to a favorable place and a real order has been placed on the other side.

  • Ramping, also known as Momentum Ignition, involves the trading of a significant portion of a financial instrument or derivative, driving the price either up or down, when there is no news or obvious reason for the activity. 

  • “Wash Trading”, where one takes both the buy and sell side of a trade using a third party to generate increased activity and thus increased price.

  • “Price-Fixing”, which is a relatively simple and straightforward type of fraud where those who publish a price conspire to set it falsely and benefit their own interests (e.g. the LIBOR scandal).

Read about prominent market abuse behaviors here

The SEC website offers further types and examples of market manipulations, as well as examples of enforcement actions they have taken against those in violation of their rules in the past.

What challenges do financial firms face with regard to SEC market manipulation and surveillance rules?

There are many challenges firm’s face in relation to trade and communications surveillance and market manipulation rules. Below sets out a few examples. However as many firms operate in different manners, additional challenges may present themselves, which will also need to be accounted for.

SEC Trade Surveillance Challenge 1: Broad definition of market manipulation

One of the biggest challenges the industry faces concerning trade and communication surveillance is the broad nature of the rules themselves. The rules are written with no prescribed way in which surveillance should be conducted, allowing the SEC a significant amount of room to determine what they deem as violations of market manipulation rules and take enforcement action.

SEC Trade Surveillance Challenge 2: Use of new communications channels

More widespread use of new communications channels such as third-party apps like WhatsApp or iMessage, prompted by the Covid pandemic and increases in remote working, makes surveillance even more challenging for compliance teams. This is because communications on new channels either need to be captured or made prohibited through a corporate policy. But when a platform is banned, firms need to be able to identify intent among employees to, for example, start talking on this unmonitored channel to ensure policies are being adhered to. This can be done through lexicon searches for phrases like “let’s talk on WhatsApp”. However, a lot of surveillance technology is not up to date with modern ways of communicating.

SEC Trade Surveillance Challenge 3: Determining actual wrongdoing

A firm’s ability to distinguish between clear signals of wrongdoing and simply ‘noise’ within the trading environment makes it even more challenging for firms to comply with SEC market manipulation rules. Many trade surveillance systems find it difficult to distinguish between false results (or "false positives") and instances that actually warrant an investigation. Additionally, there needs to be evidence of intent, which further complicates matters for firms.

SEC Trade Surveillance Challenge 4: Disparate systems

Surveillance doesn't have to be done holistically. In fact, many firms today still use different systems for different types of data or even asset classes. For example, many financial firms carry out their communications and trade surveillance separately, through different platforms. However, trades don’t happen in isolation and this data is deeply interconnected. Disparate data not only impacts the time it takes for firms to respond to potential instances of misconduct or market manipulation but it also prevents them from getting a holistic view of their trading operations. 

Recent SEC Record Keeping Enforcements

There were a number of enforcements related to record keeping violations last year. Two large violations that have occurred more recently include:

May 2023 – SEC targets two tier-one banks for record keeping failures, fining them a combined $22M. Learn more >

June 2023 - SEC fines America's largest bank $4M over deleted emails. Learn more >


SteelEye Integrated Trade and Communications Surveillance

Integrated surveillance solution that delivers simple, effective and efficient supervisory controls. The platform brings together multidimensional data on a single, flexible platform with rich reporting, automated workflows and analytics that identify suspicious activity, quickly.

Learn more

SteelEye Communications Surveillance

SEC Resources

SEC record keeping and retention rules:

SEC Rule 17a-3  SEC Rule 17a-4  SEC Rule 18a-5  SEC Rule 18a-6  SEC 17 CFR Part 240  SEC Final Rule: 17 CFR Parts 200, 240, and 249  SEC Rule 206-4  

SEC Trade and Communications Surveillance and market manipulation rules:

Securities and Exchange Act of 1934 

(Section 9 – page 85, Section 10 – page 89)


Learn more about global financial services regulations


Latest News

SteelEye and Intelligent Voice Transform Voice Surveillance through Strategic Partnership

| 18 Jun 2024

Beyond Words: The Hidden Risks of Emojis in Trading

| 06 Jun 2024

Untapped Risk: Why Compliance Needs Voice Transcription

| 22 May 2024

Global Regulators Intensify Scrutiny of Market Manipulation Failures

| 10 May 2024

SteelEye’s Women in RegTech: Sonia Chowdhury

| 09 May 2024

Navigating Off-Channel Communications

| 29 Apr 2024