Communications Retention Rules
Regulated firms must retain communications and records that document their business operations, advice, and transactions. However, the current framework is increasingly misaligned with how clients want to communicate in a digital era. SIFMA supports a modernization of the retention rules – preserving investor protections while removing outdated burdens and enabling firms to use secure modern technologies.
Under federal securities laws, broker-dealers, investment advisers, and security-based swap dealers are subject to retention requirements for communications and records – including Rules17a-4(b)(4) and 204-2(a)(7). These rules were adopted in a paper-based era and have been interpreted broadly to include a much wider realm of records than originally intended. These broad interpretations have hampered the adoption of efficient and effective communications platforms and other technology.
Key Focus Areas
Narrowing Scope of Communications to Retain
SIFMA proposes that retention obligations be limited to client-facing communications that are substantively related to investment or securities advice or transactions, consistent with the original intent of the rules. Unnecessary burdens on firms arise from retention of trivial or administrative messages, emojis, AI-generated transcripts, or collaborative platform inputs.
Providing Safe Harbor for Good-Faith Compliance
Under current rules, firms face strict liability for retention failures, even when they have robust policies and procedures. SIFMA advocates for a safe harbor standard: if a firm establishes and maintains reasonable policies and procedures, failures should not automatically trigger liability.
Harmonizing Retention Periods Across Registrants
Currently, broker-dealers must retain communications for three years, whereas investment advisers must retain them for five years, creating complexity for dual registrants. SIFMA recommends a uniform three-year retention period for all firms.
Removing Outdated Third-Party Undertaking Requirements
Rule 17a-4(i) requires third-party record-storage providers (e.g., cloud vendors) to file undertakings with the SEC stating they will surrender records on request. Many cloud providers refuse to comply, impeding adoption of modern, secure infrastructure. SIFMA urges the SEC to eliminate this requirement.
Retaining Supervisory Responsibilities and Investor Protections
While SIFMA seeks modernization, it does not propose reducing firms’ supervisory obligations. Firms would continue to oversee employee communications, retain records beyond the minimum where appropriate, and meet investor protection requirements.
The Bottom Line
Effective compliance with communications and record-retention rules supports market integrity and investor protection – but the existing regime is outdated and overly burdensome. SIFMA is committed to working with the SEC and other regulators to modernize these rules, so they reflect current technology and business practices, reduce unnecessary costs and complexity, and maintain strong protections for investors.
