MBSC Securities Corporation (New York, NY), BNY Mellon Capital Markets (NY, NY), and BNY Mellon Securities (Jersey City, NJ) - all subs of the same parent company - agreed to pay a $300K fine, jointly and severally, to settle FINRA charges they failed to ensure that emails were retained and timely reviewed. The firms self-reported their violations to FINRA.

    New System for Archiving, Reviewing Email.   The firms problems began when a new 3rd-party system for email archiving and review was implemented.  It relied on firm personnel to properly code new and existing email accounts, to ensure that emails were journaled from users’ email accounts in the new system and, when email accounts were incorrectly coded, the affected users’ emails were not retained, as is consistent with SEC and NASD rules. In addition, the firm's had these other alleged issues: 

• Both incoming and outgoing emails were retained for 30 days, unless an individual employee double-deleted the email - in which case it would not have been retained at all.
• After 30 days, any emails remaining in an individual employee’s email inbox or outbox were retained for an additional 30 days.
• All emails were deleted from the new system after 60 days - unless the auto-delete function was disabled. 
  
• E,ao;s would not have appeared in the new system for compliance department reviews, unless an email user whose account was properly coded sent or received the email message.

Further Compliance Issues.  

• The firms didn't properly code certain email accounts.
• They didn't have written guidance to ensure that all email accounts for associated persons of each firm were properly recorded.
• They had not evidenced any testing of the new system to ensure that email accounts were being set up properly to capture emails for compliance with SEC Rule 17a-4 and NASD Rule 3110. 
• By failing to retain emails, the firms also failed to timely review emails of affected users. 

A MBSC Securities compliance department employee discovered the firm's failure to properly archive and review emails when he searched for an e-copy of an email he knew had to exists, but he failed to locate it.  Prior to that event, the firms didn't know they were failing to properly archive and review emails.

    Retained an Outside Consultant.  Following the discovery of the retention and review problems, the parent company retained an outside consultant to assess the scope of the retention failure, and the consultant:  (i) determined that 725 users were affected among the 3 firms, for whom emails were not retained consistent with SEC and NASD rules;  (ii) estimated that as many as 4 million emails had been lost at the 3 firms through the failure to properly code email accounts for journaling to the new system.

In determining the fine and sanction, FINRA took into account that that the firms self-reported to FINRA - their to review and retain emails, and steps being taken  to remedy those deficiencies. 

This is FINRA Case #2010021312001.   For this or other cases, go to:   [FINRA Disciplinary Actions for February]