SEC Updates its Electronic Recordkeeping Rule for the First Time in 25 Years

Twenty-four years ago, in 1997, the Securities & Exchange Commission (SEC) established a rule governing electronic recordkeeping. On November 18, 2021, the SEC proposed to make updates to that rule. Given all the changes in data management and advances in technology since the rule was first published, it’s no surprise that it was finally updated or that the vote to do so was unanimous. The only surprise here is how long it took!

Electronic recordkeeping, as described in the rule, is an audit-trail alternative and includes a broad definition. For example, terms listed include modifications or deletions of a record, tracking all those modifications such as the date and time when an operator creates, modifies, or deletes a record plus details about that operator. Of course, there is a plethora of detail around signatures and other data that uphold the authenticity and reliability of the record to permit its recreation in its original form and all subsequent iterations of it.

One of the interesting aspects of this update is that it affords both the SEC and financial firms benefits. Call it a rare win-win in the field of RegTech. Whenever technology can be leveraged to simplify, streamline, and bolster compliance efforts that protect consumers – and banks – from market fraud, it’s a good thing.

Keeping up with innovation is hardly a philosophy that you’d think a regulatory agency would embrace. But that’s part of the impetus behind this rule update. Gary Gensler, Chair of the SEC, articulated that this is precisely the path that the agency is following, “This proposal would bring the Commission’s rule in line with technological innovation, and I am pleased to support it.”

In some ways, the agency has been forced to adapt to the rapid pace of innovation. With artificial intelligence, machine learning, and other technologies now widespread in RegTech solutions – as well as being applied to nefarious efforts – everyone’s hand is being forced to keep up with the bad actors. From burner phones to deleting personal e-communications messages on WhatsApp, fraudsters go to great lengths to keep one step ahead of those trying to thwart their efforts.

There are three key drivers behind the proposed updates. One, unsurprisingly, is to better facilitate examinations and investigations. Two, to adopt a technology-neutral position that affords the agency with some level of future-proofing. Specifically, it would reduce the need for rule revisions each time that RegTech or data management technology introduces a new format or approach. And three, simply to improve electronic recordkeeping requirements.

The proposed amendments replace the outdated requirements that electronic communications be stored in a non-rewriteable, non-erasable format which is incompatible with contemporary electronic recordkeeping systems. The old rules are also inconsistent with a broker-dealer electronic recordkeeping rule, SEA Rule 17a-4, adopted in 1997.

With regulators apparently cracking down, financial firms can begin preparing now for potential inquiries from the SEC – and potential audits. Having your records accessible on-demand, as per the requirements of the SEC, is an essential component of contemporary compliance stipulations. But the proposed changes benefit financial firms, too: these proposed amendments aren’t disproportionately in favor of the SEC.

With these proposed measures, financial institutions can further reduce their risk of being exposed to market fraud. As market abusers use increasingly sophisticated measures to evade detection, these electronic recordkeeping rule updates mandate that all transaction data be accessible which can facilitate reduced risk. Leading RegTech solutions, like our own here at Shield, rely on full access to all electronic records to synthesize and analyze the history of transactions. This is essential for the detection of fraudulent activities which may have been conducted on a collection of disparate devices in a concerted effort to evade authorities.

Cost-savings is a likely outcome for firms. The proposed updates reduce the redundancy of electronic recordkeeping. Maintaining a hot copy for a shorter time may further reduce costs. Another benefit is online and collaborative file versioning. To date, compliance efforts are thwarted by their reliance on different departments and different job functions which each have a unique role in data management. The proposed new rules infer centralized access to all data forms which could bolster internal (and external with authorities) collaboration via streamlined access to transactional data. Additional cost reductions may be realized here.