Although it received little attention, a recent court case marked a rare victory for a broker-dealer in the ongoing disputes between financial services firms and the Securities and Exchange Commission. St. Petersburg, Fla.-based Raymond James Financial Services was the first broker-dealer to contest e-mail retention allegations brought against it by the SEC and win the battle in court.
According to the SEC, Raymond James violated Section 17(a)(1) of the Exchange Act and Rule 17a-4 because, prior to January 2001, the firm didn't systematically preserve all of its branch offices' electronic mail. However, "The SEC required the compliance of e-mail retention before the technology was available," says Patrick Gordon, founder of Boston-based Compliant Systems Consulting. Gordon served as an expert witness for the defense in the case, basing his testimony on this one verifiable premise.
Gordon adds that, like Raymond James, many other broker-dealers were caught in what he calls the 2001 "SEC e-mail sweep" that snared a number of leading firms, including Deustche Bank, Goldman Sachs and Morgan Stanley, following the Enron and WorldCom scandals. "These broker-dealers could also have beaten the Commission's charges had they used the defense I helped build for Raymond James," he contends. "But they just rolled over and paid the fines."
The Crux of the Case
In her decision, released Sept. 15, SEC chief administrative law judge Brenda Murray delivered a blow to the SEC when she ruled in favor of Raymond James and declared the charges brought against the broker-dealer to be unfair. According to Murray, Raymond James made a good faith effort to comply with rules, which were not clearly defined by the SEC at the time in question - August 1999 to December 2000.
According to Compliant Systems' Gordon, the basis of Raymond James' arguments can be traced back to 1993, when the SEC permitted records to be retained electronically with a no-action letter. "Throughout the '90s, everyone was expecting the SEC to codify that [no-action letter], which was primarily for books and records, customer statements, and incoming correspondence ... types of documents that were processed in the data center, oftentimes in a mainframe," he explains.
The SEC finally codified the letter on Feb. 5, 1997. The issued guidelines attempted to clarify that Rule 17a-4 - which requires broker-dealers to preserve all communications sent and received for a period of not less than three years - pertained to electronic communications as well as paper-based documents. But "a lot of people didn't really understand what the SEC was after," explains Gordon. "When the SEC included e-mail and Internet communications, it threw everyone for a loop because [it involved] a whole other organization - the messaging department - which is not the mainframe side. You're talking about your e-mail systems."
Storing electronic communications wasn't the problem; firms could use solutions similar to those being used in data centers, such as optical disk technologies. According to Gordon, as with all forms of storage, the real dilemma was capturing and indexing. "The software necessary to do the indexing and the capture mechanism in indexing wasn't really there in 1997," he asserts. "The SEC came out with an amendment, yet there was no possible way anybody could comply with it."
Charles Weeden, managing partner at New York-based e-messaging compliance consulting company 17a-4 LLC and an expert witness retained by the SEC, concedes this point. "From 1997 to 2000, you'd be hard pressed to have really had a solution that works," he says. "From 2000 onwards, you had a couple [of technologies] that would address the requirements of the rule."
Confusion Within the SEC
The SEC was not oblivious to firms' technology predicaments. In 2000, the Securities Industry Association had ongoing communications with the SEC about how difficult it was to comply with Rule 17a-4, according to the Raymond James' ruling issued by the SEC on Sept. 15. "They were relating a lot of the issues that many of the broker-dealers knew about but the SEC didn't," explains Compliant Systems' Gordon.
Meanwhile, other laws brought the retention rule into question. The enactment of the 2000 ESIGN (Electronic Signatures in Global and National Commerce) Act, a federal law that promotes the use of electronic contracts, gave electronic signatures and record keeping in private commerce the same legality as handwritten signatures. Section 101 of the Act says federal regulators cannot specify the media to be used to comply with government regulations. At the time, most firms already had interpreted Rule 17a-4 as requiring the use of optical storage technology. (According to Gordon, this misinterpretation also was due to a rule amendment released by NASD in 1997 that specified optical storage technology in the retention of required records.)
Consequently, ESIGN raised a lot of issues about whether or not Rule 17a-4 came across as prescriptive. Because the SEC had to reexamine the rule to make sure it complied with ESIGN, Annette Nazareth, director of the division of market regulation at the SEC, asked the NYSE to hold off on its enforcement of the rule, according to Judge Murray's decision. "It was obvious to the SEC that they were having problems," Gordon says.
All of this confusion made it hard for Judge Murray to find Raymond James in violation of the e-mail retention rule. The official court ruling states: "It is undisputed that in the relevant time period, Commission's staff was (1) informing the industry that Rule 17a-4(b)(4) would be modified, and (2) requesting that the NYSE not enforce the rule. ... It would be patently unfair and unacceptable ... to find that Raymond James did not take steps to comply with Rule 17a-4(b)(4)."
State of Compliance Today
Although the court ruled in favor of Raymond James, 17a-4 LLC's Weeden contends that when it came to selecting and implementing the appropriate technology, the firm could have done a better job. "Gene Frederiksen, who was the IT director, ... wanted to solve the firm's archiving, filtering and spam issues all with a single product," he explains. "Frederiksen focused mostly on the spam, and, as a result, Raymond James didn't have as effective an archive as they could have," Weeden contends. "They made a good faith effort to try to implement something to comply with 17a-4, but I don't think the platform they used had as much capability as some of the other products in the space." Raymond James did not respond to calls for a comment.
Weeden adds that while he believes that a majority of financial services firms currently are compliant with e-mail retention rules, the problem of selecting the best technology for the job still persists and is due, in large part, to confusion among compliance and IT departments regarding what needs to be accomplished. "Everyone understands that there's a compliance problem that you have to solve," he says. But, "People are still wrestling with the problems they want their archiving system to solve - 'Do I want to use the archive to help me manage the huge size of the information stored as a result of all the e-mail activity?' and, 'Are there other things that I can do with the archive that will make me run my business better?'"
Weeden suggests that firms pursue a holistic approach to e-mail archiving. "If you approach it only from a compliance standpoint, this project is going to cost you a lot of money; if you broaden what you want to accomplish, implementing an e-mail archiving solution will actually save you money," he says. But, "That dialogue doesn't happen in most firms, especially in the larger firms."
Aching to Archive?
A partial list of e-mail archiving solutions providers:
iLumin Software Services
Mobius Management Systems
Open Text Corp.
Sherpa Software Group