The Securities and Exchange Commission (SEC) developed a rule controlling electronic recordkeeping twenty-four years ago, in 1997. The SEC recommended modifications to that rule on November 18, 2021. It's no surprise that the rule was ultimately amended, or that the vote to do so was unanimous, given all of the changes in data management and technological advancements since it was initially issued. The only thing that surprised me was how long it took!
The rule describes electronic recordkeeping as an audit-trail option with a broad scope. Alterations or deletions of a record, for example, are words listed, and they track all of those modifications, including the date and time when an operator creates, modifies, or deletes a record, as well as information about that operator. Of course, there is a wealth of information around signatures and other data that ensures the record's legitimacy and trustworthiness, allowing it to be recreated in its original form and all subsequent iterations.
One of the more intriguing parts of this revision is that it benefits both the SEC and financial firms. It's a rare win-win situation in the world of RegTech. It's always a good thing when technology can be used to simplify, streamline, and strengthen compliance processes that safeguard customers – and banks – from market fraud. "This proposal would bring the Commission's rule in step with technological advancement, and I am glad to support it," said Gary Gensler, Chair of the Securities and Exchange Commission.
The agency has been compelled to adjust to the high pace of innovation in various areas. Artificial intelligence, machine learning, and other technologies are increasingly being used in RegTech solutions — as well as being used for nefarious purposes - forcing everyone's hand to stay up with the bad guys. Fraudsters go to tremendous measures to stay one step ahead of those attempting to obstruct their attempts, from using burner phones to erasing personal e-communications messages on WhatsApp.
The proposed modifications are motivated by three main factors.
Keeping up with innovation isn't something you'd expect a regulatory agency to believe in. But it is part of the motivation for this regulation change. One is, naturally, to make examinations and investigations easier. Two, to take a technology-neutral stance that allows the agency to be more future-proof. It would, for example, eliminate the requirement for rule changes every time RegTech or data management technology offers a new format or methodology. And, finally, to simply strengthen the criteria for electronic recordkeeping.
The proposed revisions would repeal the outmoded requirement that electronic communications be maintained in a non-rewriteable, non-erasable format that is incompatible with today's electronic recordkeeping technologies. The old regulations are also incompatible with SEA Requirement 17a-4, a 1997 electronic recordkeeping rule for broker-dealers.
Financial businesses can begin preparing for prospective SEC inquiries — and audits – now that regulators appear to be tightening down.