Terry Gerton The Securities Industry and Financial Markets Association has recently written to the SEC asking to modernize its communication and record keeping rules. Help us understand what the big issue is here.
Robert Cruz Well, I think the fundamental issue that SIFMA is calling out is a mismatch between the technology that firms use today and the rules, which were written a long time ago — and in some cases, you know, the Securities and Exchange Act from 1940. So essentially we’re all struggling trying to find a way to fit the way that we interact today into rules that are very old, written when we were doing things with typewriters and, you know, over written communication. So it’s trying to minimize the gap between those two things, between the technology and what the rule requires firms to do.
]]>
Terry Gerton So instead of all of those hard copy letters that we get from investment firms and those sorts of things, we also get emails, text messages. That’s where the disconnect is happening?
Robert Cruz Yes. It’s the fact that individuals can collaborate and communicate with their customers over a variety of mechanisms. And some of these may be casual. They may be not related to business. And that’s the fundamental problem is that SIFMA is looking for the rules to be clarified so it pertains only to the things that matter to the firm, that create value or risk to their business or to the investor.
Terry Gerton And what would those kinds of communications look like?
Robert Cruz I think what they’ll look like is external communication. So, right now the rule doesn’t distinguish between internal — you and I as colleagues talking versus things that pertain to, you know, communications with the public or with a potential investor. So it’s trying to carve out those things that really do relate to the business’s products or services and exclude some of the things that may be more just conversational, as you and I might pass each other in the hallway, we can chat on a chat board someplace. It’s trying to remove those kind of just transitory communications from the record keeping obligations.
Terry Gerton Right. The letter even mentions things like emojis and messages like “I’m running late.”
Robert Cruz Exactly. And you know, it’s a fundamental problem that firms have is the fact that if you say you’re going to be able to use a tool, even if it’s as simple as email, that means that our firm has an obligation to capture it. And when it captures it, it captures everything, everything that is delivered through that communication channel. So that creates some of that problem of like, somebody left their lunch in the refrigerator. We need to clean it up. it’s trying to remove all of that noise from the things that really do matter to the business.
Terry Gerton Not only does that kind of record keeping impose a cost on the organization, the reporting organization, but it also would create quite a burden on the regulators trying to sort out the meaningful communication in that electronic file cabinet, so to speak.
]]>
Robert Cruz Absolutely. Well, the firm clearly has the obligation to sift through all of this data to find the things that matter. If you have a regulatory inquiry, you’ve got to find everything that relates to it. Even if it’s, you know, I talked to an investor and there was an emoji in that conversation. I still need to account for that. So the burden is both on the firm as well as on the regulator to try to parse through these very large sets of data that are very, you know, heterogeneous with a lot of different activities that are captured in today’s tools.
Terry Gerton Relative to the question about the tools, you’ve said that SEC rules should be agnostic to technology. Unpack that for me. What exactly does that mean?
Robert Cruz Sure. This kind of goes back a few years where there was a revision to the rule 17A-4 from the SEC, which is the fundamental record keeping obligation. It says you need to have complete and accurate records. What they tried to do at that time was remove references to old technologies and spinning disks and things we used to do long ago. And so the objective was to be more independent of technology. Your obligation is your obligation. If it matters to the business, that’s the principle that should govern, not the particular tool that you use. So technology being agnostic — or rules being agnostic; technology means it doesn’t matter whether it’s delivered via email, via text, via emojis, carrier pigeons or anything else. If it matters to the business, it matters to the business.
Terry Gerton How do today’s variety of technologies complicate a business’ compliance requirements?
Robert Cruz The challenge is very complex, period. It’s always going to be with us because there’s always going to be a new way that your your client wants to engage. There may be a new tool that you’re not familiar with that they want to interact on. Or you may get pull from your employees internally because they’re familiar with tools from their personal lives. So that encroachment of new tools, it doesn’t go away. It’s always been with us. And so it’s things that we have to anticipate. Again, be agnostic because there’s going to be something that comes right along behind it that potentially makes you know an explicit regulation irrelevant from the outset.
Terry Gerton I’m speaking with Robert Cruz. He’s the Vice President for Regulatory and Information Governance at SMARSH. All right, let’s follow along with that because you’ve got a proposal that includes a compliance safe harbor. So along with these compliance questions, what would that change for firms and how does it address the challenges of enforcement?
Robert Cruz Well, it’s an interesting concept because the rules today are meant to be principles-based. They’re not prescriptive. In other words, they don’t tell you, you must do the following. And that’s one of the challenges the industry has is that, what is good enough? What is the SEC specifically looking for? So this is like trying to give people a safe spot to which then you can say, well, SEC, if you really care about, you know, particular areas of these communications, they can tune their programs to do that. So it feels like it’s just giving some latitude so that we can define best practices. We can get a clearer sense of what the regulators are looking for. It’ll guide our governance processes by just having a clearer picture of where enforcement’s going to be focused.
Terry Gerton The regulatory process that would apply here is notoriously slow and complicated. What’s at stake for firms and investors if we don’t get this modernized?
Robert Cruz Well, I think you’re going to continue to see just a lot of individual practices that will vary. Some firms will interpret things differently and we’ll need to wait for enforcement to determine which is the best way. So, case in point, generative AI — if you’re using these technologies inside of the tools that you currently support, are these going to be considered issues for the SEC or not? We we have to wait until we get some interpretation from the regulators to say, yes, we need to have stronger controls around this, or yes, we need to block these tools. You know, you need to make that adjustment based upon the way that the SEC responds to it.
]]>
Terry Gerton And what is your sense of how the SEC might respond to this?
Robert Cruz My gut tells me that just given where we are right now, you know, the SEC has a reduction in headcount it’s dealing with. It’s stating its mission very clearly and its focus is on crypto, is on capital formation, is on reducing regulatory burden. I just don’t know if this makes the list. So it clearly is being abdicated strongly from SIFMA, but, whether this makes page one of the SEC priorities list with the 20% reduction in headcount, it really seems like an outside chance that it gets onto their agenda.
Terry Gerton Could it inform some of the other regulation issues that they’re addressing, such as crypto and and capital formation?
Robert Cruz Absolutely. And that’s a great comment — the notion of using an unapproved communication tool, it didn’t go away. We may not see the big fines anymore, but I think the regulators are going to be saying if there’s an issue related to crypto, related to investor harm or what have you, if you’re using a tool that is not approved for use, you don’t have the artifact, you don’t have the historical record. They’re not going to view that you know favorably if you’re not able to defend your business. And so it’ll come up in context of other examinations that they’re carrying out. So maybe not a means to an end as it’s been for the last two years, but it will impact their ability to do their jobs ultimately.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
