Broker-dealers say vague wording in SEC rule 17a-4 will make compliance with the rule unnecessarily costly and burdensome.

Last December, when five US broker-dealers--Deutsche Bank, Goldman Sachs, Morgan Stanley, Salomon Smith Barney and US Bancorp Piper Jaffray--agreed to pay fines totalling $8.25 million ($1.65 million each) for failing to preserve e-mail communications, it became clear just how disorganized broker-dealers have been in retaining e-mail records.

In the course of their investigations, the regulators found a whole host of problems. Some of the firms hadn’t kept e-mail records for the required three years and/or hadn’t maintained the e-mails in an accessible place for the first two years. Backup tapes had been discarded, or they had been overwritten--sometimes less than a year later. As part of the settlement, the firms also agreed to review their e-mail retention and storage procedures to ensure their compliance with federal securities laws and the rules of the NYSE and NASD.

But broker-dealers have argued that the current rules have made it difficult and prohibitively costly for them to comply. They say the language of the SEC’s rule 17a-4, which governs electronic communications, is too vague, and the technology format the rule requires is outdated. A primary sticking point of the retention rule is the tiny phrase "business as such," which defines--or doesn’t, as the industry argues--which e-mails and other electronic communications firms need to keep. Another concern is that the industry wants to see Write Once Read Many (WORM), the current required technology format in which e-mails must be stored, replaced with language allowing storage in any format that is "technology-neutral."

But most problematic is that "business as such" leaves open to interpretation which e-mails should be kept. It also means that firms have the ultimate responsibility of reviewing all of the e-mails they produce a day to determine whether or not they deal with the vague "business as such" term. The Securities Industry Association, which has been pushing the SEC to review and revise the rule since 2001, says that this rule is an update of a 1939 law dealing with paper records, but it doesn’t adequately take into account the massive volumes of e-mail produced today. A large broker-dealer can produce around three terabytes (or three thousand billion bytes) of data per year. Logistically, reviewing e-mails, they say, is impractical and nearly impossible.

The SIA wants the SEC to revise the rule to define the phrase more precisely. Under the SIA’s proposal, the revised rule would define who conducts the firm’s essential business. Registers could then be created with a list of essential workers and in turn, e-mails of those workers could be saved. "There has to be a functional way to achieve compliance," says Scott Kursman, vice president and associate general counsel at the SIA. "The logic of the SEC rule is that content is determinative, but no one is in the position to review content. Firms need to be able to make wholesale decisions as to whose e-mails relate to their ‘business as such’ and only save those," he adds.

Meanwhile, the WORM technology format in which firms are currently required to store their e-mail records was first settled on by the SIA and the SEC over a decade ago as the best tamper-resistant format for storage of electronic documents. But the SIA says WORM-compatible systems cannot handle today’s e-mail volumes in a cost-efficient and effective way. The SIA says the limited scalability and transfer rates of WORM systems makes transferring e-mails to WORM media akin to "dumping Niagara falls into a kitchen sink." Moreover, SIA executives add that WORM-compatible systems lack intelligent indexing tools, making it difficult to retrieve e-mail and complicating the task of producing the records requested by regulators. The SIA says there are "technology-neutral," tamper-resistant alternatives to WORM systems that would allow firms to be compliant but in a more cost-effective and efficient way.

Indeed, Peter Delle Donne, President of the Digital Archives Division at Iron Mountain, a records management firm, estimates that a typical e-mail investigation for a firm that has its records on WORM-formatted platters would cost around $90,000 to $100,000. "The difficulty is in recovering and searching the data, which takes long periods of time," says Delle Donne. "When you’re only doing one to two a month, you get it done--when you do 20 to 30 a month, you can’t."

But Delle Donne notes that WORM-compliant products have come out in the last three years, including WORM-compliant tapes that are cheaper than traditional platters, and, of course, there’s the outsourcing that Iron Mountain provides. "The alternatives are out there," says Delle Donne. "Firms need to go out and take advantage of them." Besides, he adds, "The technology is to blame for having poor indexing systems and expensive media," he says. "It is not to blame for creating an e-mail that was prejudicial--that was poor judgement."

Some firms are beginning to look at alternatives to the traditional WORM platters and going one step further--looking at ways to stop damaging e-mails from being sent out at all. Faxes and calls from personal mobile phones are reportedly being used for the most "sensitive" of information. Firms are also installing software to monitor and filter e-mails. In the past, the software was typically used to block out spam or sexually inappropriate e-mails. Now, says Tumbleweed, a software firm providing secure messaging services, there is a growing trend to use its rules-based filtering to scan for sensitive information or key phrases, such as "inside information" or "guaranteed." Firms are even considering filtering internal e-mails.

Meanwhile, the scrutiny surrounding e-mail records is not going to die down any time soon, and industry insiders are warning that firms need to get their e-mail procedures and practices in place or suffer the wrath of "activist plaintiff attorneys" and regulators. "The rule was intended as a means for brokers to keep records, not as a litigation crumb trail for activist plaintiff attorneys," says one industry insider. "But some companies are being penalized because they are not able to produce in a timely or efficient manner the electronic communications that are being demanded of them in discovery. In that effort alone, it is so overwhelmingly expensive and burdensome, it has become a tactic to force firms into settlement. Extortion is my harsh term for it, but today, it is a litigation tactic for sure."

And, as long as e-mail remains the favored "crumb trail," it is unlikely that 17a-4 will be revised any time soon (though the SEC had been contemplating a revision in early 2001). In the wake of Wall Street’s scandals, and in particular the paper shredding at Arthur Andersen, and the damning revelations exposed by analyst e-mails, the climate surrounding records retention has become politically charged. As Delle Donne notes, with increased litigation, regulatory investigations and growing volumes of e-mail, broker-dealers are now facing "the perfect storm."