Ir al contenido
Comma Compliance Docs

SEC & FINRA Compliance FAQ

Esta página aún no está disponible en tu idioma.

What regulations require message archiving?

Section titled “What regulations require message archiving?”

Two primary rules govern electronic communications archiving for broker-dealers and registered investment advisors:

  • SEC Rule 17a-4 - Requires broker-dealers to preserve business-related electronic communications for a minimum of 3 years (first 2 years in an easily accessible location). Records must be stored in non-rewritable, non-erasable (WORM) format.

  • FINRA Rule 4511 - Requires FINRA member firms to make and preserve books and records as required under FINRA rules, SEC rules, and the Securities Exchange Act. This includes all business-related communications regardless of the platform used.

What counts as a “business communication”?

Section titled “What counts as a “business communication”?”

Any communication related to the firm’s business, including:

  • Client communications (recommendations, order instructions, account discussions)
  • Internal communications about clients, trades, or firm business
  • Communications with prospects
  • Messages on any platform - email, text, WhatsApp, Signal, Slack, Teams, iMessage, and others

The platform doesn’t matter. If the content is business-related, it must be archived.

What is “off-channel” communication?

Section titled “What is “off-channel” communication?”

Off-channel communication refers to business messages sent through platforms that are not monitored or archived by the firm. Common examples include personal WhatsApp, Signal, iMessage, and text messages.

SEC and FINRA have imposed over $2 billion in fines related to off-channel communication violations since 2021. The enforcement trend is accelerating, not slowing down.

What are the penalties for non-compliance?

Section titled “What are the penalties for non-compliance?”

Penalties vary by firm size and severity of the violation:

  • Individual fines ranging from $10,000 to $1,000,000+
  • Firm-level fines from $100,000 to $200,000,000+
  • Suspensions or bars for individuals
  • Censure of the firm
  • Enhanced monitoring and reporting requirements

Recent enforcement actions have targeted firms of all sizes, from small RIAs to the largest banks.

How does Comma help with compliance?

Section titled “How does Comma help with compliance?”

Comma Compliance captures messages from 30+ communication channels and archives them in a compliant format:

  • WORM storage - Messages are stored in write-once, read-many format as required by SEC Rule 17a-4
  • Full chain of custody - Every message includes metadata, timestamps, and sender/recipient information
  • No device control required - Comma captures messages without MDM, new apps, or invasive device policies
  • Personal privacy preserved - Only business communications are captured; personal messages are not accessed
  • Search and e-discovery - Full-text search, filtering, and export for audits and regulatory requests

Do employees need to install anything?

Section titled “Do employees need to install anything?”

For most integrations, no. Organizational integrations (Slack, Teams, Google Workspace) require no action from individual users.

For end-to-end encrypted platforms (WhatsApp, Signal, iMessage), each user completes a one-time QR code scan to link their account. No app is installed on their device.

How long are messages retained?

Section titled “How long are messages retained?”

Comma retains messages according to your configured retention policy. The SEC minimum is 3 years, but many firms retain for longer. You can configure retention periods per channel or globally.

Can archived messages be modified or deleted?

Section titled “Can archived messages be modified or deleted?”

No. Messages are stored in WORM-compliant format, meaning they cannot be altered or deleted during the retention period. This is a regulatory requirement, not a limitation.