E.1. The phrase business as such under Exchange Act Rule 17a-4(b)(4) is not defined.34 What questions, concerns or challenges, if any, does this raise with respect to ensuring compliance with the recordkeeping requirements? Are there categories of records that are especially costly or difficult to capture or retain, and which may provide no appreciable regulatory benefit? <EA1: Ambiguity of the rule has nothing to do with the degree of difficulty to capture and retain specific types of records. Rules should be technology agnostic and limited to only those that are 'easier' capture and retain. Modern technologies are readily available to capture most communications formats, and those that do have limited abilities to capture should not be approved for business use. If a firm choses to use outdated, poorfly performing compliance technologies - or technologies that were originally designed for the use of email - that is the decision they must defend with regulators. Ultimately, there should be no segregation of specific areas of technology that are universally determined to have "no appreciable regulatory benefit", that should always be determined by the content and context that those technologies are used by a business, and whether a firm has adhered to its own policies to govern more sensitive or valuable information.>
E.2. What standards for the supervision of various digital communication channels have proved effective, including with respect to off-channel communications? What are some examples of such workable standards? <EA2. The standards that have proven to be most effective are a combination of policy & procedure adjustments, employee training, as well as the use of appropriate technologies that allow approved communications to be inspected and off-channel indicators to be surfaced. Off-channel communications is not a new problem, and will always exist as technology innovation and client demand will continue to drive communications to new tools. Firms need to remain diligent and anticipate that the challenge will be dynamic, and must revisit policy decisions and methods of inspection to make sure they are in step with technology advances and changes in employee and client behaviors>
E.3. What are members’ recordkeeping challenges regarding AI-generated communications and how do these challenges vary based on the type of AI-generated communication (e.g., AI-powered chatbot, AI-generated transcripts or summaries of meetings)? <EA3. The current challenge is to establish guardrails and governance programs in attempting to control the use cases that employees are seeking to deploy. Business pressures to leverage AI remain immense, and forward-looking firms are now building programs to assess benefits and risks of specific use cases, prioritize those use cases, ensure that pilots can be constructed with clear return on investment objectives, and incorporating the results to deploy the next set of pilots. Many firms are moving first with internal use cases for use cases including meeting summarization, first pass contract review, and regulatory horizon scanning, before moving to higher risk scenarios. However, this rate of adoption is moving exceptionally fast and will likely see firms moving beyond initial pilots well before the end of 2025>
E.4. How do members approach recordkeeping, and any related challenges, with respect to dynamic information displayed on their website or digital platforms? How do members approach customer-related interactions and experiences (e.g., the account opening process) through their systems? <EA4. Many firms have moved past static control platforms that attempting to flatten dynamic and collaborative information as unique, individual instances. Some control systems do enable the capture, preservation and review of interaction taking place over time periods without having to rely upon the re-assembly of that dynamic information after the fact, which is extremely time consuming and inexact. These modern control systems are available and do not require a larger and more complex move toward an audit trail approach, which is very challenging to operate at the the scale required by larger firms. Best practice is to leverage compliance technology that is suited for today's communications and not attempting to retrofit a technology approach that was designed for the purpose of email>
E.5. Should FINRA consider any changes to its rules, guidance or processes relating to its communications with the public requirements to address any challenges resulting from using new technologies? For example, should FINRA consider any changes to the disclosure requirements under its rules to facilitate the use of modern communication channels (e.g., through layered disclosures)? <EA5. Rules should be technology agnostic, otherwise an infinite number of permutations will be created that will very soon be replaced by a new set as technology evolves. FINRA can play a role in working closely with firms and technology providers to surface challenges and best practices related to the use of new technologies. Technology providers can often see topics arise in aggregate across segments of the market, and can share observations with FINRA to ensure that firms are using the technology optimally and that any unique, incremental risks that are uncovered can be addressed properly in FINRA's engagement with the market>
For the Public
FINRA DATA
FINRA Data provides non-commercial use of data, specifically the ability to save data views and create and manage a Bond Watchlist.
For Industry Professionals
FINPRO
Registered representatives can fulfill Continuing Education requirements, view their industry CRD record and perform other compliance tasks.
For Member Firms
FINRA GATEWAY
Firm compliance professionals can access filings and requests, run reports and submit support tickets.
For Case Participants
DR PORTAL
Arbitration and mediation case participants and FINRA neutrals can view case information and submit documents through this Dispute Resolution Portal.
Need Help? | Check System Status
Log In to other FINRA systems
Robert Cruz Comment On Regulatory Notice 25-07
E.1. The phrase business as such under Exchange Act Rule 17a-4(b)(4) is not defined.34 What questions, concerns or challenges, if any, does this raise with respect to ensuring compliance with the recordkeeping requirements? Are there categories of records that are especially costly or difficult to capture or retain, and which may provide no appreciable regulatory benefit? <EA1: Ambiguity of the rule has nothing to do with the degree of difficulty to capture and retain specific types of records. Rules should be technology agnostic and limited to only those that are 'easier' capture and retain. Modern technologies are readily available to capture most communications formats, and those that do have limited abilities to capture should not be approved for business use. If a firm choses to use outdated, poorfly performing compliance technologies - or technologies that were originally designed for the use of email - that is the decision they must defend with regulators. Ultimately, there should be no segregation of specific areas of technology that are universally determined to have "no appreciable regulatory benefit", that should always be determined by the content and context that those technologies are used by a business, and whether a firm has adhered to its own policies to govern more sensitive or valuable information.>
E.2. What standards for the supervision of various digital communication channels have proved effective, including with respect to off-channel communications? What are some examples of such workable standards? <EA2. The standards that have proven to be most effective are a combination of policy & procedure adjustments, employee training, as well as the use of appropriate technologies that allow approved communications to be inspected and off-channel indicators to be surfaced. Off-channel communications is not a new problem, and will always exist as technology innovation and client demand will continue to drive communications to new tools. Firms need to remain diligent and anticipate that the challenge will be dynamic, and must revisit policy decisions and methods of inspection to make sure they are in step with technology advances and changes in employee and client behaviors>
E.3. What are members’ recordkeeping challenges regarding AI-generated communications and how do these challenges vary based on the type of AI-generated communication (e.g., AI-powered chatbot, AI-generated transcripts or summaries of meetings)? <EA3. The current challenge is to establish guardrails and governance programs in attempting to control the use cases that employees are seeking to deploy. Business pressures to leverage AI remain immense, and forward-looking firms are now building programs to assess benefits and risks of specific use cases, prioritize those use cases, ensure that pilots can be constructed with clear return on investment objectives, and incorporating the results to deploy the next set of pilots. Many firms are moving first with internal use cases for use cases including meeting summarization, first pass contract review, and regulatory horizon scanning, before moving to higher risk scenarios. However, this rate of adoption is moving exceptionally fast and will likely see firms moving beyond initial pilots well before the end of 2025>
E.4. How do members approach recordkeeping, and any related challenges, with respect to dynamic information displayed on their website or digital platforms? How do members approach customer-related interactions and experiences (e.g., the account opening process) through their systems? <EA4. Many firms have moved past static control platforms that attempting to flatten dynamic and collaborative information as unique, individual instances. Some control systems do enable the capture, preservation and review of interaction taking place over time periods without having to rely upon the re-assembly of that dynamic information after the fact, which is extremely time consuming and inexact. These modern control systems are available and do not require a larger and more complex move toward an audit trail approach, which is very challenging to operate at the the scale required by larger firms. Best practice is to leverage compliance technology that is suited for today's communications and not attempting to retrofit a technology approach that was designed for the purpose of email>
E.5. Should FINRA consider any changes to its rules, guidance or processes relating to its communications with the public requirements to address any challenges resulting from using new technologies? For example, should FINRA consider any changes to the disclosure requirements under its rules to facilitate the use of modern communication channels (e.g., through layered disclosures)? <EA5. Rules should be technology agnostic, otherwise an infinite number of permutations will be created that will very soon be replaced by a new set as technology evolves. FINRA can play a role in working closely with firms and technology providers to surface challenges and best practices related to the use of new technologies. Technology providers can often see topics arise in aggregate across segments of the market, and can share observations with FINRA to ensure that firms are using the technology optimally and that any unique, incremental risks that are uncovered can be addressed properly in FINRA's engagement with the market>