Modernizing SEC Rules to Reflect Today’s Communications Practices

• The SEC’s books and records rules on retaining communications are outdated, overly broad, and impose strict liability standards that no longer align with how firms and clients communicate.
• SIFMA is urging the SEC to narrow retention obligations, provide safe harbors for good-faith compliance, and remove outdated requirements that deter adoption of secure, modern technologies.
• These reforms would reduce unnecessary costs, preserve investor protections, and help U.S. firms remain competitive in global markets.

Clear, seamless communication between firms and their clients is critical to healthy capital markets. Yet today’s SEC rules — designed for an era of paper files and limited technology — have not kept pace. Instead, they impose sweeping and often unworkable requirements that increase compliance costs without delivering commensurate benefits to investors.

In a recent letter, SIFMA urged the SEC to modernize its Books and Records Rules governing communications, including Exchange Act Rules 17a-4 and 18a-6 and Advisers Act Rule 204-2. Updating these rules would allow firms to meet client expectations, use secure modern technologies, and remain competitive globally — while continuing to uphold strong supervisory responsibilities and investor protections.

Key Recommendations

SIFMA is suggesting the following prudent changes:

• Refocusing retention obligations on client-facing communications that are substantively related to investment or securities advice or transactions, consistent with the rules’ original intent.
• Removing uncertainty by eliminating the vague “business as such” standard and clarifying that trivial or irrelevant categories — such as emojis, ministerial messages, or AI-generated transcripts — are not subject to retention.
• Providing a safe harbor for firms that implement reasonable policies and procedures, replacing today’s strict liability framework.
• Harmonizing retention periods across registrants at three years, simplifying compliance for dual registrants.
• Eliminating third-party undertakings that currently discourage the use of secure, modern cloud technologies.

Recent enforcement actions highlight the mismatch between current rules and modern realities. More than 90 SEC settlements, totaling over $2.2 billion in penalties, have involved technical recordkeeping violations — not misconduct that harmed investors. Even SEC Commissioners Peirce and Uyeda have raised concerns about this strict liability approach and the lack of credit for firms’ good-faith compliance efforts. Chairman Atkins also recently noted that the significant SEC resources spent on these cases were unjustified given the absence of investor harm. Modernizing these rules would ensure that firms can communicate with clients through the channels they use every day, without unnecessary compliance hurdles. This would lower costs, preserve strong supervisory oversight, and maintain the investor protections at the core of the federal securities laws.

Bottom line: It’s time to bring the SEC’s communications retention rules into the 21st century — enabling modern communication, reducing unnecessary costs, and strengthening U.S. market competitiveness.

Authors

Kenneth E. Bentsen, Jr. is President and CEO of SIFMA. From 1995 to 2003, he served as a Member of the United States House of Representatives from Texas. Prior to his service in Congress, Mr. Bentsen was an investment banker specializing in municipal and housing finance.

Melissa MacGregor is Deputy General and Corporate Secretary at SIFMA.