The Securities Industry and Financial Markets Association (SIFMA) is pressing the Securities and Exchange Commission (SEC) to modernize its decades-old recordkeeping rules for broker-dealers and registered investment advisors.
In an October 15 letter to SEC Chairman Paul Atkins, the influential trade group argued that existing regulations are too broad, outdated, and ill-suited to the realities of digital communications. SIFMA’s position is clear: the current framework creates excessive compliance costs and operational inefficiencies without delivering meaningful benefits to investors.
The association’s recommendations call for a comprehensive rewrite of recordkeeping obligations that would better align with how firms—and their clients—communicate today. Among its proposals, SIFMA urges the SEC to narrow the scope of what must be retained, eliminate categories of data that do not enhance investor protection, and harmonize retention periods across the industry.
The timing of SIFMA’s request reflects growing regulatory scrutiny over how financial firms manage and preserve digital communications. The SEC and FINRA have issued hundreds of millions of dollars in penalties in recent years for recordkeeping failures tied to electronic messaging and collaboration platforms.
Earlier this month, FINRA fined Ally Invest $850,000 for failing to retain more than 22 million business-related electronic messages because of technical errors. The lapse left the robo-advisory firm unable to respond fully to regulatory inquiries.
In 2024, the SEC ordered 26 firms—including Ameriprise, Edward Jones, LPL Financial, and Raymond James—to pay nearly $393 million in combined penalties for widespread violations of record retention requirements. Several firms received reduced penalties for voluntarily disclosing the deficiencies. Then in January, shortly before former SEC Chair Gary Gensler’s departure, the agency imposed another $63 million in fines against a dozen firms for similar failures.
For advisory firms and broker-dealers, these enforcement actions highlight a growing tension between compliance and practicality. The expansion of what regulators consider “communications” has forced firms to capture and archive nearly every digital interaction—an expectation that becomes increasingly difficult as new platforms, messaging tools, and AI technologies emerge.
SIFMA’s letter takes direct aim at that challenge. The group notes that the SEC’s recordkeeping rules were drafted decades ago for a paper-based environment and have not evolved alongside technology. As a result, the rules “create unmanageable compliance burdens and costs without corresponding investor protection benefits,” according to the letter.
SIFMA is urging the SEC to refocus its rules on the original intent of recordkeeping requirements: maintaining a clear and auditable record of investment-related client interactions. The association proposes narrowing the obligation to “client-facing business communications substantively related to investment or securities advice or transactions.”
That narrower definition, SIFMA argues, would exclude communications that have no regulatory or investor-protection value. The letter specifically identifies categories such as emojis, administrative notes (“I’m running late”), unsolicited inbound messages, and AI-generated meeting transcripts as examples of communications that should not be subject to retention.
The association warns that the current broad interpretation of “communications” has effectively forced firms to capture every fragment of digital conversation—including interactions that are incidental, informal, or irrelevant to investment activity. This, SIFMA says, has created “burdensome, costly, and unnecessary roadblocks for firms in effectively managing their relationships with clients through seamless and modern communication.”
In a nod to today’s technology stack, SIFMA also calls on the SEC to reexamine how cloud vendors are treated under existing recordkeeping rules. Current regulations require third-party service providers—such as cloud storage firms—to file formal undertakings with the SEC granting access to records if requested. SIFMA argues that the rule has become a major barrier to innovation, particularly for smaller firms seeking to use widely adopted cloud solutions.
The letter points out that the SEC has “rarely, if ever” exercised this authority to access records through third-party providers, suggesting that the provision offers little practical benefit while creating a significant operational hurdle. Removing this requirement, SIFMA argues, would make it easier for broker-dealers and RIAs to adopt secure, scalable cloud-based recordkeeping systems.
Another key recommendation involves harmonizing the retention periods for broker-dealers and RIAs. Currently, broker-dealers must retain communications for three years, while RIAs are required to keep them for five. SIFMA contends there is “no rationale” for the longer retention period applied to investment advisers, calling instead for a uniform three-year requirement across all registrants.
Standardizing retention periods, the association says, would simplify compliance and reduce administrative complexity, particularly for dual registrants and large firms operating under both regulatory regimes.
Beyond structural reforms, SIFMA is also advocating for a more practical enforcement framework. It recommends the SEC provide a “safe harbor” for firms that maintain reasonable policies and procedures to comply with recordkeeping requirements. This would replace what the group characterizes as an unfair “strict liability” standard, under which any retention failure—regardless of intent or mitigation—can trigger enforcement action.
“A failure to retain communications should not create a presumption that the firm’s policies and procedures were not reasonably designed or implemented,” SIFMA writes. Instead, firms that demonstrate good-faith efforts to maintain compliance should be protected from punitive penalties for inadvertent lapses.
For wealth management firms, the implications of SIFMA’s proposal are significant. RIAs and broker-dealers alike are navigating an increasingly complex landscape of digital communication tools—from email and text to collaboration platforms and AI-driven assistants. Each new medium introduces potential compliance risks, and regulators have shown little tolerance for gaps in oversight.
But the cost of total capture is steep. Firms must maintain vast archives of data, much of which holds no regulatory or business value. The process requires sophisticated surveillance systems, frequent audits, and substantial investment in technology infrastructure.
For smaller RIAs, these demands can be particularly onerous. Many rely on third-party vendors for communication monitoring and data storage, but face challenges ensuring those vendors meet regulatory standards. Others have opted to restrict certain communication channels altogether, potentially impacting client service and competitiveness.
SIFMA’s proposal, if adopted, could bring long-awaited relief. Narrowing the scope of required recordkeeping would allow firms to focus compliance resources where they matter most—on interactions that directly influence investment decisions, advice, or transactions. Excluding trivial or non-substantive communications would reduce both data volume and risk exposure.
At the same time, a unified retention period would streamline operations and compliance training. Firms that straddle both brokerage and advisory models could implement a single recordkeeping policy rather than juggling two overlapping systems.
The call for a safe harbor may also resonate with wealth management executives frustrated by the perception that regulators are penalizing intent-free violations. By rewarding proactive governance and good-faith compliance, the SEC could encourage more transparent dialogue between firms and regulators—potentially leading to better overall outcomes for investors.
Still, change is far from guaranteed. The SEC’s enforcement priorities in recent years have emphasized accountability and transparency, particularly around off-channel communications. Regulators may view any reduction in recordkeeping obligations as a step backward.
But SIFMA argues the opposite: that outdated rules undermine both efficiency and investor protection by overwhelming firms with irrelevant data. The association’s message is that effective compliance requires focus, not excess.
“Simplifying and modernizing recordkeeping standards would allow firms to dedicate resources to areas that genuinely enhance oversight and client service,” the group writes.
For the advisory community, the outcome of this debate will shape not only compliance policies but also the client experience. A more flexible regulatory framework could make it easier for advisors to engage clients through preferred channels, adopt emerging technologies, and manage records in a way that aligns with both operational reality and regulatory intent.
SIFMA concludes its letter by inviting further collaboration with the SEC, emphasizing the need for “rules that reflect current practices and technology, while ensuring that future advances in communications are not unnecessarily swept into their scope.”
As firms balance innovation, regulation, and risk management, the association’s proposals offer a roadmap for a more adaptive compliance environment—one that allows advisors to focus less on data storage and more on delivering value to clients.
Whether the SEC responds remains to be seen, but the message from the industry is unmistakable: the rules of the past can’t govern the technologies of today.
