Dance Like No One is Watching, Text Like Your Words Will Be Published on the Front Page: The Importance of Internal Compliance with FINRA and Text Message Production

Key Takeaways:

• Following a trend of continued enforcement, the Financial Regulatory Authority (FINRA) settled with Benjamin Edwards, a broker-dealer firm, for the firm’s failure to properly store and produce company-related text messages.
• As FINRA continues to penalize companies for failing to properly store or preserve electronic company communications, the importance of implementing, communicating and following internal storage and retention policies and procedures remains prevalent.
• Companies should review and revise their internal policies and procedures to ensure compliance with FINRA regulations and move to end-to-end encryption-based messaging channels to protect confidential information. However, if a company believes its practices have violated FINRA’s regulations, self-reporting is encouraged, and may result in a lower fine than if the issue was not reported.

Earlier this month, Benjamin Edwards, a broker-dealer firm, agreed to a censure and to pay a $750,000 fine for failing to properly supervise and preserve its employees’ business-related text messages.[1] Recently, the topic of producing text messages has been prominent in the news when Taylor Swift and Blake Lively’s text messages were published after they were produced in discovery for Blake Lively’s lawsuit against Justin Baldoni. Likewise, employees’ business-related text messages may be subject to discovery. While few corporations have the clickbait powers of the aforementioned pop star, no company would wish to test that theory should their employees’ messages be produced. Even if not published, the possibility of legal exposure, involving either the failure to preserve or the content of business messages themselves, should give companies pause to consider their compliance with internal preservation policies and procedures. No company wants to be the subject of an embarrassing headline or end up as a cautionary tale.

What is FINRA?

FINRA is a not-for-profit organization registered with the Securities Exchange Commission (“SEC”) that requires broker-dealer firms to comply with regulations designed to protect investors and the security market.[2] Together with the SEC, FINRA requires broker-dealer members to follow various reporting and disclosure requirements.[3] Under Securities Act Rule 17a-4(b)(4), broker-dealers must retain originals of all communications received and copies of all communications sent for at least three years if the communications relate to “business as such.”[4] During the first two years of this three year period, the communications must be stored in an easily accessible place.[5] Depending on the nature of the records, however, the Securities Exchange Act can require preservation for up to six years.[6] Generally, the Investment Advisors Act applies a five year preservation period.[7] While FINRA does not prohibit using personal devices for business purposes, should a company allow this method of communication, their employees are still required to comply with the Securities Exchange Act’s retention policies.

What did Benjamin Edwards Do?

Benjamin Edwards’s internal policy prohibited employees from texting for business communication purposes.[8] Despite this regulation, according to FINRA, Benjamin Edwards had “no process or procedures, written or otherwise, for monitoring for compliance with its text message policies.”[9]

FINRA’s investigation stemmed from review of a 2022 arbitration award. In 2017, Benjamin Edwards faced arbitration regarding the firm’s recruitment of representatives from a different firm.[10] During this arbitration, Benjamin Edwards faced an $18.2 million judgment and incurred sanctions twice: first, for failing to produce ordered documents; and second, for producing some, but not all, required text messages.[11]

While Benjamin Edwards improved its text message compliance procedures in 2023 with better training, monitoring systems, and communications surrounding text message preservation, it still agreed to settle for $750,000 with FINRA for its past deficiencies.[12]

What Does This Mean?

Benjamin Edwards is one of several recent examples of the SEC and FINRA’s enforcement actions for improper record keeping. Earlier this year, nine investment firms and the three broker-dealers agreed to pay the SEC a combined $63 million for improper record keeping.[13] Notably, because one firm self-reported a violation to the SEC, it paid significantly less than the other firms.[14] This type of enforcement follows a similar pattern from 2024 where the SEC announced similar improper record keeping charges brought against twenty-six broker-dealer firms that settled by paying a combined fine of $390 Million.[15] Again, the firms that engaged in self-reporting faced lower monetary penalties.[16]

Preserving records poses an additional challenge when companies employ the use of ephemeral messaging application data. Ephemeral messaging applications, like Slack, Microsoft Teams, Signal and WhatsApp, place the ability to control automatic and timed message deletion features in the hands of platform users.[17] Failing to use these platforms admittedly places companies behind the technological curb; but failing to follow preservation requirements undermines client trust and can result in economic and reputational harm.

When it comes to text and ephemeral messaging, clients should consider:

• Reviewing and revising internal recordkeeping policies to reflect emerging technology and changing regulatory landscapes, and ensuring the proper procedures for compliance are distributed and enforced.
• Choosing a secure method of communication that provides end-to-end encryption, implementing proper preservation methods to avoid inadvertent or intentional deletion of documents that should be preserved, and training employees accordingly.
• If your company has a “bring your own device” policy, ensure that employees’ use of ephemeral messaging adheres to your company’s internal preservation policies.
• Monitoring compliance with your company’s preservation guidelines and enforcing internal disciplinary actions if internal procedures are not followed.
• Consulting with counsel to determine whether self-reporting makes sense if a violation occurs, as it may result in less of a financial penalty.

As with prior federal enforcement initiatives, early issue identification, disciplined corrective action, and well-documented compliance decision-making remain the most effective tools for mitigating exposure in a heightened and more centralized enforcement environment.

Benesch’s White Collar, Government Investigations & Regulatory Compliance Practice Group continues to monitor these developments and advises clients on proactive compliance reviews, audit response strategies and enforcement preparedness.

If you have questions about how these rules may affect your organization or would like assistance assessing specific risk areas, Benesch is here to help.

To read more on the topic of proper preservation procedures amidst ephemeral messaging applications, please refer to Benesch’s previous client bulletins: Mixed Messages: The Salt Typhoon Encryption Debacle and Staying Ahead of the Curve: Adapting to Evolving Cyber Regulatory Enforcement.

[1] Sarah Jarvis, Broker-Dealer Fined $750K Over Text Message Recordkeeping, Law 360 (Feb. 2, 2026), https://www.law360.com/whitecollar/articles/2437027/broker-dealer-fined-750k-over-text-message-recordkeeping.

[2] FINRA, What it Means to Be Regulated by FINRA, FINRA (Apr. 22, 2024), https://www.finra.org/investors/insights/regulated-by-FINRA.

[3] Id.

[4] FINRA, Books and Records, FINRA, https://www.finra.org/rules-guidance/key-topics/books-records#overview.

[5] Id.

[6] Marisa T. Darden, et al., Staying Ahead of the Curve: Adapting to Evolving Cyber Regulatory Enforcement, Benesch Law (Sept. 24, 2024), https://www.beneschlaw.com/wp-content/uploads/2025/07/Staying-Ahead-of-the-Curve.pdf.

[7] Id.

[8] Jarvis, supra note 1.

[9] Id.; Leo Almazora, FINRA fines Benjamin Edwards $750k over text message failures, InvestmentNews (Feb. 3, 2026),  https://www.investmentnews.com/regulation-legal-compliance/finra-fines-benjamin-edwards-750k-over-text-message-failures/265112.

[10] Jarvis, supra note 1.

[11]Id.  

[12] Id.

[13] Press Release, U.S. Securities and Exchange Commission, Twelve Firms to Pay More Than $63 Million Combined to Settle SEC’s Charges for Recordkeeping Failures (Jan. 13, 2026), https://www.sec.gov/newsroom/press-releases/2025-6.

[14] Id.

[15] Press Release, U.S. Securities and Exchange Commission, Twenty-Six Firms to Pay More Than $390 Million Combined to Settle SEC’s Charges for Widespread Recordkeeping Failures (Aug. 14, 2024), https://www.sec.gov/newsroom/press-releases/2024-98?utm_medium=email&utm_source=govdelivery.

[16] Id.

[17] Marisa T. Darden, et al., Mixed Messages: The Salt Typhoon Encryption Debacle, Benesch Law (Jan. 7, 2025), https://www.beneschlaw.com/insight/mixed-messages-the-salt-typhoon-encryption-debacle/.