In the Final Notice 2015: John Joseph Financial Services Limited where the FCA issued a Fine of £20,000 for breaches of PRIN 9, SYSC, COB and COBS related to mis-selling in the investment adviser sector, the FCA states that firms should review their IT regularly.
In this case there were missing and incomplete client records due to faulty IT systems. Interestingly this was highlighted under SYSC 3.2.20R and SYSC 3.2.21G rather than SYSC 9.1 Record Keeping.
In the Record keeping section of the Final Notice….
4.35. SYSC 3.2.20R requires firms to take reasonable care to make and retain adequate records of matters and dealings which are the subject of requirements and standards under the regulatory system. The guidance under SYSC 3.2.21G indicates that firms should retain the records for as long as they are relevant for the purpose for which they were created.
4.36. JJFS relied on electronic and paper-based methods of recording and retaining information about customers, and also relied on personal recollection. In its review of the eight cases mentioned above the Authority found that records were missing or seriously deficient.
4.37. JJFS told the Authority that some records missing from client files had been created or stored in electronic form, but had been lost as a result of an intermittent failure in the firm’s IT systems which had gone undetected over an 18 month period. However, the IT failure did not account for all the deficiencies in JJFS’s records as in some cases JJFS kept paper files. Where this was the case, the paper files were seriously deficient.
4.38. The fact that the loss of electronic client records was either not identified or not remedied for 18 months itself indicates a lack of adequate systems and controls. Firms should review regularly whether their IT systems are functioning correctly where these are used as a means of performing regulated activities and to remedy promptly any defects in these systems.
4.39. In the Authority’s view, JJFS’s approach to client records fell short of the requirements in SYSC 3.2.20R to take reasonable care to make and retain adequate records of matters and dealings which are the subject of requirements and standards under the regulatory system, and did not follow the guidance in SYSC 3.2.21G to retain the records for as long as they are relevant for the
purpose for which they were created.
SYSC 3.2.20R provides: (1) A firm must take reasonable care to make and retain adequate records of matters and dealings (including accounting records which are the subject of requirements and standards under the regulatory system. (2) The records…must be capable of being reproduced in the English language on paper.
SYSC 3.2.21G provides: A firm should have appropriate systems and controls in place to fulfil the firm’s regulatory and statutory obligations with respect to adequacy, access, periods of retention and security of records. The general principle is that records should be retained for as long as is relevant for the purposes for which they are made