Keeping of Records

Since the Enron incident, regulators have paid more attention to the problem of destroying internal documents by a charged firm. Emails are obviously under the spotlight.

NASD has recently charged Morgan Stanley for the following:

• Morgan Stanley failed to provide emails before 11 Sep 2001 to arbitration claimants and regulators in numerous proceedings from Oct 2001 to Mar 2005.
• Morgan Stanley falsely claimed in many of those proceedings that such email had been destroyed in the 911 terrorist attacks on World Trade Centre, where its email servers were housed. In fact, Morgan Stanley possessed millions of pre-911 emails that had been restored to its system shortly after 911 using back-up tapes. Many other emails were maintained on individual users’ computers and were therefore never affected by the attacks, yet Morgan Stanley often failed to search those computers when responding to requests.
• Morgan Stanley later destroyed many of the emails it did possess, in two ways – by overwriting backup tapes that had been used to restore the emails to the firm’s system and by allowing users of the firm’s email system to permanently delete the emails over an extended period of time.

In HK, SFC has issued the S&F (Keeping of Records) Rules, which is however mainly covering the financial, transactional and operational records. It is unclear if destroy of emails by HK licensed firms is a regulatory breach. But SFC may still discipline a firm for such act by using the last weapon - General Principle 2 of the Code of Conduct - Diligence.