Accurate recordkeeping is one of the core duties of broker-dealers and investment advisers. As the number of electronic records has exploded in recent years, so have the risks of hacks or other malicious acts. FINRA recently settled enforcement actions against 12 of its members, imposing a total of $14.4 million in fines, for their failures to store electronic records in “write once, read many” (commonly referred to as “WORM”) format, as well as other violations of SEC recordkeeping rules. In its press release, FINRA emphasized that the deficiencies affected hundreds of millions of records, and the need to maintain records in the WORM format because “the volume of sensitive financial data stored electronically has risen exponentially and there have been increasingly aggressive attempts to hack into electronic data repositories, posing a threat to inadequately protected records.” This article explores the violations and key terms of the eight separate FINRA Letters of Acceptance, Waiver and Consent (AWCs). See also “FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer” (Dec. 14, 2016).