Democratic presidential candidate Hillary Clinton violated federal records rules through her use of a private email server while she was secretary of state, a State Department audit has concluded.
"At a minimum, Secretary Clinton should have surrendered all emails dealing with Department issues before leaving government service," says an audit by the State Department Inspector General, obtained by NBC News.
"Because she did not do so, she did not comply with the [State] Department's policies that were implemented in accordance with the Federal Records Act."
The audit found that the non-compliance over personal email went beyond Clinton, and that former Secretary of State Colin Powell, a Republican, also failed to preserve government-related emails when he was secretary of state.
More from NBC News:
First read: The 2016 urban-rural divide
Albuquerque cops injured as anti-Trump protests turn violent
New Taliban leader has issued fatwas justifying terrorism
The State Department asked Powell to try to receive relevant emails from his internet provider, but "as of May 2016 the Department has not received a response" from Powell, the audit said.
But the findings on Clinton are sure to reverberate through the 2016 presidential campaign. The State Department's auditors challenge some of the fundamental assertions Clinton has been making about why her use of personal email for government business was not improper.
A federal law requires the preservation of government records, and Clinton has said that since most of her emails were sent to people on the State Department system, she was complying.
But the audit says that "sending emails from a personal account to other employees at their Department accounts is not an appropriate method of preserving any such emails that would constitute a federal record."
Clinton has also said her use of a personal email server did not violate the rules at the time.
The audit says that none of the senior State Department officials in charge of information security were asked to approve Clinton's email arrangement. They would not have done so if asked, they said, according to the audit.
"It is clear that the Department could have done a better job preserving emails and records of Secretaries of State and their senior staff going back several administrations," the State Department said in a statement. "We also acknowledge the report's finding that compliance with email and records management guidance has been inconsistent across several administrations."