Put Down Your Phone: How Official Communications on Private Networks are Posing Compliance Problems

12 months ago 35

By: Griffin Wray With the ever-increasing use of personal phones, social media, and email, particularly since the COVID-19 pandemic, financial firms are repeatedly and inadvertently violating regulatory recordkeeping requirements. Because employees are discussing official business on private channels, the...

By: Griffin Wray

With the ever-increasing use of personal phones, social media, and email, particularly since the COVID-19 pandemic, financial firms are repeatedly and inadvertently violating regulatory recordkeeping requirements. Because employees are discussing official business on private channels, the SEC, CFTC, FINRA, and other regulators have issued numerous fines and warnings regarding the use of those unofficial channels for official business communications.[1] In a single instance in 2022, the SEC levied fines against sixteen banks that totaled $1.1 billion.[2] And in 2023, 11 firms were fined a total of $289 million for violations stemming from employee communications about business on iMessage, WhatsApp, and Signal.[3] However, given the stringency of recordkeeping requirements, those communications being penalized can be as simple as emojis sent in reference to business transactions.[4]

Financial firms are by law required to maintain strict recordkeeping of all electronic business communications.[5]Those requirements, however, arise from laws and regulations passed long before the advent of instant messaging and emojis.[6] The result of those recordkeeping requirements is essentially a minefield of potential fines that financial firms must navigate by avoiding what is known as off-channel communications.[7] Particularly challenging is the lack of clarity on what falls within the purview of SEC enforcement, even as the SEC takes a broad view of what counts as an off-channel communication.[8]

To keep up with these requirements, firms must maintain strict compliance policies that either capture every business communication or bar them on unofficial channels, and will likely have to expand their coverage to previously untouched channels like video calls.[9] To do so, they hire private compliance firms who track employee communications and advise on a firm’s compliance program, utilize software to catalog communications on official channels, and promulgate their own compliance standards and training.[10]

The challenge faced by businesses is the limit to which their oversight extends. Compliance programs and software can only capture official communications, not private texts and messages on apps between employees.[11] Thus, a multi-faceted response from both businesses and regulators is needed to avert further fines. From the latter, definitive guidance must be issued regarding what is and is not an off-channel communication. If something as simple as a cash emoji privately texted between two employees after a successful deal can incur the wrath of the SEC, businesses must know so they can advise their employees accordingly. The SEC and other regulators must step up by promulgating rules interpretations that clearly define what situations, types of messages, and forms of communication qualify for recordkeeping in accordance with 17 C.F.R. 240a-4 and other provisions of the Exchange Act of 1934.

As for the businesses themselves, greater efforts must be made to stress such dangers to their employees. Aside from a vigilant compliance team and the use of private compliance advisers, firms must engrain a zero-tolerance mindset in their employees. Further, although perhaps not practical for all firms, issuing company-owned cellphones that automatically archive employee communications could help mitigate the risk of off-channel communications. It is easy to off-handedly send a text or private email related to a business matter when an employee uses a single device for both private and official communications. Having a company phone would help erect a wall between those communications. Otherwise, the financial world will continue to rack up billions of dollars in fines over innocuous texts and messages.

[1] Matthew Goldstein & Emily Flitter, Texting on Private Apps Costs Wall Street Firms $1.8 Billion in Fines, New York Times, (Sept. 27, 2022), https://www.nytimes.com/2022/09/27/business/banks-fined-texting-sec.html.

[2] Id.

[3] SEC Charges 11 Wall Street Firms with Widespread Recordkeeping Failures, Exchange Act Release No. 2023-149, (Aug. 8, 2023), https://www.sec.gov/news/press-release/2023-149.

[4] Mengqi Sun, Wall Street Regulators’ New Target: Emojis, Wall Street Journal, (Jun. 29, 2023), https://www.wsj.com/articles/emojis-wall-street-regulators-finance-finra-5bbf5688; see also 17 C.F.R. § 240.17a-4(f), (j) (specifically addressing electronic records in subsection (f) and specifying in subsection (j) that firms subject to SEC oversight “must furnish promptly … legible, true, complete, and current copies of those records of the member, broker, or dealer that are required to be preserved under this section”); FINRA Rule 4511 (requiring members to comply with SEC rules and other FINRA requirements).

[5] SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures, Exchange Act Release No. 2022-174, (Sep. 27, 2022), https://www.sec.gov/news/press-release/2022-174.

[6] Id.

[7] Latest Wave of SEC Off-Channel Communications Enforcement Actions: Five Takeaways, Sidley Austin, (Oct. 4, 2023), https://www.sidley.com/en/insights/newsupdates/2023/10/latest-wave-of-sec-off-channel-communications-enforcement-actions-five-takeaways (defining off-channel communications as communications between employees on unofficial channels about business matters, such as private messaging apps and texts).

[8] Id.

[9] Sinead Cruise, WhatsApp clampdown highlights video call compliance threat for finance firms, Reuters, (Oct. 18, 2023), https://www.reuters.com/technology/whatsapp-clampdown-highlights-video-call-compliance-threat-finance-firms-2023-10-18/, (explaining that while video calls are currently subject to little to no formal recordkeeping requirements, regulators will likely soon begin to penalize firms for compliance violations over video calls).

[10] Larry Shumbres, What to Know About SMS Archiving and Compliance Options, NASDAQ, (Jan. 4, 2023), https://www.nasdaq.com/articles/what-to-know-about-sms-archiving-and-compliance-options

[11] Mengqi Sun, Texting: Wall Street’s Latest Dilemma, Wall Street Journal, (Oct. 31, 2023), https://www.wsj.com/articles/texting-wall-streets-latest-dilemma-6f89c5fd?mod=regulation_more_article_pos1.

 


View Entire Post

Read Entire Article