The Securities and Exchange Commission (SEC) has imposed fines totaling over $1.5 billion on 40 firms for failing to properly store and maintain electronic communications. However, some critics argue that these enforcement actions targeted easy cases.
In a wide-ranging WSJ interview, Gurbir Grewal, who has been serving as the head of the SEC’s enforcement division since 2021, stressed that increased penalties have resulted in certain instances where there have been favorable alterations in people’s conduct. He noted that these cases originated from the SEC’s inability to effectively investigate market misconduct. In a specific instance, the Agency requested certain documents from a broker-dealer, but they were unable to provide them. When the regulators approached their counterparty to address this issue, they produced off-channel communications, revealing that the firm had a problem retaining records. This problem extended beyond a mere technical difficulty; it was indicative of a cultural issue where senior individuals were instructing subordinates to intentionally move communications off-channel.
That situation has now changed. Grewal wouldn’t describe it as going after easy targets; rather, it has had a positive impact on behavior within the markets. The focus is not on obtaining communications related to casual matters like lunch, dinner, or after-work plans. The SEC is specifically interested in business-related communications and the retention of necessary records. By doing so, it can piece together any misconduct and prevent individuals from evading their responsibilities or using methods like ephemeral messaging or off-channel communications.
This topic has gained significant attention in conferences. He noted that various vendors offer mobile message archiving solutions, and people are paying more attention to the issue. There has been a shift in tone from the top, and training practices have changed. This represents a significant improvement compared to over two years ago. In Gruwal’s experience working in enforcement, both the SEC and elsewhere, he hasn’t seen an initiative with such wide-reaching positive impact on the behavior of registrants.
Limitations on enforcement of off-channel communication
Grewal noted that hopefully, as the SEC interacts with people and communicates its message, it becomes clear that the desired changes have taken place. They have already seen evidence of this, as policies, procedures, and tools have been modified, and some instances of self-reporting have occurred. Consequently, he doesn’t anticipate the same level of enforcement going forward.
However, it’s important to note that examinations have placed a priority on this issue. If firms have not addressed their policies, procedures, or the matter in general, enforcement will continue in those cases. Furthermore, penalties may be even more severe due to the fact that they have been previously alerted to the issue. If the SEC comes across similar gaps to those that led to the previous enforcement actions during its document requests, they would likely recommend higher fines and penalties.
To summarize, there are still areas that require further investigation. However, he hopes to see increased compliance and more instances of self-reporting, leading to a decrease in enforcement efforts. In cases where the SEC does take enforcement actions, you can expect to see harsher penalties if firms have not rectified the situation.
Advice for compliance officers
The key lies in ensuring that your policies and procedures are tailored to your specific organization rather than relying on generic, one-size-fits-all approaches. It is crucial to educate yourself about the risk areas by reviewing the SEC orders as well as those issued by other regulators. Engaging with individuals across different business lines will help you understand the risks specific to your organization. Execute your plans effectively and make sure the message gets across to all employees in your organization. Also, individuals in positions of leadership should set the right tone at the top.
If you focus on education, engagement, execution, and enforcement, you will be on the right path to compliance, according to the SEC.
DOJ Whistleblower Dependence
Meanwhile, the U.S. Attorneys Southern District of New York has launched a parallel Whistleblower Pilot Program designed to encourage early and voluntary self-disclosure of criminal conduct by individual participants in certain non-violent offenses. In exchange for such self-disclosure and cooperation, the Department of Justice will enter into a non-prosecution agreement where certain specified conditions are met, including, importantly, the condition that the Government was not previously aware of the criminal conduct that is the subject of the disclosure. By providing clarity on the requirements and the benefits of such self-disclosure, we seek to incentivize individuals (and their counsel) to provide actionable and timely information. That will, in turn, help us bring more misconduct to light and better protect the communities we serve.
Off-Channel Communication Challenge
FINRA, in its 2024 Annual Regulatory Oversight Report addressed the related concern of firms’ supervision and retention of off-channel communications. The organization uses a risk-based approach to review how firms capture, surveil and maintain business-related communications. Because off-channel communications occur on non-firm platforms or devices, there is an increased risk that they are not maintained and preserved as part of the firm’s books and records. Recognizing this as an area of SEC focus, the organization pledges to share any helpful observations or effective practices that may emerge from its risk-based reviews of member firms’ practices related to off-channel communications when assessing whether their supervisory systems and compliance programs are reasonably designed to capture, supervise and maintain off-channel communications.
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements: