The energy trading industry is among the most tightly regulated ones in the world.
The US especially keeps a tight rein on energy traders with two watchdogs, the Commodity Futures Trading Commission (CFTC) and the Federal Energy Regulatory Commission (FERC) that have sweeping powers.
In a bid to closely regulate the market behavior of the trading companies, they have been increasingly upping the heat on entities accused of fraudulent activity or shortcomings in reporting per the Commodity Exchange Act, the Federal Power Act, and the Natural Gas Act.
Case in point, the CFTC announced via a press release in late 2022 that it had levied fines worth $75 million on a unit of Citi for failing to comply with the regulator’s requirements of maintaining, preserving, supervising, and being able to produce the communication records of matters related to business conducted by CFTC registered professionals.
Unsurprisingly, global regulators have followed suit. UK’s Office of Gas and Electricity Markets (Ofgem) led the charge, levying a first-of-its-kind penalty of $6.8 million on a Morgan Stanley unit for lapses in WhatsApp compliance, as the company didn’t maintain encrypted messages about business sent by its traders.
Uncovering the reasons behind compliance lapses by energy trading companies
The fact that the agencies have the power to bring serious civil and criminal penalties means that energy trading companies can’t afford to treat communications compliance as an afterthought.
But despite the best efforts of compliance teams, violations, like wechat cftc, may slip through the cracks due to:
Post-pandemic trends, including remote work
Given that remote energy traders are far from the scrutiny of the company networks, they may be prone to using unauthorized instant messengers, email accounts, or devices for communication.
The biggest challenge here is that the company may not even be aware of ongoing recordkeeping violations because the employees are using personal devices instead of company-issued laptops or phones that contain monitoring software. Consequently, there could be employees knowingly or otherwise communicating sensitive information, such as trade secrets, customer identification, and transaction-related details (volume, price, etc.,) unsafely.
Lack of effective policies and enforcement
Even with employees using devices that have systems in place to facilitate regulator-mandated WhatsApp archiving and other monitoring activities, there may still be gaps in the compliance process. Usually, this manifests in the form of employees using BYOD (Bring Your Own Device) phones and apps installed on them,
When companies have accounted for employee devices with policies on how to use them in a compliant manner and captured messages sent via those devices with a network archiver, there can still be challenges when policies aren’t enforced. Essentially, there is no point in capturing non-compliant messages without penalties, such as suspensions.
Additionally, energy trading companies need to implement clear policies when it comes to how long messages are to be retained, how to report a potentially non-compliant message of a co-worker, what process to follow when a message is accidentally deleted or edited, etc.
Most importantly, the policies need to be documented and made available to employees via easy-to-follow training sessions.
Shortcomings in access control and audit trail
It is mission-critical for companies to control who has access to their text message archive. Unauthorized personnel can end up modifying or deleting parts of the retained communication, leading to the cover-up of even serious offenses, like insider trading. As a result, companies engaged in energy trading have the responsibility to invest in systems that maintain an audit trail of who sent the message, who made modifications / viewed it, etc.
Crucially, the communication compliance system needs to have in place measures to also capture context, such as the time and date of sending or receiving the message and the numbers through which the conversation happened. Energy trading firms can leverage this crucial capability to filter out messages by keywords and other specifications for internal investigations or complying with an audit from regulators.
Lack of continuous review of the archived communication
Notably, even if you have in place communication monitoring solutions designed to pick up on the passage of sensitive information via chats, there is the possibility it may miss out on instances of violations, such as the energy trader asking the recipient of the message to transfer to another mode of communication where the problematic exchanges happen.
So, the need of the hour is for compliance teams and management to perform a comprehensive review of the information captured via their WhatsApp text archiving /other monitoring systems, emphasizing closer scrutiny of past policy violators. Ensure there are specific compliance personnel assigned to review the archived communication along with backup team members in place to take on the responsibility in case of the reviewer’s absence.
Not adapting to new communication technology
Firms regulated by the SEC have already swung into action to record employee video calls, knowing that regulators’ ever-increasing retention requirements may soon end up meaning that financial firms could land in hot water over files or messages shared via video calling platforms, including Slack, Zoom, WeChat, and WhatsApp.
Since there is no telling what employees might share over an unsupervised channel, it is recommended to retain communication happening via these apps as well.
Conclusion
Compliance teams tasked with reining in violations by energy traders have their task cut out; along with clear policies, penalties for non-compliance, periodic training, and review, they need to employ an archiver, like TeleMessage that can retain employee communication in a tamper-proof manner with SOC 2 level security.
With the solution protecting the company’s network of choice from messages going unsupervised by creating a copy of each interaction, energy trading firms can rest assured they are audit-ready. It is worth mentioning the communication is time-stamped to ensure clarity on the date it was sent and received.
The messages can be retained for the full retention period recommended by the CFTC, which is five years, in an easily accessible manner, albeit with tight access controls and data security. Contact us for a demo of the network archiver, the most crucial piece of the communication compliance puzzle, and become audit-ready.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
