Compliant Texting and Chatting Guide for Financial Firms

Executive Summary

Texting is the most preferred communication channel for many people. Research conducted by Gallup has found out that Americans under the age of 50 prefer text messaging to all other communication channels. With the advent of instant messaging apps like WhatsApp and WeChat, texting has received increased vigor. Another study done by Common Sense Media has revealed that teenagers prefer texting friends or chat with them online than meeting them face-to-face. Texting and chatting provide a lot of advantages for financial firms, but they also come with a lot of compliance risk. It is important to understand the risks involved in texting for business communications and takes adequate measures to make sure that you are following compliant texting and chatting strategy.

This whitepaper provides:

• An overview of the regulatory and legal risks involved in using text and chat messages for business communication
• An outline of the relevant regulations associated with digital communications
• Best practices and a checklist for financial firms on using text message for business communication
• A detailed overview of what a financial firm must do to make sure that it is complying with all the regulations.

Regulatory and Legal Risks

Many financial firms are allowing their employees and representatives to use text messaging for their business communication. Firms are realizing that the use of texting and instant messaging apps are making the workforce more efficient. However, it is important to enabling employees to text compliantly so that your firm doesn’t end up on the wrong side of the law. Texting and the use of instant messaging apps like WeChat and WhatsApp are subject to regulations and enforcement by government regulators.

Securities and Exchanges Commission (SEC) and Financial Industry Regulatory Authority (FINRA) require all text messages (and other electronic communications) used for business communication purposes to be archived and to be open to supervision if required. These regulations stipulate that you record mobile messages and monitor phone calls that are used for business communication.

During e-discovery or litigations, courts may order the production of text messages used for business communication. Such text messages are considered relevant information and hence financial firms must consider how to archive and reproduce text messages, including those sent over instant messaging apps like WeChat and WhatsApp. Failure to retain and preserve text messages used for business communications and to produce them when courts order them to be produced can land a financial firm in a legal mess.

If a financial firm is unable to manage its text messaging channels and it is incapable of doing WhatsApp archiving, WeChat archiving and the recording of mobile messages, then it could be charged on its failure to produce data regarding business communication ordered by the courts.

Relevant Regulations

FINRA Regulatory Notices 10-6 and 11-39 remind firms of their obligation to retain records of digital communications that relate to their “business as such” as required by Rule 17a-4(b) (4) under the Securities Exchange Act of 1934 (SEA).

For compliance, firms are advised to keep all the records of their business communications, including archiving of text messages. Hence, financial firms that allow their employees and other representatives to use text messages and chat messages for business communication must retain records of these business communications as per FINRA and SEC rules.

With the use of text messaging and chats through instant messaging apps for business communication, the regulators want financial firms to train and educate their employees and other representatives, the distinction between personal communication and business communication and the imperative of archiving and producing if required, all business communication.

Significant Cases of Fine Imposed

FINRA is quite serious about their compliance rules and has imposed fines on many financial firms for violations of text archiving regulations. Non-compliance is not always about fines, but FINRA has imposed more punitive measures including suspension of firms from associating with any FINRA member.

• In 2018 FINRA issued a fine of $5,000 and suspended a broker from associating with any FINRA member for 30 days, after finding out that the broker engaged in unapproved securities-related communications with two customers via text message, violating the firm’s WSP.
• In March 2017, FINRA penalized two firms for their failure to comply with FINRA Supervision Rule 3110. In both cases, the reason for the penalty was that the firms failed to conduct and document review of its electronic communications in a thorough and timely manner. One of the firms was fined $125,000 and the other firm was fined $120,000.
• Puma Capital was fined $5,000 and was suspended from associating with any FINRA member for 10 business days as the broker used unapproved text messages and personal email accounts for business communication.

Read FINRA Enforcement Update – Broker Fined Again for Violating Text Messaging Regulations.

What Financial Firms Must Do

Using text messages and chat messages for business communication is a highly rewarding measure for the financial industry. But not complying with the rules set by regulatory agencies like FINRA and SEC could be really damaging to your business with the steep fines and other penal measures. It is important for financial firms to be compliant and must put systems in place to record mobile messages including WeChat archiving and WhatsApp archiving.

1. Draft a text messaging compliance policy: You need to create a comprehensive text messaging compliance policy for your business communication in simple language and by noting relevant examples to address the compliance risks associated with using text messaging and usage of instant messaging apps. Your policy must contain the following.

• Convey the importance of texting – You must start your text messaging policy by pointing out the importance you give to text messaging as a business communication tool. You must clearly mention the value you give to the business opportunities that texting would provide to your business and the role your employees and other representatives play in it.

• Reiterate company values – The text messaging compliance policy is a great place to reiterate your company values to your employees and other representatives. Explain your brand values to your advisors and explain the message tone and language expected in the text messages sent by them.

• Communicate trust – You need to communicate with the employees that you are entrusting the firm’s reputation and confidential information with them. Give them clear guidelines on what proprietary information must not be shared with the clients.

• Preferred hardware – You have to specifically mention the preferred mobile hardware that could be used for business communication in your financial firm so that you are compliant with the rules and regulations. Do you prefer an iPhone? If yes, do you have a mandated iPhone series? Or is your firm open to the use of multiple types of phones? You have to be specific about the types of business communications that would be archived. You should also mention the technology or tool you are using to capture and archive business communication. Be transparent about the place where you are going to archive business communication.

• Preferred mobile carrier – Mention the mobile carrier and the plans your firm prefers for business communication. It has a direct impact on the mobile messaging compliance strategy that you will follow. You have to check with the mobile carrier about the Mobile Device Management capabilities they have. With a mobile carrier that has specific capabilities in providing tools for managing mobile device security, your e-discovery team can respond effectively with e-discovery, litigation and regulatory events.

• Centralized enterprise archive for all enterprise communication – Various regulations make it imperative for financial firms to record and archive mobile communications and be compliant. Decide on the centralized enterprise archive solution you will use to record and archive all your enterprise communication. You must also intimate all your employees, advisors and third-party vendors about the centralized archive solutions you are using to record and archive business communication.

2. Set guidelines for text messaging: Text messaging done correctly as a tool of business communication can be very effective and can make your clients happy and informed. However, text messaging done wrongly could be spammy and could put you at risk of legal action. Your text messaging policy must address every aspect of text messaging.

• Get permission before you text – For text messaging your client, you must get her opt-in first. It is the most important step to make sure that your text messaging is compliant with all the existing federal regulations. If you don’t get the opt-in from the client initially, you are at risk of getting labeled as a spammer, which might put you into legal trouble in the future. Clients must explicitly provide their consent and just entering their mobile number doesn’t constitute consent. When you first send your message, you must send an opt-in confirmation message. If you plan to continuously send messages to clients, you must also give an option for the client to opt-out, with clear instructions on how to do it. It is also your responsibility to remind the customers from time to time that they are still enrolled.

• Honor opt-outs – You need to honor opt-out choices made by your clients and you have to acknowledge the opt-outs by each client. Not doing it could make you a potential target of legal action. It is acceptable to ask for the reasons for the opt-out, but that option must not be made mandatory. It is the prerogative of the client to decide whether she wants to open up on her reason to opt-out.

• Set expectations about the frequency of text messages – You must let your clients know how often you will send them messages. You must share with them the approximate numbers and must make sure that you are sticking to that number consistently. You can set auto-replies to the messages that clients sent and can save your time and effort on replying to frequently asked questions.

• Call-To-Action – While you request the phone number of a client, you must clearly mention the reason why you are requesting their number and you should tell them exactly what they are signing up to receive. The Call-To-Action (CTA) must be clearly visible in the message, which is a very important step in being compliant with the rules.

• Send only relevant info – Never message your client about irrelevant or personal information. Every message you send must be relevant and high-quality financial information that adds value to the client. If you send irrelevant messages, you may be considered a spammer and you may be at risk of legal actions against you.

• Convey to customers and employees that their communications are recorded and archived – It must be clearly conveyed to your customers as well as your employees that all their business communications are recorded and archived for regulatory purposes.
  

3. Establish a compliance team: You need to create a compliance team bringing together all stakeholders, including your employees, other representatives and your third-party vendors.

• Advisors – Financial advisors are at the forefront of meeting with the clients and communicating a firm’s value proposition. Advisors must know what are they allowed to communicate and what they aren’t. As an advisor, you are allowed to have a 1-on-1 conversation with a client, share information about account balance and performances and can text a single message to multiple clients. However, you are not allowed to send non-approved promotional information, give financial recommendations without including your disclosures and you are not allowed to share your speculations on account or fund performance.

• IT team – A financial firm’s IT team has an onerous task at their hands with regulatory rules and their compliance. All business communication through text messages must be kept in a searchable format that cannot be tampered with. They must also make sure that those records are not deleted, destroyed or disposed of by anyone deliberately or accidentally. They must also make sure that those messages are readily available during e-discovery or during any litigation procedures to meet deadlines.

• Regulatory team – The regulatory team in a financial firm must make sure that all business communication through text messaging is compliant and is safely archived at all times. Firms can no longer give the excuse of not retaining and archiving text messaging or performing oversight of text messaging.

• Third-party vendors – Financial firms that outsource any part of their business communication to third party vendors must clearly communicate their text message compliance policy, lest they make mistakes and not archive or retain text messages that give out business information.

4. Determine your mobile device policy: You have to capture and record mobile messages and follow WeChat archiving and WhatsApp archiving best practices to comply with text messaging regulations. For the effective implementation of the policy, you need to decide your mobile device policy, including whether to follow BYOD (Bring Your Own Device), COPE (Company Owned Personally Enabled) or CYOD (Choose Your Own Device).

• BYOD – When you follow the BYOD (Bring Your Own Device) policy, on the personal phone of the advisor you can use an over-the-top (OTT) application, whereby a new virtual number could be provided for business communication. The messages sent through this virtual number can be captured and can be archived on the firm’s comprehensive archive for business communication.

• COPE – Following the COPE (Company Owned Personally Enabled) policy means your archiving provider is directly connected with the mobile carrier’s network and messages from any phone can be archived without installing an additional application on the phone. iPhones and most other smartphones can be supported while using the COPE policy.

• CYOD – When you follow the CYOD (Choose Your Own Device) policy, the firm either owns or pays for the device. Alternatively, the employee can own the device, but the financial firm provides a device stipend for the employees. The firm can choose an archiving provider that partners with major mobile carriers. By following the CYOD policy, a firm can archive business communication through text messaging by not installing an OTT application on the mobile devices of employees. For being compliant, firms can also prohibit employees from using the device for personal purposes as well.

5. Train and educate teams: Widely distribute your policy among all your stakeholders and give adequate training to all employees and executives who use text messaging for business communications. They must be educated on the do’s and don’ts of text messaging and about the fines and other punitive actions that could be taken against them and the firm by regulators if they violate the laws and regulations.

• Emphasize the importance of honesty and integrity – Educate advisors on the importance of honesty and integrity and emphasize that their text communications with the clients would reflect on the company and its reputation. Train them on the importance of complying with the regulations in the financial industry. Messages must not be sent with the intention of manipulating the clients into buying a product or service. According to FTC Endorsement Guides, financial incentives must always be disclosed.

• Prohibit harassing statements – It is important to strictly prohibit advisors from using harassing or libelous statements against the clients. Such a situation would put both the advisor and the firm at legal risk. Explain in simple terms the definitions of defamation, harassment and libel to all advisors and other representatives.

• Give examples of proper text responses – Explain with proper examples the kind of responses your firm expects from advisors to give clients to various commonly asked questions. Emphasis the fact that the responses given by the advisors have potential legal consequences and hence must be compliant with rules and regulations. Never respond to a client with retaliatory or abusive messages. Defensive behavior from the advisors reflects poorly on the brand image of the firm, not to mention its legal implications.

• Educate and train advisors on state and federal regulations – Federal laws and state laws regarding mobile text archiving and calls are different. Consumer protection laws also provide a lot of variety. A financial firm must educate and train its advisors and all other employees about the different applicable laws and about the need to comply with all those regulations.

• Teach advisors the importance of protecting sensitive data – Educate the advisors on how to handle personally identifiable data and sensitive data as such data must never be texted. Data security laws and privacy laws mandate due diligence when handling sensitive data. Train them on state privacy regulations, international privacy regulations, FINRA, TCPA, Gramm-Leach-Bliley, SEC Regulation, Regulation FD (Reg FD) and Sarbanes-Oxley laws.

• Emphasis on the importance of respecting intellectual property rights – Trademarks and copyrights are important factors in business communication in the financial industry. You must stress the importance of respecting intellectual property rights as well as copyrights and trademarks while texting for business communication. Not respecting intellectual property rights is legally risky for the individual advisor as well as the financial firm.

• Explain the consequences of violating the policy – List out the consequences that an advisor would face on violating the company policy on text messaging for business communication. The situations when advisors would be held responsible and the situations when the firm will decide to terminate the advisor must be explained in detail.

6. Share success: Share widely the success stories of advisors who have followed the compliant text messaging policy and reward them for their success.

• Share success stories with all – You can share with all advisors and employees the success stories of individual advisors where they have meticulously complied with the regulations and achieved business success.

• Inform about the failures too – It is also important to communicate with the advisors the stories about how failure to complying with the firm’s policy has resulted in not so favorable results for the firm.

7. Continuously update the policy: Regulations undergo regular updates and hence you must also continuously update your text messaging policies.

• Compliance policy is a living document – Your firm’s text messaging compliance policy is a living document that needs constant updates. State and federal regulations may undergo continuous change and hence it is important for every financial firm to update their text message compliance police on business communications.

• Revisit the policy at least once-a-year – You need to revisit your text messaging policy at least once-a-year and make necessary updates to them. You must also communicate the updates to all advisors and employees.
  

Text Messaging Compliance Checklist

The following checklist will list out the basics of compliance that you have to follow while using texting and chatting for business communication. It is important to check every item and remain compliant with existing rules and regulations.

• While messaging, outline your services – You have to explain in details about your services when you send a text message for the first time to a client. They must be able to know fully what can be expected on signing up for your service. They must be told in unambiguous terms that all communications with them will be recorded, monitored and archived. Clients would appreciate the transparency and it is legally important as well.

• Get express written consent – For sending automated marketing or promotional messages you need the express written consent of the client. If you don’t get an express written consent then put that number in the Do Not Contact (DNC) list.

• Always keep the messages conversational – It is important to keep the conversational style in your messaging of business communication to make sure that you don’t appear spammy. Employees and advisors must always remember though that their conversations are recorded and archived.

• Use texting services that support local 10-digit long codes (10DLC) – It is always sensible to use texting services that use only the local 10-digit long codes. Many carriers don’t support the old five and six-digit shortcodes.

• Use clear Call-To-Actions – Always use clear Call-To-Actions in your text message including the campaign purpose, T&C, frequency of messages, privacy policy and data rates.

• Offer clear opportunities for opting out and honor opt-outs – While you send text messages for business communication, you must definitely include an opt-out for the client to opt-out from your messaging services. As the communications are recorded and archived, clients must be given an easy choice to opt-out of your messages and texts.

• Maintain updated records for opt-in and opt-out – Always update your record with clients who have opted out of your service. Never message again a client who has used the opt-out option. The wishes of the clients who are against recording their communication and hence opted out must be honored.

• Research industry-specific compliance and monitor and follow updates – Regulations on business communications recording and archiving are different for different states in the US and hence you must always check when in doubt about the regulations and compliance policy before texting a client. If you are unsure, ask your legal team about the compliance policy in the financial industry.

About TeleMessage

TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice archiving data storage vendor.

Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:

•  Network Archiver
•  Enterprise Number Archiver
•  Android Archiver
•  WhatsApp Archiver
•  WeChat Archiver

TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.