In the September 2022 speech and 15-page memo issued by the U.S. Department of Justice’s Deputy Attorney General, Lisa Monaco, she elevated the importance of voluntary disclosure of misconduct and the long-term liability of culpable executives and expanded key concepts in federal corporate enforcement, including “cooperation credit” and “voluntary self-disclosure.”. By announcing this focus on “both individual accountability and corporate responsibility,” she upended deferred prosecution agreements (probationary deals) in which companies pay a fine, admit wrongdoing and agree to improve policies designed to prevent employee misconduct: “By the same token…what we hope is this provides a clear signal, a clear path, for general counsels and chief compliance officers to go in to the board and say, ‘We’ve got to invest in this [compliance].”
And so, 2023 has shaped up to be a landmark year in the US for regulatory crackdowns on communication compliance violations. One of the most shocking of these was the combined $289 million fine that the Securities and Exchange Commission (SEC) slapped on 11 Wall Street firms, including Wells Fargo. The regulators’ sweeping action came in the wake of what it described as “widespread and longstanding failures” when it came to maintaining electronic records.
Making matters worse for the financial institutions, the Commodity Futures Trading Commission (CFTC) has also joined in on the action, levying $260 million worth of penalties on four banks.
But the most fascinating aspect of these crackdowns is the global implications. US regulators over the year didn’t spare even the foreign players, with French banks BNP Paribas and Societe Generale facing the brunt of the wrath, getting slapped with fines of $110 million each.
Authorities’ unwillingness to tolerate regulated companies allowing employees to use unsupervised communication channels, like WhatsApp and Signal has not only sent shock waves throughout the world, but it has also laid the groundwork for regulators across the world embracing the same regulatory playbook.
2023, a whirlwind year for mobile enforcement in the US
Everyone from broker-dealers to investment advisers, who are mandated to undertake call monitoring and record text messages, has come under strict scrutiny, especially since it has become harder for regulators and even institutions to retain messages from encrypted third-party applications. Notably, employees at all levels, including the managers, were guilty of using unsupervised text messages to communicate with market participants and coworkers.
US regulators who have been on the warpath since the infamous $200 million worth of WhatsApp fines for Morgan Stanley employees’ use of unapproved instant messengers have not only continued with severe penalties, but their actions have also brought out some key trends in mobile enforcement that the rest of the world is paying keen attention to.
Focus on iMessage archiving
Earlier in the year, the Financial Industry Regulatory Authority (FINRA) censured Deloitte Corporate Finance LLC along with a fine of $200,000 and required the company to implement a supervisory system to comply with FINRA Rule 4511, which requires companies to “record business-related electronic records, including text messages and phone calls.”
The action was specifically about findings that company personnel’s work-related iPhone messages couldn’t be retained by their third-party archiving system, given iPhones’ end-to-end encryption capabilities.
While the company went on to resolve the issue by blocking the iMessage feature of their employees’ phones and only allowing them to send retainable messages, it is a clear sign that regulators are bringing transparency even to devices or instant messaging platforms renowned for privacy.
Accountability at an individual level for unapproved personal device usage
FINRA, which is responsible for regulating 624,000 broker-dealers across North America, has increasingly shifted its focus on identifying and penalizing individuals evading scrutiny with unapproved mobile messaging solutions.
The reasoning is that in many organizations, people who were tasked with keeping electronic records were using non-compliant ways to communicate about work, leading to a company-wide culture of disregard for industry regulations.
Case in point, FINRA suspended Delaina Sue Kucish, a previously registered investment advisor, from associating with FINRA members for fifteen months. The action, which was taken in June 2023 and included penalties worth $15,000, resulted from the regulator’s findings that the person used a personal phone to send client documents.
Scrutiny on foreign-owned financial institutions in the US
A long list of foreign banks and hedge funds in the US, including KKR, Apollo, and the Carlyle Group were subjected to investigations over the last few months over allegations of shortcomings in recordkeeping. The regulators made it clear that the foreign institutions had to comply with archiving requirements not just in their domestic branches but also in their subsidiaries.
The potential domino effect worldwide from US’ mobile enforcement actions
Since the US has the largest and most powerful financial markets in the world, regulators’ movements to keep it safe and efficient are noticed worldwide.
Undoubtedly, other market regulators across industries and even government bodies that mandate employee archiving will move in with similar levels of crackdowns and enforcement initiatives.
Already, the Prudential Regulation Authority (PRA) in the UK has led the charge, censuring Wyelands Bank Plc, which had no official WhatsApp recordkeeping policies.
Taking things up a notch, the Office of Gas and Electricity Markets (Ofgem) in the UK has fined Morgan Stanley & Co International Plc £5.41 million for not retaining sensitive electronic communication involving energy trades over two years.
In addition to the regulators, the judiciary in the UK has also joined the bandwagon, pressuring the government to produce WhatsApp communication records of public sector employees, including high-profile ones like the present and former Prime Ministers as part of an investigation into the handling of the COVID-19 pandemic.
Additionally, across Europe, regulators have taken stock of the risks of off-channel communication when it comes to market manipulation and the facilitation of insider trading. To curb the latter, the European Securities and Markets Authority has identified the need for enhanced supervision as part of its 2023 – 2028 Strategy.
Meanwhile, BaFin, Germany’s financial regulator, has sought clarification from Deutsche Bank regarding its employees, including top-level management, using private email accounts and off-channel instant messengers to undertake business activities.
While these responses, and the fact that Asian regulators typically have stayed away from hefty fines in favor of charging individual wrongdoers, may seem muted compared to US regulatory action, it is crucial to remember they are just getting started.
Key steps for an approved and compliant mobile communication policy
A comprehensive policy addresses:
- the issues of employees’ use of their own devices
- the risk of potential leakage of sensitive information
- (for financial firms) the obligation to archive relevant messages and other communication channels
- embracing communication compliance at the management level
Conclusion
These developments around the world, in both the private and public sector, point to the undeniable fact that regulators and the judiciary in coming years will use any possible means to maintain transparency and accountability in the financial markets, government functioning, and other regulated industries. While recordkeeping requirements for employees, such as the retention period of electronic communication may vary, there is no doubt that every aspect of work-related communication will come under scrutiny.
Regulators all over the world are making it clear that just like in North America, firms and government bodies will require policies and systems in place to maintain accurate records of employee communication across devices, networks, and instant messengers.
Most companies have their policies figured out, but they also need a powerful network archiver in place that is effective in capturing messages sent via even encrypted instant messengers and personal devices and ensuring they are maintained in a tamper-proof manner. You can get started with the archiver built for new-age mobile enforcement by contacting the TeleMessage team for a demo.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
