A group of Wall Street companies recently agreed to pay over $81 million in fines to settle charges brought by the U.S. Securities and Exchange Commission (SEC) regarding failures in record-keeping. Oppenheimer & Co. Inc and U.S. Bancorp (USB.N), among other broker-dealers and investment advisers, were involved in these settlements. This marks the latest phase in the SEC’s ongoing investigation into how registered financial firms manage their employees’ work-related communications on personal devices and apps like WhatsApp.
According to the SEC, their investigations revealed widespread and long-standing use of unauthorized communication methods, known as off-channel communications. The companies have acknowledged that their employees engaged in business-related conversations through personal text messages and exchanged off-channel communications regarding recommendations, advice, and proposals. Broker-dealers and investment advisers registered with the SEC are bound by record-keeping requirements, and the growing reliance on off-channel communications has made it challenging for companies to meet these obligations.
The SEC’s orders indicate that Northwestern Mutual Investment Services firms will pay $16.5 million, Guggenheim will pay $15 million, Oppenheimer will pay $12 million, Cambridge Investment Research firms and Keybank entities will each pay $10 million, Lincoln Financial Advisors will pay $8.5 million, and U.S. Bancorp agreed to pay $8 million. Additionally, Huntington Investment Company firms self-reported their issues and will pay $1.25 million as a result. All the firms involved have admitted to the facts presented and have initiated efforts to improve their compliance policies and procedures, as directed by regulatory authorities.
FINRA 2024 fines and sanctions
Separately, a report from the Financial Industry Regulatory Authority (FINRA) released in January 2024 confirmed the obvious—its onslaught against its non-compliant members has escalated drastically.
Per the Disciplinary and Other FINRA Actions report, a host of broker-dealers were slapped with hundreds of thousands of dollars worth of fines for failing to supervise employee emails, using non-approved communication channels, etc. Simultaneously, dozens of individuals were barred or suspended from associating with FINRA members for their communication compliance violations and other unlawful activities.
But the regulator was far from done; in the same month, it dropped the 90-page 2024 FINRA Annual Regulatory Oversight Report that detailed its plans to go after off-channel communication, recordkeeping violations, and even tackle emerging threats to regulatory compliance, including AI.
Consequently, it is prudent for member firms to keep updated on the regulator’s recent crackdowns, emerging compliance trends, and what direction they will take in the coming quarters.
Increased emphasis on recording voice and video calls
Starting with the U.S. Securities and Exchange Commission (SEC), financial regulators have begun prioritizing the capture and retention of voice calls. In a risk alert sent by the regulator in January, it was reiterated that both text messages and electronic forms of communication related to security-based swaps, such as voice calls are to be monitored and reviewed thoroughly.
FINRA, which oversees about 624,000 U.S. broker-dealers already has in place the FINRA Taping Rule 3170, which mandates the recording and retention of telephone conversations between its registered members and customers for at least three years. As part of the regulation, firms are required to file quarterly activity reports with the regulator.
Notably, industry insiders are now scrambling to enforce call monitoring and retention to conversations happening via video conferencing software and instant messengers, including WhatsApp, Signal, and Telegram. The move comes amidst fears that employees could potentially share private information visually, bypassing the call recording mechanisms at the organizational level, which could cause a regulatory violation.
Renewed attention to off-channel communication
“Don’t text and trade” has become a key mantra that FINRA wants its members to live by, especially when the communication happens over personal devices that the organization has no way of supervising.
Case in point, FINRA came down with a 15-month long suspension and a $15,000 fine for a broker who used his cell phone to share client documents with a co-worker. These actions come in the wake of fines and suspensions that FINRA meted out to Wells Fargo employees in late 2022, who were found to be engaging in non-compliant behavior, such as texting by using a non-approved service.
The trend is set to continue in full swing in the coming quarters, as the 2024 FINRA Annual Regulatory Oversight Report makes the regulator’s intentions about focus areas clear. Strict enforcement of Rules 2210, 3110, and 4511, which cover interactions with the public, supervision of communication, and recordkeeping requirements, respectively mean that registered firms have to prioritize the preservation of written communication through non-official channels, such as SMS, social media posts, IM chats, and even emails and calls. The regulator has gone on to clarify that even whiteboards and the sharing of files can be considered part of business communication that needs to be subject to their monitoring requirements.
Further, member organizations are required to consider the following when it comes to handling off-channel communication:
- Effective communication with their staff to convey the importance of not using unauthorized communication channels
- Taking complaints of employees using unofficial communication channels or encrypted messengers seriously
- Looking out for red flags, like the underutilization of official messaging channels, which could indicate that the employee is conducting business via private devices or messengers
- Setting up clear communication policies, ways to enforce them, and penalties for violations
It is worth noting that along with recovering employee communication and archiving them, organizations have to safeguard the data in an easily accessible manner.
Accountability at the individual level
Along with the multimillion-dollar penalties that financial regulators have handed out, as witnessed in the WhatsApp fines case that saw major banks in hot water, agencies, like FINRA have zoomed in to penalize individual violators.
Organizations can have robust recordkeeping systems in place but end up suffering great reputational damage if one employee slips through the cracks and ends up getting suspended or barred by FINRA. Consequently, there is an urgent need to implement solutions, such as a network archiver that can capture employee communication irrespective of whether the device is company-issued or BYOD. The fact that the messages are captured instantaneously as a copy means that there is a single source of truth, which will allow organizations to safeguard themselves from employees deleting or altering sensitive texts.
Even new-age tech won’t escape scrutiny
Even way back in 2023, FINRA execs were calling for emoji compliance, warning that misunderstandings over the meaning of the digital icons could trigger customer complaints. The latest guidelines from the regulator also require the broker-dealers to have in place Written Supervisory Procedures for their communication with the public through new tools, such as video conferencing.
Continuing the trend of keeping pace with the latest developments in communication technology, the regulator has warned of the need to mitigate potential threats to compliance posed by generative AI and similar technology. Member firms need to be on top of preserving records of how the technology is used to communicate with customers, ensuring that sensitive customer information is not fed to AI systems, etc.
Also, in coming years, firms may need to embrace machine learning-powered analytics to detect if their employee communication contains any problematic material, such as inviting clients to interact via non-approved apps. The machine learning capabilities will prove especially useful in detecting violations using misspelled words that regular flagging systems may not catch.
As the SEC and FINRA’s war on non-compliant broker-dealers, investment advisers and other financial firms rages on, companies that it supervises have the regulatory obligation to adapt to its constantly evolving requirements. Clear guidelines and prohibitions on using unapproved channels to communicate with co-workers and clients and training on the authorities’ regulations will go a long way in warding off fines and reputational damage from FINRA investigations.
But the most potent solution is the implementation of an archiver, like TeleMessage that can capture employee communication via the network without being dependent on the employees backing up their chats or using only company-issued phones. Using the mobile archiver, companies can capture messages (SMS, MMS, WhatsApp, Telegram, Signal, WeChat, etc.) and record voice calls all with the appropriate context. Compliance teams can set in place measures to auto-flag potentially non-compliant keywords or even filter out specific conversations based on sender info, recipient info, phone number, date, etc. The best part is that the data can be stored on an archiving vendor of choice by the broker-dealer and retained for the duration of the regulator-mandated retention period.