SEC Focus on Communication Compliance

Contact Us

Contact Us

[contact-form-7 404 "Not Found"]

The continued advancement of digital communications technologies has broadly changed the way employees of organizations around the globe communicate. After the Covid-19 pandemic began, modern communication tools such as Microsoft Teams, Zoom, and Cisco WebEx became the top choices of organizations for remote collaboration. The use of secure instant messaging solutions such as WhatsApp, WeChat, Signal, and Telegram for work-related communications also grew significantly.

The unprecedented growth of digital communication technologies in regulated firms has motivated regulatory bodies such as SEC and FINRA to amend existing compliance rules and introduce new rules covering the requirements of hybrid working models. In doing so, regulators expected the registered firms to comply further by expanding the existing efforts for modern digital communication technologies.

However, some organizations still fail to expand their monitoring and archiving systems for modern digital technologies. The recent broad speech by the SEC Director of Enforcement Division and the SEC sweep that followed shows that the SEC remains fully focused on communication compliance.

sec communication compliance

The SEC sweep on communication compliance

Under such situations, the SEC—as the main USA regulatory body established to protect investors of the securities market—has accelerated its enforcement activities to ensure that firms have adequate monitoring and archiving systems in place for business-related communications. According to the SEC regulations, financial firms must comply with broker-dealer record-keeping compliance without degrading the employees’ privacy. Failure to adhere to the record-keeping rules subjects offenders to huge monetary and non-monetary penalties.

In an October 2021 speech, the SEC Director of Enforcement Division Gurbir Grewal highlighted many areas of compliance, including the importance of having proactive compliance in work environments, the delivery of customer relationship summaries or CRS, and Regulation Best Interest or the Reg BI. Also, in the initial part of his speech, he emphasized some of the key enforcement activities of the SEC against well-known financial firms showing their best efforts in recent years to protect the securities market from financial fraud.

Soon after the SEC Director’s speech, the SEC opened an inquiry to determine how Wall Street Banks monitor employees’ digital communications: Multiple banks, including JP Morgan Chase & Co, were under the scrutiny of the SEC checking if they are adequately recording work-related communications, including emails and text messages.

The SEC regularly conducts periodic sweeps to collect information about firms it suspects to have issues in meeting their compliance requirements. Sometimes, the sweeps can become formal regulatory inquiries, depending on their information and circumstances.

SEC and FINRA electronic record-keeping rules

The speech by the SEC enforcement director and the SEC’s sweep that followed reinforces the importance of revisiting the compliance rules on recording work-related electronic communications. Below is a summary and a highlight of SEC and FINRA record-keeping rules related to different digital communications that regulated firms need to always monitor.

  • The SEC Rule 17a-4 requires broker-dealer firms to capture and archive electronic communications and retain the data for at least six years. The records must meet the Write Once Read Many (WORM) compliance, which prevents data modification. In addition, the firms must timestamp the record with a unique number and organize the data with indexes. They also should keep backup copies and store them separately from the originals.
  • Also, in the wake of using social media for business communications, FINRA issued regulatory notices and guiding documents on social media usage for business communications. According to the guidance, firms need to monitor and capture social media posts, chats, text messages, voice calls, and emails. The guidance also highlighted the importance of differentiating between personal and business communications.
  • The FINRA supervision rule 3110 states that “Each member shall establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.”
  • The FINRA Communication with the Public Rule 2210 defines record-keeping requirements of “Retail communication,” which are communications “that is distributed or made available to more than 25 retail investors within any 30 calendar-day periods.”

With the above highlighted record-keeping requirements, it is important to understand how SEC and FINRA regulations evolved from legacy to modern digital communications technologies.

Early-generation employee communication methods

Before modern messaging applications, SMS, emails, and legacy chat applications were prominently used for business communications. SEC and FINRA require firms to monitor, capture, and archive email messages from accounts issued by firms and prohibit employees from using private email accounts for business communications. Also, legacy messaging applications like Skype and old SMS and text messaging applications were under SEC and FINRA for SMS archiving regulations.

Recent and modern employee communication methods

Many social media platforms such as Facebook, Twitter, and LinkedIn emerged as effective business collaboration platforms in recent years. FINRA introduced the above-discussed record-keeping regulations regarding social media platforms with respect to the potential obligation of communication compliance. Nonetheless, personal use of social media is not subject to FINRA regulations, highlighting the importance of differentiating between personal and business-related communication content.

Then came the era of using secure mobile messaging applications such as WhatsApp, Signal, WeChat, Signal, Telegram, and Snapchat for carrying out business activities. FINRA requires businesses that use these applications to capture voice calls, monitor text messages, and archive them according to FINRA retention requirements.

Finally, the proliferation of modern remote collaboration tools such as Microsoft Teams, Slack, and Zoom after the Covid-19 pandemic began has introduced new challenges for regulatory bodies. FINRAs’ advertising FAQs issued in September 2021 states that firms need to retain some of the interactions done using these platforms.

How Can Firms Avoid or Face Future SEC Sweeps?

The SEC, FINRA, and other regulatory bodies worldwide are obligated to regulate how businesses monitor and record employee communications. Hence, with the advancements of digital communication technologies, the regulatory bodies continuously need to assess their impact and update their compliance requirements to minimize mobile compliance risks.

Organizations need to have a robust monitoring and archival solution that helps them archive business-related communications and introduce solutions as and when the technologies evolve, and new digital channels are introduced. It also implies that regulated firms must take a proactive compliance approach that helps them prepare for sweeps of regulated firms and to stay compliant with regulation changes.

About TeleMessage

TeleMessage offers employees the freedom to use modern messaging applications on the mobile and desktop. Our mobile archiving products securely record content from mobile carriers and mobile devices, letting companies meet recordkeeping regulations and compliance requirements.

With multiple archiving solutions, you can always find the right tools or blend for your requirements:

TeleMessage offers cross-carrier and international mobile text & calls capture and archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.

Skip to content