|This article is an excerpt from the Smarsh 2017 Electronic Communications Compliance Survey Report. This survey of financial firms shows that while many have begun to apply resources to supervision, firms struggle to focus on the channels that have the most potential for risk.
Download the full report here.
Against the backdrop of political shifts in Washington and growing popular distrust of “big finance,” the seventh annual Smarsh survey of compliance professionals in the financial services industry reveals that the electronic communications compliance landscape has become broader, more complex and more scrutinized.
More firms are finding that gaps in retention and supervision programs have consequences. Examinations have become more comprehensive, with regulators focusing in particular on supervision processes.
FINRA reported 99 books and records cases in 2016, resulting in $22.5 million in fines. Compared to 2015, that represents a 423% increase in fines.
In conjunction, compliance professionals’ concerns have expanded. One significant area of concern is the growing number of non-email communications options, particularly mobile communications.
Many of the archiving and supervision compliance gaps identified in previous years have narrowed. A comparison of 2016 vs. 2017 data illustrates that firms are moving to implement archiving/supervision solutions. Year-over-year, notable compliance gaps have decreased: LinkedIn (-35%), Corporate IM (-35%), SMS/text messaging (-28%) and Facebook (-26%).
That said, a significant number of firms are still vulnerable because they have not taken action to appropriately supervise their employees’ business communications, with the top compliance gaps being mobile, social and instant messaging.
Even when supervision is happening, compliance teams must decide where and how to best allocate their finite resources to efficiently and effectively identify and address non-compliant communications and other actions that pose risks to their firms.
This article is an excerpt from the Smarsh 2017 Electronic Communications Compliance Survey Report. Download the full report here.
Last week, Smarsh attended FINRA’s premiere event in Washington D.C. The 2017 FINRA Annual Conference was jam-packed with FINRA and SEC regulators, financial titans from leading organizations, and exhibitors. Participants learned about the latest regulatory developments and gained practical guidance on today’s top compliance issues. The conference agenda included a focus on technology trends and challenges in the securities industry.
The biggest takeaway from the event was that firms must leverage technology to address compliance risk, as mentioned throughout panel discussions. The regulatory environment continues to rapidly evolve, and technology provides the compliance solution. FINRA is also leveraging technology and analytics to improve and support regulatory oversight.
With a focus on technology, here are the top tech trends and updates highlighted at the conference:
1. Firms need tighter control over electronic communications.
FINRA is actively thinking through how its rules and programs interact with technology and innovation. In its Communications with the Public session, FINRA reinforced that firms need to use electronic communications surveillance to govern and control their advisors’ communications with the public.
FINRA noted there’s still confusion about electronic communications among firms, and lingering questions remain about what requires supervision and retention. One highly discussed topic was personal versus business communications, including what firms should do to manage compliance in this area. FINRA representatives reiterated that:
- It’s the content of a message, not the device, operating system, or platform, that determines the status of a message as a business record. Firms must educate their advisors about the difference between business and personal communications, and be specific about which types of communication are subject to supervision and retention.
- Firms need solid controls in place to meet the requirement to retain, supervise, and produce business communications. Firms with a sound data governance structure in place incorporate the following: a) the right people, b) development of effective electronic communications policies, c) ongoing review of electronic communications policies, and d) distribution of a communications playbook to advisors. Firms need to let their employees know what’s expected and allowed regarding communication. Controls must be in place to capture business communications, from email to social media to text messaging.
- Firms must supervise their advisors’ social media communications with the public, in line with current regulations. FINRA noted that when a firm has the right technology tool in place to help with social media supervision, this can go a long way to help manage risk and give compliance professionals a sense of control. (See more below).
2. Firms should implement effective practices to prevent risk related to senior investors.
FINRA views the protection of senior investors as a top priority, and devotes considerable resources to mitigate risk to this demographic. During the conference, FINRA encouraged firms to review and, where needed, enhance their policies to address specific issues common to many seniors. Highlights included:
- New Rule 2165 and its accompanying amendments to Rule 4512 become effective February 5, 2018. To protect seniors from financial exploitation, FINRA broker-dealers will soon be required to obtain the name and contact information of a Trusted Contact Person for each customer’s account. Also, FINRA broker-dealers will be permitted to place a temporary hold on the disbursement of funds or securities from accounts where there’s a reasonable belief of financial exploitation of seniors.
- Firms should use technology to help pinpoint risk to senior investors. Firms that use automated supervision technologies are in the best position to address financial exploitation of seniors. Firms can use The Archiving Platform from Smarsh to set up policies that flag questionable behavior and communication related to investors. Data analytics can also help firms find changes in pattern behavior of a senior investor’s account.
3. Social media and mobile communications are key to compliance practices.
At the Social Media and Digital Communications Trends session, FINRA again addressed the distinction between personal and business communications. The panelist highlighted that firms must ensure business communications are retained and supervised, whether messages are sent on business or personal devices. A panel survey revealed 66% of firms allow Bring Your Own Device scenarios, where advisors use their personal smartphones and other devices for business communications. This creates a unique challenge, and firms must enable their compliance teams to capture and supervise the business communications on those devices, to satisfy current regulatory requirements. Other highlights include:
- It’s not realistic to prohibit text messaging. Prohibiting the use of text messaging for business communications is no longer practical. It’s often the client who initiates contact via text, so firms must have a system to supervise and retain these communications. Panelists emphasized clients want and expect to communicate with their advisors via text, because it’s convenient, easy, and immediate. Millennial investors are the most likely to expect text communication, and interaction on social media.
- Training and education are critical. Again, firms must educate advisors about the difference between personal and business communications for the purposes of supervision, review, and archiving of business content. Compliance professionals and others who review business communications should also receive ongoing training as technology evolves. In April, FINRA issued more guidance on the use of social networking sites, which firms should review to ensure compliance.
The annual conference was a clear indication that as the industry changes, FINRA and financial services firms are managing risk with technology. Firms need to move quickly to update compliance procedures and implement sophisticated technology solutions. The Archiving Platform from Smarsh allows firms to supervise the activity of specific brokers, and spot fraudulent or questionable activities. The platform tools help firms comply with the regulatory obligations, and identify potential deficiencies that would go unnoticed otherwise. As emphasized at the FINRA conference, firms cannot do it alone; it’s simply unrealistic and too costly to manage risk in any other way.
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry. With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms. In this report, you’ll find out: Want to compare against last year’s survey report? You can find it here.
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry.
With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms.
In this report, you’ll find out:
Want to compare against last year’s survey report? You can find it here.
On-Demand Webinar: Key Findings from the 2017 Electronic Communications Compliance Survey
It’s time to take stock of the compliance landscape, and to understand how other firms are managing the challenges posed by supervising new channels and platforms.
Many financial services firms still struggle to understand and fully embrace social media and mobile communication rules. In light of the emerging technologies and communications, FINRA recently published Regulatory Notice 17–18: Social Media and Digital Communications, providing further guidance on the FINRA rules governing social media and text messaging communications for member firms.
FINRA’s updated guidance further clarifies the rules governing communications with the public via social media, and the use of personal devices for business communications. The Notice also reminds firms of the recordkeeping, supervision, and content requirements for such communications.
Here are some important takeaways:
- Recordkeeping. Firms are reminded of their obligation to keep records of business communications under SEA Rule 17a-4(b)(4). Also, firms must train and educate their advisors regarding the distinction between business and personal communications, and the requirements to retain, supervise and produce business communications.
- Text messaging. Firms that communicate or allow advisors to communicate through text messaging or chat services for business purposes must retain records of those communications, in compliance with SEC and FINRA rules.
- Personal communication. Advisors can share firm information that is not related to their firm’s product or services without becoming subject to FINRA Rule 2210. For example, an advisor may share their firm’s post about a charity event that the company sponsors. However, if the communication does pertain to the firm’s products and services, then the content is subject to FINRA Rule 2210.
- Third-party content. Regulatory Notice 10–06 states that posts by customers or other third-parties on a firm’s social media accounts are not considered ‘communications with the public’ by the firm or advisor, under FINRA Rule 2210. Regulatory Notice 17–18 reiterates this point. However, there are some exceptions, including situations where a firm pays for, prepares, controls, or explicitly endorses content posted by third-parties. In these scenarios, a firm must comply with FINRA Rule 2210.
- Hyperlinks to third-party websites. FINRA reminds firms that Regulatory Notice 11–39 states firms cannot link to any third-party website that contains false or misleading content. The Notice further clarifies that a firm ‘adopts’ third-party content when it shares or links to it, and as a result must ensure the content complies with communications rules.
- Endorsements and testimonials. Unsolicited third-party comments or opinions posted on a firm’s social media aren’t firm communications, or testimonials under FINRA Rule 2210. However, if the firm or advisor likes or shares a comment/testimonial, that is considered adoption of content, and is subject to the communications rules.
- Note: Registered Investment Advisors should still comply with SEC Rule 206(4), which prohibits promotion of client testimonials and endorsements.
- Native advertising. Firms may use native advertising if it complies with the provision of FINRA Rule 2210. In particular, native advertising must disclose the firm’s name, disclose any relationship between the firm and any other entity or individual who is also named, and mention the products or services offered by the firm.
What does this mean for firms?
FINRA makes it clear that firms must archive all electronic communications, including content from social media, text messaging, and other mobile platforms.
In response to the guidance, firms should review their social media and mobile policies and procedures. Specify the difference between personal communications and business communications. Training and ongoing education are critical, especially as advisors become acclimated to social media, text messaging and mobile apps to communicate with prospects and clients.
The digital landscape continues to evolve and firms must leverage technology for compliance and supervision. Smarsh provides the tools and platform to capture and supervise all incoming and outgoing business communications. It’s simply not realistic or cost effective for a firm’s compliance officer to manually spot check all of their firm’s social media profiles and mobile messages. The Archiving Platform from Smarsh automatically captures social media and mobile content in its native format and flags communications based on client-set lexicon policies if further review is needed. As a result, a compliance officer can focus their time and energy on the most pressing items for review, rather than searching for risk in all the wrong places.
Lenders are already managing a long list of other industry rules and regulations, so these extra cycles of website and social media monitoring can have a significant time and cost impact on a business, if not managed efficiently with smart policies, and some help from technology.
With no room for error, how can you keep your marketing engines revving while you stay on course with the regulations? The key to success is automation.
- Why it’s important to set up policies and training for social media and websites
- How to use technology to automate the supervision of your digital presence
- Keys to refining you monitoring process over time
Do your advisors use text messages to communicate with their clients? Most likely, the answer is yes. For SEC and FINRA regulated firms and advisors, it is imperative to understand that failure to comply with supervision and retention regulations can lead to disciplinary actions against firms and individual advisors.
In 2016, FINRA suspended and fined an advisor for using text messaging to communicate with a client. The use of text messaging violated the firm’s electronic communications policy and Written Supervisory Procedures (WSPs). The firm’s WSP required retention and supervision of all business-related electronic communications. Advisors were required to send all business communications through company-owned devices, accounts and applications, and weren’t allowed to use personal accounts or devices. However, the advisor used a personal smartphone to send text messages to a client. The failure to archive those communications put the firm at risk of recordkeeping rule violations and failure to supervise communication under FINRA Rule 3110. FINRA fined and suspended the individual for use of text messaging of a personal smartphone.
Risk Alert: Text Message Compliance Violations
Most regulated firms have WSPs that specify which types of electronic communication advisors may use. Generally, these policies focus on email communications, and unfortunately do not include all the communication channels their advisors use—including text messaging.
- 3 Ways Text Messaging Exposes Financial Services Firms to Massive Risk
- 5 Steps to Eradicate Text Messaging Risk
- Watch It Work: Text Message Archiving in The Archiving Platform
In 2017, 77% of Americans own a smartphone. On their smartphones, advisors can choose from a wide variety of communication channels, including text, IM and social media. Advisors are likely to choose whichever communication channel is preferable to their client, and statistics show many clients prefer text communication to email or phone calls. This is particularly important for the millennial demographic, because the net worth of the millennial generation is projected to increase from $4 trillion in 2015 to $20 trillion in 2030—making it the fastest growing advisor client demographic. Financial Planning notes the highest earning advisors are targeting millennials now. It is not realistic for firms to expect advisors will only use email to communicate with their clients.
Despite the proliferation of text messaging as the communication vehicle of choice, most member firms have not updated their WSPs to include text messaging. A firm may also mistakenly believe prohibiting text messaging in their policy is enough, but it’s not. If a firm’s advisors use a specific communications channel, the firm must archive and supervise it.
Best Practice: Firms Must Create WSPs that Capture All Communications
We recommend that a firm’s compliance team interviews and audits its advisors immediately. Ask advisors how they communicate with their clients. Also, look at your advisors’ social media pages. Are advisors advertising or posting information about their business on social media? Is it reasonable for a client to reach out to your advisors through their social media pages? Do advisors list their cell phone number on their website or on social media? If so, it’s likely clients will contact the advisor via text message.
Next, determine what checks and balances are in place to capture conversations and other content that your advisors share. Leverage your archiving solution to determine whether advisors use communication channels that are prohibited by your firm. The Archiving Platform from Smarsh can be used to automate the supervision process, when you implement lexicon-based reviews and random sampling to automatically search for specific policy violations. The lexicon policies can automatically find scenarios where an advisor offers a prospect or client their personal email address, phone number, or social media account to communicate. Lexicons may include phrases such as ‘text me’, ‘send info to my personal email’ or ‘direct message me on Facebook.’
Once your firm has conducted an audit of the communication channels your advisors use, it’s time to revisit your WSP. Does the WSP include a policy for all the communication channels your advisors are using? Do you capture those communications? Are those communications being reviewed under FINRA supervision rule 3110? Ensure your firm archives all communications, as required by rule 17(a)(4), as part of what we call an Archive Everything strategy.
Compliance: The Archive Everything Strategy
If your archive strategy only includes email archiving, then it’s imperative to upgrade to a solution that captures all the ways your advisors communicate. With the proliferation of smartphones, archiving everything is the only way to help protect your firm from regulatory violations. Archiving, monitoring and producing text, social media, and instant messages alongside email is core to an effective compliance program.
When your firm follows an Archive Everything philosophy, you can help prevent risk and comply with regulatory obligations.
Learn how you can use technology to solve your text message recordkeeping needs: Watch It Work: Text Message Archiving for Compliance.