SEC Ramps Up Enforcement Actions Against Off-Channel Communications Violations

Financial services firms must modernize their policies on off-channel communications

Across these regulatory findings, there’s a recurring and concerning theme. Financial institutions consistently fall short in adequately retaining and preserving electronic business communications, especially those exchanged through unauthorized messaging platforms like WhatsApp, GroupMe, Slack, LinkedIn and Signal on personal devices. This deficiency in recordkeeping practices is pervasive across organizational departments and levels, from entry-level employees to senior management.

Despite many of these institutions’ policies expressly prohibiting the use of unauthorized communication methods for conducting business, enforcement of these policies was often inadequate. This lax enforcement played a pivotal role in the widespread communication failures observed, ultimately contributing to the regulatory infractions identified.

The inability to effectively manage electronic business communications, particularly those conducted on unauthorized platforms, raised concerns about transparency and the ability to track and report crucial information. This collective failure has far-reaching implications, hindering the institutions' regulatory obligations and impacting the integrity of the financial markets they serve.

SEC expected to exercise authority despite push back

Actions against credit agencies prove the entire sector needs to step up

The SEC also brought enforcement actions against two credit agencies for failing to retain electronic communications related to credit rating activities. Under the Exchange Act, nationally recognized statistical rating organizations (NRSROs) are required to retain internal and external communications, including electronic communications sent and received by its employees that relate to initiating, determining, maintaining, monitoring, changing, or withdrawing a credit rating for a period of three years.

The violations that resulted in enforcement actions against these two credit agencies included:

• Employees, including senior personnel, internally communicated via text messages concerning credit ratings and quantitative predictive model adjustments but failed to retain these messages
• At least 19 analytical employees deleted messages from their company-issued phones during a device upgrade with compliance department approval
• Employees, including senior executives and rating group heads, exchanged numerous text messages related to credit rating activities on both personal and company-issued mobile devices
• One of the agencies failed to maintain or preserve the majority of these off-channel communications, thereby violating recordkeeping provisions of federal securities laws

Self-reporting and self-remediation gains favor

In one case, the firm self-remediated and self-reported off-channel communication violations to regulators and received a reduced fine. Following the discovery of business-related electronic communications on unauthorized platforms by the firm’s compliance staff, the firm initiated an internal investigation and voluntarily reported the findings to the SEC.

The firm also took proactive steps to identify crucial documents and facts, facilitating an efficient investigation by the SEC. Before contacting the SEC, the firm implemented substantial remedial actions related to recordkeeping responsibilities. The SEC’s Gary Gensler stated, “One of the orders included in today’s announced actions is not like the others. There are real benefits to self-reporting, remediating, and cooperating.”

Individuals are also hit with off-channel communication violations

One individual was fined $40,000 and suspended for 18 months due to unsuitable alternative investment recommendations. He also communicated with customers via unapproved text messages on his personal phone regarding securities-related business. His firm had not approved text messaging for business purposes, leading to the firm's failure to comply with recordkeeping requirements.

Another individual was fined $15,000 and a 15-month suspension for sending unauthorized text messages from her personal cell phone to transmit client documents to another associated person on multiple occasions. She failed to disclose her use of personal text messages to her firm and did not provide copies of her text messages, resulting in the firm's failure to preserve required books and records. Additionally, she provided false information to her firm and FINRA, initially denying sending client documents via text message but later admitting to doing so in a written response to a FINRA request.

Off-channel communications will continue to be a regulatory focus

FEATURED BRIEF

Guide to Mobile Communications Capture

Industry Brief

READ NOW

Share this post!

• Author
• Recent Posts

Tiffany Magri

Senior Regulatory Advisor at Smarsh

As a Regulatory Advisor at Smarsh, Tiffany Magri monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.

Latest posts by Tiffany Magri (see all)

• From Hypothetical Performance to Real Consequences: SEC’s Message to Advisers - April 15, 2024
• Navigating the SEC’s Expanded Dealer Definition - March 6, 2024
• Digital Communication Preservation: Highlights of the DOJ and FTC’s Imperative Guidance - February 27, 2024

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.