SEC Ramps Up Enforcement Actions Against Off-Channel Communications Violations
The third quarter of 2023 brought two new waves of enforcement initiatives from the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) that exceeded $675 million across prominent banks and financial institutions. These actions targeted deficient off-channel communications recordkeeping, underscoring regulators' heightened scrutiny of firms' retention practices for employees' electronic messages.
Through imposing fines and requiring remediation, the SEC and CFTC emphasize the significance of accurate and complete records in detecting misconduct and protecting markets. Recordkeeping lapses have far-reaching implications, hindering regulatory agencies' ability to effectively investigate securities law violations.
This doesn’t just raise concerns about market integrity. It also underscores the importance of financial institutions upholding their recordkeeping obligations to maintain fair and transparent markets, which are vital for investors and stakeholders alike.
The recent fines signal that regulators will continue to aggressively pursue those exhibiting deficiencies, regardless of company size or status.
Financial services firms must modernize their policies on off-channel communications
Across these regulatory findings, there’s a recurring and concerning theme. Financial institutions consistently fall short in adequately retaining and preserving electronic business communications, especially those exchanged through unauthorized messaging platforms like WhatsApp, GroupMe, Slack, LinkedIn and Signal on personal devices. This deficiency in recordkeeping practices is pervasive across organizational departments and levels, from entry-level employees to senior management.
Despite many of these institutions’ policies expressly prohibiting the use of unauthorized communication methods for conducting business, enforcement of these policies was often inadequate. This lax enforcement played a pivotal role in the widespread communication failures observed, ultimately contributing to the regulatory infractions identified.
The inability to effectively manage electronic business communications, particularly those conducted on unauthorized platforms, raised concerns about transparency and the ability to track and report crucial information. This collective failure has far-reaching implications, hindering the institutions' regulatory obligations and impacting the integrity of the financial markets they serve.
SEC expected to exercise authority despite push back
Section 204 of the Advisers Act authorizes the Commission to issue rules requiring investment advisers to make and keep records for prescribed periods. Advisers must also be able to produce these records as necessary or appropriate, such as during regulatory investigations.
Not all investment advisers agree with the enforcement actions undertaken by the SEC regarding off-channel communications. Some within the investment advisory community assert that these actions go beyond the scope of their regulatory obligations. Certain investment advisers argue that the SEC has exceeded its authority, as they perceive their recordkeeping obligations to be more limited in scope when compared to those imposed on their broker-dealer counterparts.
Nevertheless, it is evident that the SEC is committed to asserting its regulatory authority to mandate that investment advisers maintain records of communications related to their business, including electronic messages, for examination purposes.
Actions against credit agencies prove the entire sector needs to step up
The SEC also brought enforcement actions against two credit agencies for failing to retain electronic communications related to credit rating activities. Under the Exchange Act, nationally recognized statistical rating organizations (NRSROs) are required to retain internal and external communications, including electronic communications sent and received by its employees that relate to initiating, determining, maintaining, monitoring, changing, or withdrawing a credit rating for a period of three years.
The violations that resulted in enforcement actions against these two credit agencies included:
- Employees, including senior personnel, internally communicated via text messages concerning credit ratings and quantitative predictive model adjustments but failed to retain these messages
- At least 19 analytical employees deleted messages from their company-issued phones during a device upgrade with compliance department approval
- Employees, including senior executives and rating group heads, exchanged numerous text messages related to credit rating activities on both personal and company-issued mobile devices
- One of the agencies failed to maintain or preserve the majority of these off-channel communications, thereby violating recordkeeping provisions of federal securities laws
Self-reporting and self-remediation gains favor
In one case, the firm self-remediated and self-reported off-channel communication violations to regulators and received a reduced fine. Following the discovery of business-related electronic communications on unauthorized platforms by the firm’s compliance staff, the firm initiated an internal investigation and voluntarily reported the findings to the SEC.
The firm also took proactive steps to identify crucial documents and facts, facilitating an efficient investigation by the SEC. Before contacting the SEC, the firm implemented substantial remedial actions related to recordkeeping responsibilities. The SEC’s Gary Gensler stated, “One of the orders included in today’s announced actions is not like the others. There are real benefits to self-reporting, remediating, and cooperating.”
Individuals are also hit with off-channel communication violations
One individual was fined $40,000 and suspended for 18 months due to unsuitable alternative investment recommendations. He also communicated with customers via unapproved text messages on his personal phone regarding securities-related business. His firm had not approved text messaging for business purposes, leading to the firm's failure to comply with recordkeeping requirements.
Another individual was fined $15,000 and a 15-month suspension for sending unauthorized text messages from her personal cell phone to transmit client documents to another associated person on multiple occasions. She failed to disclose her use of personal text messages to her firm and did not provide copies of her text messages, resulting in the firm's failure to preserve required books and records. Additionally, she provided false information to her firm and FINRA, initially denying sending client documents via text message but later admitting to doing so in a written response to a FINRA request.
Off-channel communications will continue to be a regulatory focus
As regulators continue to enforce recordkeeping obligations, it is likely that additional off-channel communication fines and penalties will follow. While there may be differing perspectives within the investment advisory community regarding the scope of these actions, complying with recordkeeping requirements is becoming increasingly critical.
Financial institutions of all shapes and sizes should prioritize robust recordkeeping practices and supervision to ensure they meet regulatory standards and facilitate efficient examinations. As the regulatory landscape evolves, staying proactive in compliance efforts will remain essential to avoiding penalties and maintaining the integrity of the financial industry.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.