Industry Insight

CFTC’s Latest Crackdown Reinforces Reality: Off-Channel Messaging Won’t Disappear

September 10, 2025by Tiffany Magri

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

TL;DR: For financial firms, the message is clear: capturing all business communications isn’t optional. It’s an enduring obligation that regulators will continue to enforce, and firms that fall short expose themselves to unnecessary risk.

The Commodity Futures Trading Commission (CFTC) announced a series of enforcement actions this week that once again highlight the persistent risks financial firms face when it comes to complying with recordkeeping and supervision obligations. On September 4, Acting Chairman Caroline Pham revealed the results of an “enforcement sprint initiative” that resolved compliance-related cases against multiple firms, resulting in more than $8.3 million in penalties.

Why off-channel communications still matter for compliance

Off-channel communications — employee use of unapproved or unmonitored platforms like personal texting or messaging apps — have been at the center of regulatory penalties for several years. Even as regulators shift their stated enforcement priorities, the obligation to capture and supervise business communications has not changed. These violations are no longer fringe compliance issues — they can be at the core of broader enforcement actions, compounding penalties and reputational damage.

The CFTC enforcement sprint explained: What compliance teams need to know

The sprint was designed to clear a backlog of operational and technical noncompliance matters, some dating back nearly a decade. Participating firms submitted remediation plans and settlement offers under the CFTC’s self-reporting and cooperation framework.

Acting Chairman Pham emphasized that the initiative allows the Division of Enforcement to redirect resources toward its highest priorities — combating fraud, manipulation, and abuse in US markets.

Still, the inclusion of off-channel communications violations demonstrates that the regulator continues to view recordkeeping and supervision obligations as core compliance responsibilities. Firms that allowed employees to use unmonitored messaging apps and personal devices to conduct business were sanctioned, with penalties reduced only because of their cooperation and remediation efforts.

Why off-channel communications remain a top CFTC compliance risk

For financial firms, the takeaway is clear: the obligation to capture, maintain, and supervise all business-related communications is not going away. Even as the CFTC shifts its focus to fighting fraud and even as the SEC adjusts its enforcement priorities, off-channel communications remain a regulatory flashpoint.

Over the past several years, regulators have imposed significant penalties on financial institutions for failing to supervise and archive communications across popular consumer messaging platforms. The most recent CFTC actions confirm that this area will remain an enforcement priority, regardless of how broader agendas evolve.

Beyond enforcement: A compliance wake-up call

One noticeable element of these latest actions is how routine off-channel communication violations have become. The penalties may vary, but the story rarely changes: employees rely on unapproved channels, firms fail to capture those records, and regulators respond.

Have we reached the inflection point where this stops being viewed as a regulatory nuisance and starts being treated as a fundamental business risk? Waiting for regulators to uncover gaps is, at best, damage control. The reputational cost of being named in an enforcement order — especially in a market where trust and transparency are paramount — far outweighs the penalty itself.

For compliance leaders, the question is no longer, “Will regulators keep enforcing off-channel communications?” That much is clear. The more pressing question is, “How long can a firm afford to operate in the gray area, knowing these violations are both preventable and inevitable without action?”

Staying proactive: Compliance steps firms should take

The CFTC’s cooperation framework shows regulators are willing to reward firms that self-report, cooperate fully, and remediate effectively. But relying on enforcement to drive change is a costly and risky approach.

Even if off-channel communications are not the headline priority, they can sit at the core of broader enforcement actions, amplifying penalties and scrutiny when other compliance gaps emerge.

Firms that fail to establish rigorous monitoring and governance for business communications expose themselves not only to financial penalties but also to reputational harm and heightened regulatory attention.

To stay ahead, firms should:

  • Invest in technology to capture and archive communications across all channels
  • Conduct ongoing audits of electronic communications compliance
  • Embed accountability into compliance culture from the top down
  • Encourage proactive self-reporting and remediation when gaps are discovered

In today’s environment, where employees use a wide range of digital tools, compliance programs must adapt. This means investing in the right technology to capture and archive communications across all channels, conducting ongoing audits, and embedding accountability throughout the organization.

How Smarsh can help

Smarsh helps financial firms avoid costly CFTC and SEC penalties by making it simple to capture, archive, and supervise communications across the full range of channels employees use today. From email, mobile messaging, and collaboration platforms to encrypted apps and emerging tools, Smarsh gives compliance teams confidence that no conversation slips through the cracks.

With Smarsh, firms can:

Capture every channel – Gain complete visibility into employee communications, no matter the device or platform.

Streamline supervision – Leverage AI and advanced search to surface risk faster and reduce review burdens.

Ensure defensible compliance – Maintain secure, immutable archives that stand up to regulatory scrutiny.

Scale with confidence – Adapt easily as new communication platforms emerge and regulatory expectations expand.

By unifying capture, archiving, and supervision in one platform, Smarsh helps firms move beyond reactive enforcement responses to establish proactive, resilient compliance programs. The result: reduced risk exposure, stronger regulatory posture, and greater trust with clients and regulators alike.

Frequently asked questions (FAQ)

Share this post!

Tiffany Magri
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

icon-angle icon-bars icon-times