Off-Channel Communications Violations Strike Again: $63 Million in Penalties
Off-channel communications have been a constant topic under the current leadership of the SEC as well as CFTC. Highlighted by multi-million dollar enforcement settlements and a never-ending search for best practices, this week’s $63 million in penalties across twelve firms may likely represent one of the last major waves before the change in administration takes place. However, its impact is very likely to linger well into the future.
Why it matters
While regulatory leadership is changing, firms shouldn’t expect enforcement actions for off-channel communications enforcement actions to plummet.
The settlements themselves are consistent with what we’ve observed over the course of the entire off-channel regulatory focus:
- All firms (including advisors, private equity firms and broker-dealers) have obligations to retain and supervise business communications
- Off-channel communications can involve any communication tool — not just WhatsApp and text messaging
- Proactive steps to identify and remediate issues will likely continue to be rewarded by regulators in the form of smaller settlements, or even no money penalties as seen in other actions
What can we learn from this enforcement action?
The details of these actions highlight three important implications for the future.
First, regulators expect the full picture. Every WhatsApp message about the business from an executive, any proposed investment advice to a market participant, and every 'sounds good' over text with a client must be preserved and supervised. This supervision requirement was brought to the spotlight when senior leadership not only failed to supervise, but actively suggested ways to evade recordkeeping requirements through auto-delete features.
Second, the policies and procedures of every firm must account for the use of unapproved communications tools and devices. Policies must be supported by on-going training and attestation to validate that employees understand their obligations. The failures highlighted in these cases demonstrate that supervision isn't just about having policies. It requires active monitoring and verification, as shown by one firm's technical oversight that allowed employees to send text messages without proper surveillance for several years.
And third, the failure to supervise is not just a ‘check-the-box’ administrative failure. It can prevent regulators from doing their jobs and the firm from defending its actions in light of potential securities law violations. These cases make clear that supervision failures at the senior level create cascading compliance problems throughout the organization.
Prepare your compliance procedures for 2025
As we move away from “regulation by enforcement” toward a more principles-based enforcement approach in 2025, we are likely to see regulators return their focus to financial crimes, where the use of an unapproved communications tool is a means to an end, as opposed to the primary exam itself. Firms will continue to be encouraged to proactively identify deficiencies, self-report and demonstrate comprehensive communications oversight.
In fact, this will continue to be an executive-level priority for any firm that has previously been the subject of an enforcement action as they must report back to the regulators on the progress they’ve made. However, the fundamental expectation remains unchanged: firms must maintain complete and accurate books and records and demonstrate that they are following the red flags.
Protecting your customer’s information and meeting your fiduciary responsibilities is the focus, versus simply taking “check-the-box” steps to avoid onerous regulatory sanctions.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US