Regulatory Results From 2021: SEC and FINRA Gain Steam Heading into the New Year

January 13, 2022Tiffany Magri

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing

In a recent webinar, "2021 Regulatory Roundup and Year Ahead: Hybrid Work, DeFi and Crypto Compliance," Robert Cruz and Eversheds Sutherland’s Brian Rubin and Amanda Oliveira discussed regulatory lessons learned in 2021 and their outlook for 2022 and beyond. Below we highlight some of the key insights from that session.

2021 enforcement actions and results

SEC enforcement results
While the total number of enforcement actions in 2021 only grew 7% from the prior year, the SEC reported a 33% increase in the penalties received. The SEC also reported that 2021 was a record year for whistleblowers. Since the program began in 2012, rewards have totaled over $1 billion, of which $500 million was paid to whistleblowers in 2021. They also noted several first-of-their-kind enforcements in areas such as decentralized finance, the dark web and Form CRS.

FINRA enforcement results
The total number of FINRA enforcement actions in 2021 remained static from the prior year. However, over the same period in 2020, FINRA reported an increase of 102% in the penalties received by financial services firms paid in 2021.

The SEC and FINRA enforcement results demonstrate that while the regulators may not have increased the number of enforcement actions, they did meaningfully increase the penalty amounts that firms paid in 2021. We can expect to see more cases with hefty fines in 2022. Already on January 6, 2022, the SEC announced a whistleblower award of more than $13 million for a fraud-related case.

Enforcement key themes

A more aggressive regulatory landscape
The SEC has historically allowed firms to settle enforcements without admitting or denying guilt to the allegations. The SEC’s Director of the Division of Enforcement, Gurbir Grewal, announced that they expect a policy change requiring admission of wrongdoing to certain enforcement actions. He said, "In an era of diminished trust, we will, in appropriate circumstances, be requiring admissions in cases where heightened accountability and acceptance of responsibility are in the public interest.”

He further explained that “admissions, given their attention-getting nature, also serve as a clarion call to other market participants to stamp out and self-report the conduct to the extent it is occurring in their firm."

The SEC staff later expanded on Grewal’s announcement, stating that “appropriate circumstances” may include:

  • Egregious misconduct where the markets or a large number of investors were either harmed or placed at significant risk of harm
  • Cases where bad actors engaged in behavior that obstructed the SEC’s processes
  • Cases where admissions would greatly amplify the deterrence effect of the action

Firms should consider the implications of the SEC’s new approach and potential settlement options such as reputational risk, litigation risk, and other collateral risks if they admit to wrongdoing.

We also expect to see an increase in the number of cases the SEC must litigate if they require firms and individuals to admit to wrongdoing, which may constrain the SEC’s limited resources.

Emerging communications tools
Firms are using communications tools such as social media to engage investors, particularly retail investors. The SEC has stated that these new communication tools are breeding grounds for scams and other misbehavior. In Jan 2021, the SEC issued an alert to retail investors warning them of the risks of investing based on social media.

By using these new communication tools, individuals may be engaging in unsanctioned outside business activities (OBA). Under FINRA Rule 3270, proposed outside business activities should be reported to the individuals’ firm so that they can determine whether to limit or allow these activities.

Another issue we expect FINRA to focus on is the increased use of collaborative platforms for business purposes. Firms should identify

  • Which collaborative platforms are being used
  • If they’re adequately supervising and retaining those communications
  • If they have the proper security controls placed on those communications.

Firms also need to evaluate if they have a reliable and secure way to capture these communications.

Remote audits
After the pandemic, there were concerns as to whether regulators would be able to effectively conduct remote exams. As individuals transitioned to work from home, they were more likely to use unapproved business communication tools like personal email, WhatsApp, text or personal devices. Remote inspections don’t grant you access to an individual’s personal devices.

To make sure firms are focused on the right issues and responding accurately to regulator questionnaires, we expect to see more robust attestations from regulators including probing questions like, “Have you ever used WhatsApp?”

Regulation Best Interest
Regulators have ramped up enforcement actions regarding Regulation Best Interest (Reg BI). Where previously firms were given a deficiency letter, we’re now seeing enforcement actions. Several firms were cited for failure to meet electronic delivery requirements for Reg BI disclosures.

A study conducted by NASAA of over 2,000 firms found that Reg BI had a minimal impact on firm operations, with only slightly more firms engaging in pro-investor best practices. The NASAA study found that most of the firms sampled did not provide fair and balanced point-of-sale disclosures regarding fees, costs and risks to retail investors.

We expect Reg BI requirements to remain a focus for regulators in 2022, as well as how Reg BI applies to digital engagement, and what may constitute a recommendation.

Regulatory outlook for 2022

What to expect from the regulators in the new year.

Supervisory and recordkeeping fines focused on collaboration tools 
Firms should ensure they have adequate training, supervision and retention of all collaboration and conferencing technologies being used by the firm and individuals for business purposes.

Continued focus on outside business activities
Firms should evaluate if individuals are engaging in unreported outside business activities and how they can automate the way they supervise these communications with the extensive increase in digital engagement.

Additional guidance and rules for digital communications
As technologies outpace regulatory guidance, we would expect clarification on these rules. For example, do recorded Zoom meetings need to be captured and retained?

Clarity regarding cryptocurrency oversight
Cryptocurrencies continue to transform the financial services industry. As regulatory hearings continue to focus on cryptocurrencies, we anticipate more regulatory oversight.

Greater leveraging of analytical tools to facilitate compliance. Communications through social and collaborative technologies are multi-dimensional. We’ve seen an acceleration and interest around the use of natural language processing and machine learning to help decipher meaning across all these different sources of information.

How to prepare for the future of compliance

Given the regulatory actions of the past year, firms have an opportunity to start 2022 by considering how they can improve the readiness of existing policies, training and technologies to address areas of regulatory interest. To begin your analysis, consider the following questions:

  1. Do your policies and procedures adequately address newly adopted or amended rules that relate to your business?
  2. Do your current testing and auditing practices reflect the new work environment?
  3. Is your current technology effective in keeping up with the volume of information you must record, retain and supervise?
  4. Does your archiving platform incorporate adequate risk monitoring into your compliance program?

In response to a webinar poll, respondents stated their top regulatory priority for 2022 was "fine-tuning policies to address hybrid work environments and digital communications." This will be crucial for firms to maintain effective supervisory programs.

Attendees also stated there is a need for advanced technologies to address the variety of data being generated. We found that secondary to adding these technologies, attendees were concerned with having sufficient compliance staff to supervise these activities and updating training to reflect the new hybrid work environment and use of digital communications. As new communication channels emerge, it is important that policies and training are kept up to date with the latest technology.

Watch the full webinar, here

Share this post!

Tiffany Magri
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Contact Us

Tell us about yourself, and we’ll be in touch right away.