Regulatory Update: What Financial Institutions Must Prioritize Moving Forward

May 07, 2024by Tiffany Magri

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Regulatory Updates for 1Q2024.

The final months of 2023 set the stage for an active start to 2024 on the regulatory front as financial services firms continued to face heightened scrutiny and steep penalties for compliance failures. Drawing on the enforcement actions and industry news from the first quarter, several key trends emerge that financial institutions must prioritize heading into the rest of the year.

Off-channel remains a top regulatory hotspot

As we discussed last quarter, the crackdown on firms' failures to monitor and archive off-channel business communications remained a top enforcement priority in Q1 2024. This represented yet another wave of steep fines and penalties levied by the SEC and CFTC for lapses in recordkeeping and supervision of electronic messaging.

At the SEC, this took the form of charges against 16 broker-dealers and investment advisers for widespread and longstanding recordkeeping violations related to electronic communications. The firms admitted to the misconduct and agreed to pay a staggering $81 million in combined penalties — a continued signal that the SEC views recordkeeping as foundational to effective compliance programs. Importantly, one firm received a reduced penalty for self-reporting its violations, contrasting with the higher sanctions faced by other firms despite their admissions. This case reinforces that proactive self-reporting and remediation can provide a degree of reprieve from harsh enforcement actions, offering a potential path forward for firms looking to get ahead of compliance gaps.

The CFTC also maintained its intense scrutiny of firms' oversight of electronic messaging channels. The agency levied $1 million and $6 million fines for recordkeeping and supervision failures stemming from employees' rampant use of unauthorized communication methods like personal text messaging for business purposes. Notably, the CFTC signaled a shift in its enforcement approach, indicating it may start requiring admissions of wrongdoing rather than allowing firms to settle without admitting or denying charges. This move marks a significant escalation in the CFTC's quest to drive greater accountability in the industry and ensure sanctions have more meaningful deterrent effects.

Staying Alert: FINRA's reminders on communication compliance

Moving to the FINRA realm, the self-regulatory organization continued its crackdown on supervision failures related to electronic communications.

  • One firm was fined a hefty $600,000 for failing to review a staggering 3.5 million emails across 691 employee email accounts over a multi-year period.
  • Next, a firm was fined $475,000 for failing to establish adequate AML programs and supervision. This included neglecting to preserve and oversee business communications conducted via WeChat by an unregistered analyst, complicated further by a language barrier as no supervisors spoke Mandarin.
  • Another firm was censured and fined $75,000 for neglecting to reasonably supervise the use of personal email accounts for business purposes.
  • Last, a firm paid a $25,000 penalty for lacking adequate written supervisory procedures around electronic messaging review and oversight. In the latter case, the reviews were not conducted or supervised by a registered principal, and the firm also failed to regularly review, assess, or update keywords used to flag emails for review.

These enforcement actions serve as a reminder from FINRA that comprehensive oversight of electronic communications is critical. While the underlying rules around recordkeeping and communication supervision are long-standing, the recent cases reinforce that FINRA will not tolerate any lapses or gaps in this area. Firms must have vigorous systems, controls, and written procedures to effectively monitor, retain, and supervise business communications across all potential channels – including personal email and messaging platforms that employees may attempt to use. In the regulator's view, any shortcomings that create monitoring blind spots or expose firms to potential spoliation of evidence will be met with penalties.

Don't get caught up in the AI hype: Lessons from SEC fines

Elsewhere, regulators continued to scrutinize firms' claims and disclosures, particularly regarding emerging technologies. The SEC fined two investment advisers a combined $400,000 for "AI washing" — making misleading statements about their use of artificial intelligence. This case serves as a cautionary tale for any financial institution seeking to capitalize on the AI hype, underscoring the importance of substantiating such representations.

Recent SEC enforcement actions have revealed instances of 'AI washing' within the investment advisory industry. In these cases, investment advisers made false and misleading statements regarding their purported use of artificial intelligence (AI). Despite marketing themselves as utilizing AI in various aspects of their operations, including investment decision-making processes, these advisers failed to substantiate these claims. The SEC, as a vigilant guardian of transparency, found that the advisers misrepresented their capabilities by overstating their utilization of AI technologies, potentially misleading clients and investors. As a result, the SEC imposed fines totaling $400,000 on these advisers, emphasizing the importance of transparency and accuracy in disclosing the use of AI within the financial services sector.

These cases coincide with increased SEC scrutiny on marketing practices, particularly concerning compliance with the Marketing Rule. The SEC's focus on ensuring accurate and transparent representation of AI usage is a clear signal. It highlights the importance, and indeed the necessity, of maintaining compliance with regulatory standards in the investment advisory industry.

The view forward

Collectively, these enforcement actions paint a clear picture of the regulatory priorities shaping the financial services landscape in 2024. From rigorous recordkeeping and communication oversight to transparent marketing and disclosures, firms must shore up their compliance infrastructure to avoid the steep costs of noncompliance. The message from regulators is unambiguous: a proactive, comprehensive approach to compliance is no longer optional — it's an imperative.

Share this post!

Tiffany Magri
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.