Regulatory Update

End of 2023 Sets Tone for Admission and Voluntary Self-Remediation in 2024

by Tiffany Magri

Last year was a whirlwind of regulatory enforcement actions, and the final quarter of 2023 proved to be more of the same. By looking at the fines and penalties regulatory agencies are imposing on financial services firms and individuals, we can discover trends regulatory agencies like FINRA, SEC and CFTC are prioritizing for 2024.

Inadequate supervision of MNPI

A financial services firm was recently censured and fined $100,000 for inadequate supervision of material non-public information (MNPI), with regulators calling out substantial gaps in communications controls. According to regulators, the firm lacked sufficient policies and procedures between April 2019 and December 2021 to prevent potential misuse of MNPI, despite operating an investment banking business. The firm exhibited glaring deficiencies in processes related to communications and information security:

No controls verifying supervisors reviewed employee emails and communications
No controls verifying supervisors were properly authorized to access sensitive information
Systems failed to reliably track and monitor affiliate staff with access to MNPI obtained through emails and shared drives
Delays adding issuers to MNPI restricted trading lists after emails and meetings where confidential details were exchanged
There weren’t timely reviews of securities transactions in personal brokerage accounts of employees who may have been influenced by email tips or shared documents

Regulators noted that these significant issues with communication channels and information security were first flagged in March 2019 but persisted, culminating in formal disciplinary action. The enforcement action calls on the firm to prioritize enhancing oversight of internal access, usage tracking, and monitoring related to material non-public and other confidential information obtained through emails, shared folders, instant messages and virtual meetings.

Non-compliance with recordkeeping and privacy rules

A U.K. financial services company was fined $140,000 by industry regulators for non-compliance with recordkeeping and privacy rules. Specifically, the firm:

Failed to record all oral communications by brokers, who were using personal cellphones, violating a rule requiring firms to keep records of all business-related communications
Allegedly failed to prevent brokers from improperly disclosing customers' confidential information
Breached supervision obligations

Improper text messaging

Three individuals were fined and suspended — with one even barred from associating with any FINRA member — due to the improper use of text messaging, violating their firms' policies. The fines ranged between $5,000 and $10,000. This breach of communication protocols is crucial for maintaining regulatory compliance and preserving accurate records.

In each case, the individuals used unapproved text messaging services, preventing the preservation of communications as required by regulations. This not only led to incomplete recordkeeping but also compromised the integrity of the firms' compliance frameworks.

Adhering to approved communication channels, ensuring accurate record retention, and maintaining transparency in financial transactions remains a critical compliance concern for employees within financial firms. Regulatory sanctions serve as a reminder for financial professionals to prioritize compliance with established communication policies to help avoid legal and reputational consequences.

CFTC signals policy shift from “neither admit nor deny” to admissions of guilt in enforcement settlements

The Division of Enforcement of the Commodity Futures Trading Commission (CFTC) indicated potential changes forthcoming in enforcement resolution recommendations into financial sector misconduct.

Historically, settlements between the CFTC and firms accused of violations have permitted companies to resolve cases without admission of wrongdoing (or a “neither admit nor deny” approach). However, the Division stated it may now require admissions of infractions in some situations rather than defaulting to the past settlement norm.

Compelled admissions promote accountability and serve to deter future violations according to regulators. This echoes a similar statement in 2021 from the SEC signaling potential changes in settlement practices.

In addition to seeking acknowledgement of violations, the CFTC Division outlined intentions to recalibrate calculation methods for civil monetary penalties. The goal of these updated enforcement policies is to ensure fines better reflect updated priorities around preventing ongoing industry misconduct through impactful sanctions.

As a result, financial penalties for non-compliance may exceed those levied in comparable past cases. Ongoing violations by recidivist firms will also be factored into penalty amounts in a departure from previous procedures.

Collectively these measures signal an emphasis by CFTC officials on asserting deterrence and spurring changes in behavior by regulated entities through stepped-up application of enforcement tools. The days of assuming boilerplate “no admit, no deny” settlements as standard practice appear to be over.

Ensure adequate compliance infrastructure

Effective communications compliance is a fundamental yet often overlooked aspect of financial firms' regulatory duties.

As shown by the recent $500,000 Massachusetts regulators fine, gaps in oversight of customer communications can accumulate over years. In this case, the firm had just one compliance employee monitoring hundreds of thousands of accounts, making it impossible to properly screen and address the volumes of client correspondence received.

To prevent such issues, firms should conduct regular assessments to determine the appropriate number of compliance personnel based on the scale and nature of their operations. This proactive approach ensures that firms can meet regulatory obligations and maintain the integrity of their financial services operations.

To enable appropriate surveillance, firms must consistently evaluate communication workloads, scale oversight staffing accordingly, and consider various channels such as email, mobile apps, and social media. As digital engagement continues to accelerate, financial institutions must make ongoing improvements to align with regulatory mandates.

By investing in and consistently optimizing communications compliance, these institutions can demonstrate their commitment to both clients and regulators. The risks associated with weak oversight far outweigh compliance costs, emphasizing the imperative nature of building vigorous compliance structures and addressing potential regulatory challenges proactively.

Another firm was recently censured and fined $3 million for deficiencies in its supervision of trading activities. According to regulators, the firm failed to adequately monitor potentially manipulative trades, including marking the open or close, prearranged trading, and wash sales.

The firm's surveillance alert review process was found to be inadequate, primarily due to insufficient staffing and resources. This resulted in:

Over one million system alerts exceeding predefined risk thresholds were neglected
Significant delays observed in the firm’s review of internal system alerts
Front-line staff were able to close alerts without appropriate supervision by senior management

Additionally, the firm lacked reasonable written procedures for evaluating potentially manipulative trading patterns.

Regulators highlighted these supervisory gaps as a key factor enabling customers to engage in trading activity that exhibited red flags without prompt follow-up. Sufficient compliance personnel and controls are vital to identify and respond to signs of manipulation. The enforcement action serves as a reminder of the importance of devoting adequate attention and resources to monitoring for abusive practices.

What this means for 2024

As shown by recent regulatory actions, financial services firms must prioritize building vigorous and adaptable compliance frameworks centered on communications oversight. Sufficient staffing, updated policies, and continuous process improvements are essential to address the risks of non-compliance – from recordkeeping gaps to information security vulnerabilities.

While expanding digital channels create new supervisory challenges, firms that proactively evaluate workloads and invest in compliance measures can meet rising regulatory expectations. Appropriate admissions, penalties, and remediation commitments also serve accountability aims when violations do occur. Overall, the imperative for financial institutions is to foster an organizational culture valuing transparency, integrity, and regulatory partnership through adequate resourcing and controls.

FEATURED WHITE PAPER

Generative AI and Compliance

White paper

Read Now

Share this post!

Author
Recent Posts

Tiffany Magri

Senior Regulatory Advisor at Smarsh

As a Regulatory Advisor at Smarsh, Tiffany Magri monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.

Latest posts by Tiffany Magri (see all)

From Hypothetical Performance to Real Consequences: SEC’s Message to Advisers - April 15, 2024
Navigating the SEC’s Expanded Dealer Definition - March 6, 2024
Digital Communication Preservation: Highlights of the DOJ and FTC’s Imperative Guidance - February 27, 2024

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work

More Resources

data points fiber optics network connected blue featured img