Compliance

Off-Channel Communications Compliance and the Search for Best Practices

by Robert Cruz and Tiffany Magri

Last updated: February 9, 2024

Maintaining books and records has always been a requirement in the financial services sector. However, the task has been greatly complicated by:

Increasingly popular hybrid and remote work policies
Evolving collaboration trends
New mobile and communication apps
Developing public perception

For the SEC, FINRA and CFTC, this is about more than recordkeeping. It’s about ensuring that regulators can conduct effective investigations and firms are able to identify and address employee misbehavior. For these reasons, regulators have been hyper focused on the use of unapproved tools and devices. Judging by hefty enforcement actions — or off-channel communication fines — ignoring the issue won’t be tolerated.

Since 2022, fines from the SEC and CFTC total more than $2.8 billion!

For most firms, knowing exactly what regulators view as "good enough" in responding to off-channel communications remains difficult. Best practices remain elusive, but here are some of the core principles that firms have started with to demonstrate the proactive posture that regulators are requiring.

What are off-channel communications?

“Off-channel communications” refer to any form of business-related communication sent or received on a communications tool that has not been approved for business use.

Any approved communication that’s included in the firm’s policies that can be captured, archived and supervised by a firm is on-channel. This means that off-channel can vary from firm to firm and will depend on what platforms and applications a firm’s compliance infrastructure can support.

One challenge firms face is that almost every application has a messaging or communications feature. Some enter the workplace inadvertently, or perhaps are pulled by client demand. However, the general rule that financial services firms must follow remains the same: employees can only use tools that the firm can capture, store and supervise.

Financial services recordkeeping and oversight rules

While there aren’t specific SEC and FINRA off-channel communication rules per se, there are several financial services recordkeeping and oversight rules that clearly state a firm’s recordkeeping obligation. Each have their own nuances to address unique broker-dealer, investment adviser and swaps participant requirements, including:

Exchange Act Rule 17a-4(b)(4) covers FINRA-regulated broker-dealers, requiring each firm to preserve communications that pertain to its "business as such," including internal communications. The rule was recently modified to adopt a principles-based approach that emphasizes the need to maintain complete and accurate records.

FINRA Rule 3110 requires each member to establish and maintain a system to supervise the activities of each associated person, that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.

Adviser Act Rule 204-2(a)(7) was written in 1961 and applies to registered investment advisers. It requires firms to maintain "certain" communications (without explicitly referencing internal communications).

CFTC rule 1.31 applies to swaps participants to retain communications, including voice messages. It was updated in 2017 with "technologically neutral" storage requirements.

FINRA Regulatory notice 17-18 requires broker-dealers to retain text messaging or chats related to its business, extending earlier guidance covering social media under FINRA Notice 11-39.

Department of Justice (DOJ) Evaluation of Corporate Compliance Programs extends the requirement of inspecting for off-channel communications to firms in other industries.

Common off-channel communication violations

As regulators dole out more off-channel communication fines, we see common enforcement language emerge. Enforcement targets were those where off-channel activities were “widespread and pervasive” and often accompanied by the firm failing to follow-up on red flags.

Common channel culprits include encrypted mobile apps like WhatsApp, SMS text messages, Discord, LinkedIn messenger and iMessage.

This isn’t just a regulated broker-dealer and investment adviser issue. Individual compliance and executive staff, ratings agencies and swaps participants are also on the receiving end of enforcement penalties.

For every firm, the challenge is dynamic. New tools are surfacing every day. There’s no perfect solution to preventing the use of an unapproved or prohibited tool. It’s critical that firms approach this challenge by considering how well they can identify and address misconduct before it becomes an issue.

That is the regulatory expectation — not just following recordkeeping rules, which vary from broker-dealer to investment adviser to swaps participant.

Financial services regulators target off-channel communications

The regulators have spoken: firms must conduct their business communications only within approved channels, and they must maintain and preserve those communications. Organizations must capture, retain and review employee communications in support of regulatory retention and oversight obligations.

Financial services firms large and small — both in the U.S. and abroad — are at risk of regulatory action if their communications policies aren’t being adhered to or supervised appropriately. While the biggest fines on large enterprise firms make the headlines, smaller firms need to be on high alert and expect the same scrutiny.

The search for off-channel communications best practices

Off-channel communications are a result of three colliding forces:

An explosion of new communications and collaborative sources
Changes to work patterns and demographic forces
Regulatory frameworks derived from the 1930s and 40s

Unfortunately, there’s no playbook with specific steps that regulators can expect firms to follow when managing off-channel risks.

However, the following has been clearly established:

The issue applies to everyone in financial services — and now other industries — given communications from the DOJ
Firms will continue to follow the principle that regulated users, “can’t use what we can’t capture and supervise”
Identifying deficiencies and remediating them will continue to rely on a mix of policy and procedure adjustments, amplified employee training, as well as oversight tuning methods to increase visibility into employee behavior

Underpinning it all is a firm’s culture of compliance that starts from leadership and supported by tangible actions, which includes self-reporting and remediation.

At Smarsh, we engage with customers, prospects and key industry influencers as the financial services sector struggle with:

Differences in regulatory requirements
Balancing regulatory obligations against data privacy requirements
The allowing or prohibition of communicational modalities such as voice, video, whiteboards, and AI-enabled features

Off channel communications tips and tricks

How Smarsh helps with off-channel communications compliance

As the global leader in digital communications capture, archiving and oversight, we help firms simplify communications compliance. But as we all know, a prohibition policy won’t save firms from fines if their regulated users are communicating with clients over prohibited channels.

That’s why our solutions are designed to capture the most common (and several uncommon) communication channels. By expanding the number of channels that can be captured, Smarsh empowers your organization to allow more channels and minimize the risk of off-channel communications. This includes encrypted applications like WhatsApp and WeChat or on mobile devices.

By combining regulatory-grade AI that increases visibility into off-channel activities with our professional services team to optimize existing lexicons, our conduct portfolio is purpose-built to meet today’s data-heavy communications needs.

FEATURED BRIEF

Off-Channel Communications Surveillance

Get the brief

Share this post!

Author
Recent Posts

Robert Cruz

Vice President, Information Governance at Smarsh

Robert Cruz is Vice President, Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.

Latest posts by Robert Cruz (see all)

The Big Question at SIFMA C&L Orlando: “Can We Just Be Done with Off-Channel Enforcement Now?” - March 25, 2024
Off-Channel Enforcement Update: The Value of Self-Reporting Becomes Clearer - February 15, 2024
FINRA 2024 Annual Regulatory Oversight Report: Impact on Digital Communications Practices - January 11, 2024

Author
Recent Posts

Tiffany Magri

Senior Regulatory Advisor at Smarsh

As a Regulatory Advisor at Smarsh, Tiffany Magri monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.

Latest posts by Tiffany Magri (see all)

From Hypothetical Performance to Real Consequences: SEC’s Message to Advisers - April 15, 2024
Navigating the SEC’s Expanded Dealer Definition - March 6, 2024
Digital Communication Preservation: Highlights of the DOJ and FTC’s Imperative Guidance - February 27, 2024

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work

More Resources