Off-Channel Communications Compliance and the Search for Best Practices
Last updated: February 9, 2024
Maintaining books and records has always been a requirement in the financial services sector. However, the task has been greatly complicated by:
- Increasingly popular hybrid and remote work policies
- Evolving collaboration trends
- New mobile and communication apps
- Developing public perception
For the SEC, FINRA and CFTC, this is about more than recordkeeping. It’s about ensuring that regulators can conduct effective investigations and firms are able to identify and address employee misbehavior. For these reasons, regulators have been hyper focused on the use of unapproved tools and devices. Judging by hefty enforcement actions — or off-channel communication fines — ignoring the issue won’t be tolerated.
Since 2022, fines from the SEC and CFTC total more than $2.8 billion!
For most firms, knowing exactly what regulators view as "good enough" in responding to off-channel communications remains difficult. Best practices remain elusive, but here are some of the core principles that firms have started with to demonstrate the proactive posture that regulators are requiring.
What are off-channel communications?
“Off-channel communications” refer to any form of business-related communication sent or received on a communications tool that has not been approved for business use.
Any approved communication that’s included in the firm’s policies that can be captured, archived and supervised by a firm is on-channel. This means that off-channel can vary from firm to firm and will depend on what platforms and applications a firm’s compliance infrastructure can support.
One challenge firms face is that almost every application has a messaging or communications feature. Some enter the workplace inadvertently, or perhaps are pulled by client demand. However, the general rule that financial services firms must follow remains the same: employees can only use tools that the firm can capture, store and supervise.
Financial services recordkeeping and oversight rules
While there aren’t specific SEC and FINRA off-channel communication rules per se, there are several financial services recordkeeping and oversight rules that clearly state a firm’s recordkeeping obligation. Each have their own nuances to address unique broker-dealer, investment adviser and swaps participant requirements, including:
Exchange Act Rule 17a-4(b)(4) covers FINRA-regulated broker-dealers, requiring each firm to preserve communications that pertain to its "business as such," including internal communications. The rule was recently modified to adopt a principles-based approach that emphasizes the need to maintain complete and accurate records.
FINRA Rule 3110 requires each member to establish and maintain a system to supervise the activities of each associated person, that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.
Adviser Act Rule 204-2(a)(7) was written in 1961 and applies to registered investment advisers. It requires firms to maintain "certain" communications (without explicitly referencing internal communications).
CFTC rule 1.31 applies to swaps participants to retain communications, including voice messages. It was updated in 2017 with "technologically neutral" storage requirements.
FINRA Regulatory notice 17-18 requires broker-dealers to retain text messaging or chats related to its business, extending earlier guidance covering social media under FINRA Notice 11-39.
Department of Justice (DOJ) Evaluation of Corporate Compliance Programs extends the requirement of inspecting for off-channel communications to firms in other industries.
Common off-channel communication violations
As regulators dole out more off-channel communication fines, we see common enforcement language emerge. Enforcement targets were those where off-channel activities were “widespread and pervasive” and often accompanied by the firm failing to follow-up on red flags.
This isn’t just a regulated broker-dealer and investment adviser issue. Individual compliance and executive staff, ratings agencies and swaps participants are also on the receiving end of enforcement penalties.
For every firm, the challenge is dynamic. New tools are surfacing every day. There’s no perfect solution to preventing the use of an unapproved or prohibited tool. It’s critical that firms approach this challenge by considering how well they can identify and address misconduct before it becomes an issue.
That is the regulatory expectation — not just following recordkeeping rules, which vary from broker-dealer to investment adviser to swaps participant.
Financial services regulators target off-channel communications
The regulators have spoken: firms must conduct their business communications only within approved channels, and they must maintain and preserve those communications. Organizations must capture, retain and review employee communications in support of regulatory retention and oversight obligations.
Financial services firms large and small — both in the U.S. and abroad — are at risk of regulatory action if their communications policies aren’t being adhered to or supervised appropriately. While the biggest fines on large enterprise firms make the headlines, smaller firms need to be on high alert and expect the same scrutiny.
The search for off-channel communications best practices
Off-channel communications are a result of three colliding forces:
- An explosion of new communications and collaborative sources
- Changes to work patterns and demographic forces
- Regulatory frameworks derived from the 1930s and 40s
Unfortunately, there’s no playbook with specific steps that regulators can expect firms to follow when managing off-channel risks.
However, the following has been clearly established:
- The issue applies to everyone in financial services — and now other industries — given communications from the DOJ
- Firms will continue to follow the principle that regulated users, “can’t use what we can’t capture and supervise”
- Identifying deficiencies and remediating them will continue to rely on a mix of policy and procedure adjustments, amplified employee training, as well as oversight tuning methods to increase visibility into employee behavior
Underpinning it all is a firm’s culture of compliance that starts from leadership and supported by tangible actions, which includes self-reporting and remediation.
At Smarsh, we engage with customers, prospects and key industry influencers as the financial services sector struggle with:
- Differences in regulatory requirements
- Balancing regulatory obligations against data privacy requirements
- The allowing or prohibition of communicational modalities such as voice, video, whiteboards, and AI-enabled features
How Smarsh helps with off-channel communications compliance
As the global leader in digital communications capture, archiving and oversight, we help firms simplify communications compliance. But as we all know, a prohibition policy won’t save firms from fines if their regulated users are communicating with clients over prohibited channels.
That’s why our solutions are designed to capture the most common (and several uncommon) communication channels. By expanding the number of channels that can be captured, Smarsh empowers your organization to allow more channels and minimize the risk of off-channel communications. This includes encrypted applications like WhatsApp and WeChat or on mobile devices.
By combining regulatory-grade AI that increases visibility into off-channel activities with our professional services team to optimize existing lexicons, our conduct portfolio is purpose-built to meet today’s data-heavy communications needs.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.