The Financial Firm’s Guide to Compliant Text Messaging

Helping broker-dealers, investment advisors, lenders, banks and insurers to meet their regulatory retention and supervision obligations.

Your firm and clients increasingly prefer to leverage the efficiency and immediacy text messaging provides to conduct business. In the past, risk-averse firms have looked to minimize compliance and legal risks by prohibiting text messaging, but this is not only unsustainable for a workplace which continues to grow more mobile, it limits how and where advisors communicate with clients.

This guide contains practical steps that will help you develop a text messaging strategy and policy that enables you to communicate and conduct business with greater efficiency and immediacy while minimizing your firm’s compliance, legal, and reputational risk.

With smart compliance practices and supporting technology, you can be prepared to present your text message records and evidence of your supervisory procedures, in the event of a regulatory request or exam.

Why Text Messaging is a Problem

Text messaging is now woven into our work and personal lives.

Social changes, combined with technology advancements, have cemented the use of text and multimedia messaging as an inescapable requirement in today’s work environment. Did you know texts are transmitted at a rate of 200,000 messages per second? To put this in perspective, Twitter averages 6,000 tweets per second.

The use of SMS and MMS technology in business puts intense pressure on financial services firms to adapt their governance policies and procedures to keep pace with regulatory, legal, and risk-management requirements in mobile environments. Every firm must protect its brand, which means all incoming and outgoing business communications should be monitored, easy to find, and quickly produced when needed.

text-messaging-image

Prohibition doesn’t work:

67% are not confident their policy is working.

The Smarsh Electronic Compliance Survey Report revealed firms currently lack confidence that they can meet supervision and production requirements for text messaging in response to regulator requests or examinations.

This puts firms are risk of incurring FINRA and SEC fines and sanctions for failure to meet modern compliance standards.

Legal Risk:

Text messages can be requested as part of an eDiscovery or litigation event

It does not matter if an advisor uses a corporate-issued device, a personally owned device, or a combination of the two for business-related texts. All are fair game for discovery in litigation if they contain relevant business communications.

If a firm’s legal team cannot find, preserve, and produce text data in real-time—and respond quickly and completely when asked to search and produce specific text messages for discovery events and litigation—they may face legal consequences related to data spoilation, missing records, or failure to produce requested data.

FINRA text messaging guidаnce

In light of the emerging technologies and communications, in 2017 FINRA published Regulatory Notice 17–18: Social
Media and Digital Communications, providing further guidance on the rules governing social media and text-message communications for member firms.

Key points from this FINRA guidance include:

  • Firms are reminded of their obligation to keep records of business communications under SEC Rule 17a-4(b)(4). Also, firms must train and educate their advisors regarding the distinction between business and personal communications, and the requirements to retain, supervise, and produce business communications.
  • Firms that communicate or allow advisors to communicate through text messaging or chat services for business purposes must retain records of those communications, in compliance with SEC and FINRA rules.
text-messaging-guidence-image

Taking Steps to Manage the Risk

Archiving, monitoring, and producing text message data needs to become a core part of risk-based surveillance preparedness. Firms need to put policies in place, and implement a text archiving and supervision solution as soon as possible—before it’s too late.

The reality is, firms must now archive texts from their advisors, no matter what device or carrier is used, or whether the advisor owns the mobile devices used for business communication.

Text data should also be archived alongside other electronic communications content, including email, social media, websites, instant messaging and collaboration platforms. This will give compliance, legal, and business leaders the ability to supervise and produce these records in one place.

Things to consider when determining your text messaging policy:

  • What is your firm’s device-ownership scenario(s)?
  • How will you update your communications policy to account for business text messaging?
  • Which mobile carriers and plans will your firm use?
  • Does your firm need to use a Mobile Device Management (MDM) solution?
  • How will you retain, supervise, and produce text message data?

The regulatory agencies for the financial services industry, the SEC and FINRA, have recognized the importance of text messaging for firms and have provided regulations and guidance on how advisors can extend compliance programs to include mobile communications.

This e-book contains the guidelines provided by these regulatory agencies, as well as practical steps that will help you develop smart text message strategies and policies to enable your employees to communicate with greater immediacy and efficiency while meeting your compliance obligations.

In Our Guide You’ll Learn

text-messaging-icon

Key regulatory updates that pertain to text messaging.

illuminate-risk-icon

How text messaging exposes firms and their advisors to risk.

risk-management-program-icon

Five proactive steps firms can take to build a risk-management program that enables text messaging, while protecting the organization.

Get the Guide

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "get the guide", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.