Regulatory Alert: Off-Channel Communications - The Saga That Just Won't Quit

August 15, 2024by Tiffany Magri
SUBSCRIBE TO BLOG

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Off-channel communications are back in the regulatory spotlight, and once again, it’s costing firms big. The SEC and CFTC have dropped another round of enforcement actions, raising a whopping $473 million in penalties. If you thought we were done with off-channel enforcement, think again.

Why does this still matter?

You might be wondering, "Didn't we already address this?" Well, yes and no. As long as there are new ways to communicate, regulators will be playing catch-up – and they expect firms to be right there with them. It's not just about following rules; it's about maintaining market integrity and effective oversight. When regulators come knocking, they want the full picture – every message, every trade, every "sounds good" must be accounted for. Missing pieces? That's a puzzle no one wants to have to solve.

What's new this time around?

Self-reporting pays off

Three firms took the initiative to self-report violations to the SEC, with one brave soul also confessing to the CFTC. The result? These firms received reduced penalties and a nod from the regulators. This approach incentivizes firms to conduct thorough internal reviews and promptly address potential violations. It also reinforces the importance of maintaining vigorous compliance programs that detect and address potential violations before they escalate into more serious regulatory concerns.

"Among this group of firms, there are several that differentiated themselves by self-reporting prior to the staff’s investigation, demonstrating once again the real benefits of proactive cooperation."

-- Gurbir S. Grewal, director of the SEC’s enforcement division

Even custom solutions aren't foolproof

Some firms have implemented proprietary compliant messaging platforms. Great idea, right? Well, employees still found ways to circumvent these systems. Despite these efforts, the firms found that employees continued using unauthorized channels for business communications. Employees found ways to bypass these systems, often reverting to personal devices and applications for business-related communications.

These cases are a good reminder that technological solutions alone are insufficient; firms must combine them with vigorous policies, consistent enforcement, regular training, and a compliance-focused culture.

Persistent auto-delete issues

We're seeing more cases of employees using auto-delete functions on personal devices. Regulators may view this practice unfavorably as it suggests an intentional evasion of recordkeeping requirements. In several instances, senior executives were found to have enabled these functions, effectively erasing potentially crucial business communications. Interestingly, in one case, some messages were retained on an executive's personal iPad despite being deleted from their iPhone, highlighting the complexity of managing communications across multiple devices. Regulators may interpret such actions as a red flag, signaling a potential culture of non-compliance that extends beyond recordkeeping violations.

Beyond just texts

While text messages are still the primary culprit, regulators are casting a wider net. WhatsApp, WeChat, iMessage, even LinkedIn – they’re all on the radar now. Regulators expect firms to have a comprehensive understanding of all communication channels their employees might use for business purposes. This goes beyond the obvious messaging apps and includes channels like emerging social media platforms, collaboration tools (e.g., Slack, Microsoft Teams, Discord), video conferencing platforms with chat features, and encrypted messaging apps.

Remember, regulators are less concerned with the specific platform used and more focused on whether firms can maintain and produce required records. As communication technologies continue to evolve, firms must stay ahead of the curve, continually reassessing and updating their compliance strategies to ensure they encompass all potential communication channels.

compliance checklist promo blog

What can firms do?

  • Acknowledge the ongoing nature of the issue: Recognize that off-channel communications will remain a regulatory focus and position your firm to address it proactively.
  • Conduct a comprehensive risk assessment: Regularly perform a thorough internal risk assessment to identify potential compliance gaps before they escalate into regulatory issues.
  • Implement holistic technological solutions: Invest in systems that facilitate compliant communication while making it easier for employees to adhere to policies.
  • Culture is key: All the tech in the world won't help if your culture doesn't support compliance. This starts at the top. When senior execs are using WhatsApp for business, it sends a message (pun intended) that the rules don't matter.
  • Effective training programs: Develop engaging, relevant training that clearly communicates the importance of compliance to each employee's role. Make it stick.
  • Consider self-reporting: If you do find issues, seriously consider your obligation to self-report. It might feel risky, but it could save you from more severe consequences down the line.
  • Stay informed: The regulatory landscape is constantly evolving. Make sure you're staying on top of the latest guidance and enforcement actions.

As we grapple with the ongoing saga of off-channel communications, it's crucial to recognize that at its core, this is a supervision issue rather than merely a failure to capture communications. It's not enough to have the capability to capture communications; firms must actively supervise their employees' adherence to communication policies and swiftly address any deviations. While the ability to capture and retain various communication channels is essential – and solutions like ours can indeed turn off-channel communications ON – the real challenge lies in ensuring that these capabilities are consistently and effectively utilized across the organization.

featured guide icon

FEATURED CHECKLIST

Assess Your Regulatory Risk for Off-Channel Communications

Risk assessment worksheet

Read Now

Share this post!

Tiffany Magri
Latest posts by Tiffany Magri (see all)
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

CONTACT US

FEATURED CONTENT

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work
CONTACT SALES

More Resources

Smarsh: 2020 Smarsh Risk & Compliance Survey Report: The Year of Operational Disruption & Digital Transformation
Nearly Half of Government Agencies Can Improve Their Open Records Requests Process
by Smarsh
on September 13, 2024
Read more
tablet mobile laptop stats data concept featured img
Adapting to Change: Text Message Archiving for Financial Advisers
by Smarsh
on August 22, 2024
Read more
Enterprise archive light feat img
Top 10 Considerations When Selecting an Enterprise Archive Platform
by Smarsh
on August 20, 2024
Read more

Contact Us

Tell us about yourself, and we’ll be in touch right away.