The Lesson of 2024 Q2 Regulatory Actions: Be Proactive
The regulatory landscape in financial services is continuously moving, as we saw in our recent Smarsh Summer Break Q2 Regulatory Roundup webinar. I had the chance to sit down with two industry experts:
- Cameron Iraj, Senior Managing Director of IQ-EQ
- John Goff, Managing Director of Information Governance, Privacy & Security at FTI
We dug into some fascinating communications-related actions that cropped up during the second quarter of 2024, and I'm excited to share what we learned.
Off-channel communications: A persistent challenge
Off-channel communications remain a significant concern for regulators, with recent enforcement actions resulting in fines ranging from $150,000 to $6.5 million. These violations encompass a variety of issues, including:
- Use of unapproved platforms
- Deletion of messages
- Firms failing to follow their own policies and procedures
- Insufficient monitoring
- Inadequate preservation of communications across multiple platforms
- Failure to maintain trade-related communications via instant messaging and mobile devices
During our conversation, Iraj and Goff identified several key areas to help effectively mitigate off-channel communication risks:
Write clear and specific policies
"Simply stating that you can only use approved channels without spelling them out and giving employees directions on how to potentially access them is not doing anyone any good. You really need to be clear about what is allowed and what isn't allowed," said Goff.
Implement comprehensive archiving and monitoring systems
Ensure that all approved platforms are covered, preventing any business-related communications from slipping through the cracks.
Regularly review and update communication policies
Adapt policies to encompass emerging technologies and personal devices used for business purposes, keeping pace with the rapidly evolving digital landscape.
Conduct periodic audits
Identify potential gaps in communications oversight and allow for timely adjustments to the compliance strategy.
Go beyond prohibition policies and attestations
Implement procedures to review prohibited networks and catch any unauthorized usage.
The expanding scope: beyond financial services
A significant development in this area is the recent legal action by the Federal Trade Commission (FTC) against a major tech company. The FTC is pursuing this case due to the company's use of auto-delete features on encrypted messaging apps during an antitrust investigation. This action highlights that, beyond the typical financial services regulatory scope, other agencies are also focusing on proper communication preservation.
Some of the key issues we identified during our discussion to help prevent such problems:
- Monitor employee conduct and implement periodic reviews and audits related to digital communications
- Ensure compliance with policies for proper use of approved communication channels
- Stay informed of regulatory changes and updates with resources like the FTC's website
- Conduct periodic reviews of archiving and capture systems to ensure all required communication channels are being recorded as per FTC requirements and preventing any gaps
- Address unauthorized platform usage with documented processes to disable disappearing messages and capture necessary information
- Simplify the environment by centralizing data and removing legacy messaging systems and archives, making compliance oversight more manageable
“Conduct an exercise to identify what legacy data needs to be retained for legal, regulatory, or business and then work with a reputable partner to extract and migrate that data to the primary archive,” suggested Goff.
Social media influencers: A regulatory focus
The rise of social media influencers in finance has attracted regulatory attention. FINRA issued censures and fines ranging from $200,000 to $850,000 to three firms for violations related to social media influencers. Common issues included unfair and unbalanced content, lack of content review, inadequate recordkeeping, and insufficient supervisory systems.
To address these challenges, firms should develop specific policies for vetting, monitoring and archiving influencer content. Implementing supervisory systems designed explicitly for overseeing influencer communications is crucial, even for firms that do not actively engage influencers.
Our panel discussion poll revealed a startling statistic: only 20% of surveyed firms have implemented influencer policies.
We can’t stress this enough: Even if your firm prohibits the use of influencers, consider adding policies and procedures addressing influencers.
This low adoption rate of influencer policies highlights a significant potential gap in many firms' compliance strategies. Regardless of a firm's current stance on influencer engagement, there's an urgent need to take more proactive measures in this rapidly evolving area of digital communication.
Marketing Rule: Emphasis on performance advertising
The SEC has been cracking down on investment advisers for improper advertising of hypothetical performance. In its second wave of enforcement actions related to the new Marketing Rule, the SEC charged five firms resulting in combined penalties of $200,000. These actions highlight critical issues, such as:
- The lack of policies ensuring the relevance of hypothetical performance to intended audiences
- Insufficient disclosure of calculation methodologies and assumptions
- Inadequate communication of the limitations and risks inherent in hypothetical performance
Iraj emphasized that the new definition of "advertisement" under the Marketing Rule is extremely broad.
"The policy is to address not only the pitch books, websites, but also social media sites as well, anywhere [advertisements appear]," he said.
This expanded scope requires firms to think beyond traditional advertising mediums and consider all forms of communication that could fall under the rule's purview.
To align with the new Marketing Rule requirements and mitigate regulatory risks, financial firms should consider:
- Regularly reviewing and updating marketing materials and procedures across all platforms, with particular attention to the presentation of hypothetical performance
- Implementing policies for the creation, review and approval of performance advertising
- Ensuring clear and prominent disclosures accompany any hypothetical performance presentations, explaining methodologies, assumptions and limitations
- Developing processes to determine the financial situation and investment objectives of the intended audience for each advertisement containing hypothetical performance
- Conducting periodic training for marketing and compliance staff on the new rule's requirements
“The SEC’s Director of Enforcement stated that hypothetical performance advertisement may present an elevated risk for prospective investors whose likely financial situation investment objectives don't match the advertised investment strategy,” noted Iraj.
SEC’s five principles of effective cooperation: From theory to practice
During our webinar, we explored the SEC’s five principles for effective cooperation:
- Self-policing
- Self-reporting
- Remediation
- Cooperation beyond legal requirements
- Collaboration
These principles offer a framework for firms to engage proactively with regulators and potentially achieve more favorable outcomes.
We're seeing these principles put into practice today. During our discussion, we noted cases where firms received reduced penalties due to their cooperation efforts.
For instance, in the Marketing Rule enforcement actions, four out of five firms received significantly reduced penalties because they took corrective steps before being contacted by the SEC. This practical application of the cooperation principles resulted in fines being reduced by approximately 66-75% of what they might have been otherwise.
Staying ahead in the fast-paced world of financial regulations isn't just about knowing the rules — it's about anticipating changes and adapting quickly. This regulatory roundup highlights the importance of being proactive rather than reactive. Remember, the goal isn't just to avoid penalties, but to build a resilient and trustworthy organization that can navigate the regulatory complexities with confidence.
Share this post!
- Regulatory Alert: Off-Channel Communications - The Saga That Just Won't Quit - August 15, 2024
- The Lesson of 2024 Q2 Regulatory Actions: Be Proactive - July 24, 2024
- FINRA Annual Conference 2024: Takeaways for AI Compliance - May 23, 2024
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US