Electronic Communications Recordkeeping Failures Cost Large Firms More than $1.1 Billion
Although the financial industry has been quick to adopt new ways to communicate with clients and colleagues, firms have been slow to adopt technology that can capture, retain, and assist with monitoring electronic communications (“eComms") sent or received via messaging apps like WhatsApp and WeChat. That is a problem because SEC regulations require firms to archive certain business communications of their employees. To avoid potential record retention issues, many firms prohibit the use of unarchived eComms channels for business purposes. However, enforcing these policies has been an ever-growing challenge for firms and their compliance teams.
In September 2021, the SEC started a sweep focused on how firms were monitoring, archiving, and safeguarding employee communications, including whether firms were adequately supervising the use of personal devices. As a result, the SEC uncovered widespread use of unapproved devices and private messaging apps by employees. This occurred even though the firms had established policies and procedures that addressed such communications. More recently, the SEC brought a case against an investment adviser for its failure to retain business communications on personal electronic devices.
Most recently, the SEC fined 16 firms for failure to capture certain business communications, as well as failure to supervise their employees by not detecting or preventing the use of unapproved devices. These firms paid fines and penalties in excess of $1.1 billion.
Our Guidance
Based on these recent SEC settlements, establishing policies and procedures are no longer sufficient to demonstrate compliance with Securities Exchange Act of 1934 Rule 17a-4(b)(4) and Advisers Act Rule 204-2(a)(7). Financial firms need to implement more rigorous and automated solutions to surveil the potential use of unarchived communications platforms.
eComms surveillance tools can be used to review and archive approved communication methods and should be a standard part of a financial firm’s compliance program. However, identification of the potential use of unapproved devices could be more challenging. These reviews require a technology toolkit as well as surveillance staff who are educated in identifying potential items of interest.
Tools are just one important element of the monitoring process. To maximize the effectiveness of these tools, it is important that the review of communications be thoughtful and targeted. This should include identifying risk areas of the firm that should have additional communications monitoring (e.g., trading, research investment banking). Such reviews may find references to conversations that may be happening outside of the firm’s approved communication channels.
In short, firms need to establish and publish rigorous policies and procedures and provide staff with related ongoing training. They also need to implement eComms surveillance technology to ensure compliance with the policies and diligently review the output from the technology to determine if unapproved communications are being sent or received by employees.
How we help
Employees’ increasing use of electronic platforms like Teams, Zoom, Slack, WhatsApp, and WeChat to communicate with colleagues and clients can lead to increased conduct risks at your firm. We can help your firm detect and mitigate these risks effectively and efficiently to protect your business.
Spotlight on our eComms Surveillance Software
Questions?
If you have any questions or would like to discuss how ACA can help your firm strengthen its surveillance program, increase efficiencies through technology, and ensure that your regulatory obligations are met, please reach out to your ACA consultant or contact us here.