Regulatory Enforcement of Off-Channel Communications
7 Proactive Steps for Financial Service Firms to Prepare for Regulatory Scrutiny
The U.S. Securities and Exchange Commission (SEC) announced charges against 11 firms (ten broker-dealers and one investment adviser) on August 8, 2023, for failures by the firms and their employees to maintain and preserve electronic communications, in particular off-channel communications. The firms acknowledged that their conduct violated recordkeeping rules and agreed to pay combined penalties of more than $289 million. The firms have also begun implementing improvements to their compliance policies and procedures to settle the matters. However, this is just one instance in the SEC’s crack-down on recordkeeping failures over the past year.
Previously, on September 27, 2022, the SEC announced charges against 16 Wall Street firms (15 broker-dealers and one affiliated investment adviser) for the same failures, and those firms agreed to pay combined penalties of more than $1.1 billion. Before that, on August 3, 2022, the SEC announced an enforcement action against a private fund manager and its founder for various failures related to electronic communications, which included a comprehensive corrective-action plan.
To date, the SEC reported that is has brought 30 enforcement actions and ordered over $1.5 billion in penalties to drive home the message that compliance with the books and records requirement is essential to investor protection and well-functioning markets.
These cases, and ongoing SEC sweep exams of investment advisers and dual registrants, have brought renewed focus and industry concern about how to successfully capture and maintain electronic communications, especially off-channel communications.
Many of the firms charged have primarily been broker-dealers, and the charges were focused on books and records violations as the broker-dealer regulations don’t have a compliance regulation similar to 206(4)-7. Industry concern is that exams of advisers could lead to charges not only of books and records violations, but also compliance charges under 206(4)-7. In the August 8, 2023 announcement, the SEC mentioned its continuing sweep exams of broker-dealers and investment advisers; so further enforcement actions are anticipated.
In light of this regulatory scrutiny, below are suggestions for firms to proactively strengthen their compliance program around off-channel communications in the effort to avoid enforcement action, or at the very least, keep any findings to deficiencies.
- Review your current written policies and procedures on electronic recordkeeping.
- Make sure your written policies match what the firm is doing. Many deficiencies cited by the SEC are related to written policies not being implemented as stated. In addition, make sure your policies address off-channel communications. Completely prohibiting off-channel communications is unlikely to be a reasonable policy for even the smallest of firms. Instead, consider limiting the channels of communication (specify which channels are approved and which are prohibited), have a policy to limit off-channel communication to non-substantive content such as confirming a meeting time, and have a policy for inadvertent substantive off-channel communications to be forwarded or uploaded so they are captured in the firm’s books and records.
- Address the archiving of electronic communications in your policies.
- Consider polling employees periodically on which apps they and the industry commonly use to conduct business and update your compliance program accordingly.
- Conduct surveys with clients to see how they prefer to communicate with your firm and consider adding those communication platforms to your policies and procedures if they are not already addressed.
- Make sure your firm is capturing communications on all channels where your policies allow business communications to happen.
- Provide training. Training should cover permitted and prohibited methods of communication, technology used to capture and retain required communications, policies for inadvertent use of prohibited channels, reporting, and certification.
- Provide training to new hires promptly.
- Provide 1:1 training with known or suspected offenders.
- Provide company-wide training regularly.
- Provide department specific training so each department understands how the communication policies and procedures apply to their daily tasks.
- Engage a third-party for electronic communications surveillance and training.
- Enforce a culture of compliance from the top. Periodic emails that come from the CEO or other senior management help create a culture of compliance from the top. In-person reminders during standing or periodic meetings communicated by the CCO, CEO, or other senior management help to remind employees of the communication policies. In the enforcement cases, the supervisors that were supposed to enforce the policies were violating their own policies. Leadership and supervisors need to be setting the right tone.
- Use certifications and attestations as frequently as quarterly. Your firm’s certification and attestation policy may vary by type of employees and the related risks they pose, especially for larger firms. Certifications may be specific to the firm’s electronic communications policy, or even more narrow to the specific channels of communication permitted. Certifications may be standalone, or they may be part of a broader annual certification. Ask in your certification if the person may have sent any off-channel communications that contained business matters in contravention with the firm’s policies and procedures. For those who reply “yes,” meet with them 1:1 to review the policies, provide training, and address capturing messages.
- Enhance testing:
- Compare the volume of communication records captured over time by employee. If volume drops, that could be an indication that communications have moved “off-channel.”
- If there is a specific deal going on, enhance reviews of communications.
- Perform spot-checks and random checks of communication. Search for indications to move off-channel.
- Confirm that electronic communication reviews and testing cover all communication channels the firm uses for business communications.
- Implement a holistic surveillance program that uses natural language processing or artificial intelligence.
- Some firms may consider randomly inspecting employee’s personal devices, although not without the approval of appropriate HR counsel.
How we help
The SEC has made clear that they expect firms to capture and review business communications regardless of what platforms employees use. ACA's ComplianceAlpha® eComms Surveillance Software can help you manage your employees’ use of electronic platforms to communicate with colleagues and clients and test for the use of off channel communications. Our solution is an integrated, machine learning-based surveillance and investigations platform that combines mobile and voice data for a holistic view of potential behavior risks across your firm.