The rise of messaging apps has revolutionized the way we communicate, but their use in the financial sector has become a major compliance challenge for brokerage and advisory firms alike.
In recent years, registered investment advisors and broker-dealers have been facing increased scrutiny from regulators regarding their personal and off-channel communication policies — particularly for not monitoring and preserving their employees’ messages with respect to text messages, WhatsApp, and other unauthorized platforms.
In 2021, the Securities and Exchange Commission (SEC) levied $1.1 billion in fines against Citigroup Inc., Bank of America Corp., and Goldman Sachs Group Inc, followed by a $125 million penalty against J.P. Morgan Chase. Then in September 2022, the SEC announced penalties of $1.1 billion against 15 broker-dealers and one affiliated investment adviser for violating certain recordkeeping provisions of the Securities Exchange Act of 1934. When combined with J.P. Morgan’s regulatory fine, the total amount of penalties over these record lapses stands at $2.01 billion.
Now, the SEC is extending its probe of potential WhatsApp violations to asset managers, indicating that the scope of its investigation and enforcement of violations is broadening. Fines tied to unauthorized communications on Wall Street have now topped $2.5 billion, and counting. This sends a stark warning sign to representatives of broker-dealers and RIAs that the time to review their policies and procedures regarding communications is now.
So what’s the problem?
All of the financial firms and banks who were fined by the SEC neglected to maintain or preserve a substantial majority of their employees’ off-channel communications or were found to have provided employees with vague or incomplete policies and procedures in regard to monitoring and storing messages. In order for advisors and firms to avoid similar penalties, they must ensure that their policies and procedures are clear and that they specifically address the use of personal devices for business communication, including off-channel communications.
Updating Policies & Procedures
It’s important for management to lead by example and strictly adhere to the communication policies that are in place. Written policies should provide precise guidance on the types of devices that are permitted and how the firm surveils compliance with the policy. The SEC expects advisors to have written policies in this area, and it is essential for firms to align their surveillance capabilities with their written policies and procedures.
Training on these issues is also critical. Firms need to go beyond annual training, especially in light of the pandemic, where employees may have become accustomed to certain practices that may not be compliant with the firm’s policies. Therefore, it is necessary to regularly update and reinforce these rules and the procedures associated with them and train employees accordingly.
All written policies and procedures should be aligned with the firm’s surveillance capabilities. The surveillance plan does not need to rely on expensive technology. Rather, the plan must reflect a realistic assessment of the methodologies that the firm can reasonably employ to detect and prevent violations of the firm’s procedures. It also needs to be updated on a regular schedule.
Finally, it is essential to self-report issues of noncompliance to regulators, when necessary. While it may not be desirable to self-report, a failure to do so may make the problem worse and lead to more significant penalties in the long run. Therefore, firms must take proactive steps to ensure compliance and avoid the costly consequences of noncompliance with regulations regarding communication applications.
Finding The Right Balance
Simply put, if you are worried that you may be using an unapproved communication application, you probably are. It’s always going to be safer to double-check with your compliance team than to continue using an application that may be problematic.
To avoid getting into trouble with the SEC, financial advisors and firms must align their monitoring, surveillance, and archiving practices with their policies and procedures. They need to ensure that personnel only use approved means of electronic communications to conduct business and that personal devices are approved for firm business. It’s crucial to separate personal communications from business communications and archive all electronic communications related to brokerage or advisory services.
Any unapproved communication applications like WhatsApp present a significant compliance challenge to the investment advice sector. Financial firms must monitor and preserve all electronic communications related to brokerage or advisory services to comply with SEC rules. Firms need to assess whether they have an issue similar to those that were created at the larger firms and how they can best address those issues and comply. Compliance with these rules is vital to the integrity of the markets and financial firms’ reputations.
Merely having technology is not enough, firms must have the right technology, processes, procedures, training, and attestations to protect their business. Building a software or services solution that can integrate seamlessly with each approved app is complex, and therefore, firms need a third-party platform customized to deliver solutions unique to the industry. The right platform must capture digital communications directly from native apps across the enterprise, store those communications with high fidelity, and allow the reviewer to consider the context behind each message. The more advanced systems utilize machine learning and advanced analytics to solve this problem.
Compliance processes are also essential. Deciding which apps to allow and which to prohibit is a crucial part of this process, and frontline personnel at financial firms generally ask for access to a specific app. Management must then perform a risk-benefit analysis. Firms must also know how employees and affiliated financial professionals use apps and determine whether their staff stay within the guidelines. Supervisory monitoring policies are also necessary to identify whether workers are using unapproved devices, apps, or app features to communicate about business.
Although compliance gaps are unavoidable, and many financial firms have them, firms must identify the tools which their workers and clients use today, assess current compliance controls, and recognize where discrepancies exist. This process enables the firm to implement the best technological capabilities, compliance processes, and supervision methods for their businesses. By doing so, firms can approach today’s digitally dominated age of communication and live to tell about it.
If you have questions or concerns about your communication methods, or you were recently penalized for using any unapproved or unauthorized communication practices, AdvisorLaw can provide expert guidance and help to minimize any enforcement action taken against you.
Please contact us today for a complimentary consultation!
- Dual Registration Dilemma: Navigating FINRA & SEC Regulatory Shifts - November 30, 2023
- Navigating Criminal Disclosures On FINRA’s Form U4 - November 16, 2023
- 30-Year Industry Veteran Restores Flawless Records With ARS Dispute Expungement - November 1, 2023