3 min
Off-Channel Communications: How Financial Services Organizations Can Address Regulators’ Latest Target
Off-channel communications (OCC) occur when employees use unapproved and inadequately protected devices – such as personal cellphones – or applications to communicate with co-workers, counterparties and / or clients. Many financial services firms are required to maintain copies of all communications regarding their business, supervise the same, and produce them in response to regulatory requests. Firms cannot meet those compliance obligations when employees resort to unauthorized OCC for business-related matters. In charging 15 broker-dealers and one affiliated investment advisor in September 2022 with record-keeping violations, the SEC noted that its investigation uncovered employees at all levels of these firms who routinely used text messaging apps on their personal devices to discuss business matters between January 2018 and September 2021 [1]. The firms settled the charges and agreed to pay penalties totaling more than $1.1 billion. Just as important, the firms also agreed to engage independent compliance consultants to ensure the use of OCC meets regulatory standards as part of the settlements. In a related move [2], the Commodity Futures Trading Commission (CFTC) ordered 11 financial institutions to pay more than $710 million for recordkeeping and supervision failures for widespread use of unapproved communication methods such as personal texts, WhatsApp, and Signal. Additionally, the Financial Industry Regulatory Authority (FINRA) has also taken action when it comes to OCC. Antonio Rega, digital forensics, data governance, privacy, security, emerging technology, and discovery expert with J.S. Held, observes, “While the current administration has loosened certain regulatory enforcement near-term, we continue to observe requests from clients in supporting management of “off-channel” communications, with a particular focus on 3rd party chat messaging platforms on mobile devices, such as Whatsapp. These inquiries include supporting corporate stakeholders with internal auditing of their organizational platforms, policies and procedures.” By implementing effective processes and utilizing software and outside experts to monitor and detect OCC, broker-dealers, investment advisers, and other financial institutions can reduce the risk of regulatory enforcement and penalties and ensure that they remain in compliance with regulations. Steve Strombelline, regulatory and enterprise risk management expert with J.S. Held adds, “Although concerns typically impact broker-dealers, firms outside of financial sectors are looking closely at their messaging processes as well, which is advisable." In addition to guaranteeing that these communications are properly documented and retained, the regulations are set up to prevent the use of OCC to manipulate securities transactions or commit fraud and to ensure that it is not used to violate any other securities laws. Firms’ supervisory procedures must be reasonably designed to detect for OCC when they monitor for such activity. The following article discusses the risks that OCC pose for financial services firms, especially as the SEC, FINRA, and the CFTC have made it clear that they are now targeting firms throughout the industry about their OCC to see if they are recording and preserving business information according to regulations. The piece also explains how firms, including broker-dealers of all sizes, should manage their OCC to ensure that they and their employees comply with federal securities laws and regulations. Finally, the authors address the complexity related to the collection of OCC in response to regulatory enforcement investigative requests. As the fines and settlements between those firms and the SEC exemplify, financial services firms of all sizes need to take this regulatory focus seriously and take the proactive step of engaging an independent third-party with expertise and experience in both digital forensics and compliance issues. To read the full article and learn more about the risk of off-channel communications and how companies should manage their OCC to remain compliant, click on the button below: To connect with Antonio Rega simply click on his icon now. To arrange a conversation with Steve Strombelline or any other media inquiries - contact : Kristi L. Stathis, J.S. Held +1 786 833 4864 Kristi.Stathis@JSHeld.com References [1] https://www.sec.gov/news/press-release/2022-174 [2] https://www.cftc.gov/PressRoom/PressReleases/8599-22
