CashNews.co
Financial firms continue to struggle to ensure their employees communicate through authorized, monitored channels, even though the rules are widely publicized.
“The problem isn’t a lack of rules. It’s getting people to follow them,” Yuliana Teasley, director of examination outcomes and member supervision at the Financial Industry Regulatory Authority, said at a conference recently staged by the regulator.
A common refrain among conference attendees was that, while firms have policies prohibiting the use of platforms like WhatsApp for business communications, many employees bypass them, despite potentially dire consequences for the firms. The Securities and Exchange Commission and Commodity Futures Trading Commission have fined companies more than $3 billion over the last three years for failing to retain records of off-channel communications.
Determining what constitutes business-related communication is one of the tricky issues in communication regulation. Under SEC Rule 17a-4 and FINRA Rule 4511, member firms are required to keep all business-related written correspondence, regardless of the platform used. However, ambiguity abounds over what constitutes “business.”
For instance, a casual message like, “Let’s grab coffee at 7:30 a.m.” can be interpreted different ways depending on the situation. Is this merely a social exchange or is there an economic aspect to it? “It’s not about the device—it’s about the content,” stressed Teasley.
Firms have to make decisions depending on their clientele, business model, and the specific circumstances surrounding each communication. But without clear guidance from regulatory bodies, compliance teams are forced to interpret regulations in ways that may expose them to risk.
Firms are responding to these concerns by investing heavily in technology that keeps track of and monitors electronic communication records. Still, surveillance technology has its limits.
No matter how strong a company’s policies are, “rogue actors” will always exist who purposefully avoid authorized channels, Teasley said.
“You can have the best procedures in place, but if someone decides to circumvent them, there’s only so much you can do,” she said.
The panel discussed the expenses and difficulties involved in keeping an eye on rapidly changing communication technologies. For example, even though a company might have set up monitoring measures for a certain versions of WhatsApp, platform updates or the addition of new capabilities could make these restrictions useless.
“Technology is ever evolving,” Teasley observed, stressing the importance of constantly updating policies and surveillance tools to keep up with advances in communication technology.
SEC Rule 17a-4, which requires businesses to keep records of all conversations relating to business, is the cornerstone of regulatory obligations. The restriction applies not only to emails but also to emerging kinds of communication, such as text messaging, social media, and even third-party messaging apps.
FINRA Rule 2210, which regulates advertising, adds further complexity, imposing record-keeping requirements for communications that aren’t usually classified as “business” communications, such as marketing messages.
Panelists said in addition to keeping documents, businesses must monitor and examine them. In many recent enforcement cases, the SEC found that firms had failed to check thousands of text messages received on firm-issued cellphones.
“It’s not enough to capture communications—you need to supervise them,” remarked Nathan Ganousis, compliance leader of Edward Jones, a broker-dealer and investment adviser.
Panelists said employee training sessions are a critical component of ensuring compliance, a process that that must repeat over and over.
“It’s not enough to give them a handbook and call it a day,” Ganousis said. “Training needs to be ongoing, with regular reminders and updates.”
Equally important is enforcement. Firms must take disciplinary action when employees violate communication policies, and senior leadership must set the tone from the top.
“If your senior leaders are using off-channel communications, how can you expect the rest of the firm to follow the rules?” asked Tim Holland, senior principal analyst of advertising regulation at FINRA. “The examples that you are setting are what other individuals within the organization are going to follow.”
Panelists said that while some companies outsource to vendors communication retention and communication, they’re still on the hook for compliance and thus must make sure the vendors are up to the task.
While firms continue to grapple with off-channel communication issues, the fines levied in recent years have sent a clear message: failure to retain and supervise business will not be tolerated by regulators.
Ganousis said that when developing policies, firms should consider how they engage the various stakeholders to make sure that what those communications is clear and easily understood. He added that relevant examples should be provided to minimize ambiguity.
“Take time to have a fulsome dialogue and engage with other stakeholders as you deploy a new policy or procedure or as you refine it, especially if they’ve been used to one set of policies that are now being updated. Getting that stakeholder engagement before moving forward can be really helpful,” he said.
The panelists agreed that, going forward, the industry must remain vigilant. Firms must go beyond ticking boxes and create environments where employees understand the importance of using approved communication channels and complying with the firm’s policies.
“It’s not just about the rules—it’s about building a culture of compliance,” Holland noted.
“Ultimately, it’s about trust. Trust between the firm, its employee and its clients—and trust between the firm and its regulators.”