At a Glance
Both the SECand FINRAhave announced their examination priorities for 2023 giving investment advisers and broker dealers important insight into the areas to include in their compliance monitoring plans. For those tasked with maintaining compliance, security and data privacy across an organization’s unified communications there are specific areas to focus on to ensure the continuing deployment and use of platforms meet regulatory expectations, including:
Data protectionis now more important than ever. Given the new ways of working and communicating there are increasing amounts of personally identifiable information (PII) and personal health information (PHI) data shared across communication platforms and firms are expected to be able to capture and retain safely as well as retrieve and delete personal data. Critical issues that should take center stage in data privacy week.
The last quarter of 2022 saw FINRA continue its focus on communications compliance. Four brokers and a compliance officer faced disciplinary action for a range of breaches of their approach to supervision and an inability to retrieve phone records.
For the key lessons to be learnt together with more detail of the enforcement please click here.
At a high level the disciplinary actions resulted in censures, a 40 day prohibition, fines totalling over $2m, restitution of nearly $50,000 and wide ranging remedial actions.
Digital Transformation - Evergreen but Transformational
Digital transformation is a concept that has been around for a while, and one you’ve no doubt heard about. Analysts, consultants and social media pundits love it- as it can be widely ascribed to any number of IT/business initiatives.
Digital transformation is defined by Salesforce as the process of using digital technologies to create new — or modify existing — business processes, culture, and customer experiences to meet changing business and market requirements. Digital transformation benefits to an organization include the potential to accelerate corporate growth, change and reinvention through new market opportunities.
Regulatory Perspectives From Theta Lake: UK market abuse £5m fine, lessons for communications compliance
UK regulator fines a trio of brokers almost £5m for failing to have appropriate communications compliance processes in place to fulfil market abuse obligations
With the rapid adoption of virtual meeting platforms like Zoom over the past few years, the way we work has been transformed. These platforms are much more than a way to have a discussion and go beyond replacing phone conversations, users can share content, collaborate with people outside of their organization and use chat in-meeting. While the early stages of pandemic adoption were all about enabling workers and maintaining productivity, organizations are beginning to settle in and make streamlined decisions about which platforms to retain and how to secure them. The risk of insider threats and potential data loss, in addition to human error and carelessness can lead to any number of possible bad outcomes- data breaches, loss of intellectual property, and more.
When it comes to dynamic messaging content from collaboration tools like Zoom, Slack, and Microsoft Teams as well as SMS, mobile messaging, and consumer applications like WhatsApp, the SEC’s updated recordkeeping Rule 17a-4 announced on October 12, 2022 signals a sea change for broker-dealers. The SEC replaced its antiquated “non-erasable, non-rewritable” electronic recordkeeping requirement in place since the late-90s with a technology-neutral approach centered around audit trail data, which provides far greater flexibility in implementation.
At Theta Lake, we welcome the modernization of Rule 17a-4 as it allows our financial services customers to more easily manage archiving controls for SEC-regulated electronic communications records. In addition, the spirit and letter of the revised Rule aligns with Theta Lake’s modern approach to the capture, retention, and supervision of complex, interactive video, voice, chat, and email conversation data.
As we noted in our 2022 Modern Communications Security and Compliance Report, 97% of firms are using two or more communication tools, so the ability to seamlessly and compliantly capture dynamic data across a range of platforms is key. With over 100+ platform integrations, Theta Lake enables easy and effective compliance with the SEC’s new recordkeeping requirements.
For customers, the updated Rule 17a-4(f) offers a flexible, audit trail-based option that makes it easier to retain dynamic data from electronic communications to databases and beyond. The revised Rule 17a-4(f)(2)(i)(A) allows broker-dealers to:
Theta Lake has published its fourth annual survey report on modern communications compliance and security, highlighting the complex challenges faced by those tasked with maintaining compliance, security and data privacy. The report is based on the views and experiences of more than 500 compliance and security professionals from the heavily-regulated financial services, healthcare and government sectors across the U.S., the U.K. and Canada. It provides a snapshot of how communication platforms are being used and the issues organizations are struggling with, enabling them to benchmark their own practices and expectations against the wider industry, identifying any gaps or areas of exposure they may have.
Topics: compliance, data leakage, zoom, Microsoft Teams, record-keeping, communications, WhatsApp, SMS, archiving
Regulatory Perspectives From Theta Lake: Analysis on the U.S. DOJ's new Compliance Guidance for Prosecutors
Digesting and implementing the U.S. DOJ’s new compliance guidance for prosecutors on the use of personal devices and third party apps
The DOJ has expanded its Evaluation of Corporate Compliance Programs and identified several additional hallmarks of an effective compliance program including: