An investigation into the use of off-channel and unpreserved communications by the SEC has led to another 16 firms being fined for recordkeeping failures. The $81m in penalties adds to the $2.6bn already levied for failures to maintain and preserve electronic communications, serving as a stark reminder that regulators’ focus on recordkeeping isn’t going away.
Data protection is, and will remain, a key priority for regulated firms and regulators alike and is an even greater focus in Data Privacy Week. For companies subject to multiple overlapping global privacy regimes, there is a patchwork quilt of regulation and legislation covering the demands of government regulations regarding sensitive data and data protection, such as theEU General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA).
2024 isn’t even a month old and already two U.S. regulators have updated their expectations on communications compliance. Firms need to be under no illusions - recordkeeping is, and will remain, a key regulatory focus.
Against a backdrop of $2.6bn+ fines and continuing enforcement action against both firms and individuals, U.S. regulatory expectations on communications compliance are continuing to evolve. Both the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) have updated their stance, approach and expectations as to good and better practice when it comes to communications compliance. U.S. firms in all sectors of financial services would be well advised to review and consider the updated supervisory approach.
The last couple of years have been full of headlines not only of firms being fined for failing to capture digital communications but also of firms themselves taking action against employees for breaching internal policies on the use of unmonitored channels. Wall Street firms in particular are reported to have demoted and exited personnel as well as clawing back bonuses and other remuneration for failing to adhere to the required approach to recordkeeping.
2023 was an eventful year for digital communications governance. Hundreds of millions in additional fines were imposed in the U.S., with the regulatory focus expanding from banks to include broker-dealers, investment advisers and credit rating agencies. The U.S. wasn’t alone with the UK regulator sanctioning a bank and its energy regulator fining a firm for failing to capture trading communications.
Gartner introduced a new market category earlier this year, Digital Communications Governance (see our earlier blog here). Recently in November, they published the first Market Guide, outlining what constitutes a DCG vendor and offering some guidance.
Co-author: Matt Lehman, Industry Principal, Financial Services, RingCentral
Since 2018, Theta Lake has partnered with Zoom to provide cutting-edge compliance and security for Zoom's unified communications (UC) platform. Our expertise in delivering advanced, purpose-built compliance and security technology perfectly complements Zoom, particularly in addressing the specific requirements of risk-sensitive and regulated organizations when using Zoom. As one of the select group of strategic partners chosen to participate in Zoom’s ISV Exchange Program, it is now easier than ever for organizations to benefit from Theta Lake’s purpose-built compliance platform to ensure that all communication content is securely captured, preserved, and supervised.
The SEC exam prioritiesfor 2024 give an essential insight into likely practices, products, and services which will be the focus of the Division of Examinations in the coming year. The priorities are those that pose emerging risks to investors or the markets, as well as examinations of core and perennial risk areas. Given the now more than $2.6bn of fines imposed for recordkeeping failures, it is fair to say that unmonitored communications channels and the incomplete capture of required records will continue to be key supervisory considerations for all U.S. financial services firms.