At a Glance
Both the SEC and FINRA have announced their examination priorities for 2023 giving investment advisers and broker dealers important insight into the areas to include in their compliance monitoring plans. For those tasked with maintaining compliance, security and data privacy across an organization’s unified communications there are specific areas to focus on to ensure the continuing deployment and use of platforms meet regulatory expectations, including:
The SEC’s priorities ‘reflect the changing landscape’ for investment firms facing volatile markets and the unpredictable impact of new technology. FINRA’s report highlights issues that ‘remain perennially important, with updates to reflect evolving risks, industry trends and findings’ from its recent oversight activities.
Both cite compliance with Regulation Best Interest (Reg BI) and sales practice rules as well as cybersecurity as top priorities. Following the intense scrutiny of workplace communications with more than $2bn in fines levied by US regulators for record-keeping and supervision deficiencies over the last year, it’s no surprise this critical area remains firmly on the regulatory radar. Given the priorities have been developed from a number of sources including coordination with other regulators, there’s every likelihood that similar focus areas will feature in regulators’ plans globally, Especially as many aspects such as cybersecurity and the need for effective information barriers are universal challenges.
As well as giving a broad view of priorities, FINRA also provides more granular details of the areas it will scrutinize during examinations, along with valuable examples of effective practices it has observed. Regulators have encouraged firms to incorporate relevant practices into their own compliance programs.
For those tasked with maintaining compliance, security and data privacy across an organization’s unified communication platforms there are key areas to focus on to ensure the ongoing deployment and use of communications tools meet regulatory expectations. They cover cybersecurity, supervision, record-keeping, regulatory events reporting, communications and Sales - Regulation Best Interest and Form CRS and communications with the public.
How Theta Lake can Help
Compliance programs, including resources, technology and plans need to align with regulatory priorities to ensure the compliance and supervisory expectations of FINRA and SEC examinations staff relating to coverage, retention and oversight of communications are met. Equally those responsible for UC communications within a firm should be aware of the continuing regulatory priorities and focus.
Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. Here’s some of the ways Theta Lake can help meet the effective practices FINRA and the SEC will be expecting in examinations:
- Theta Lake captures and compliantly archives communications including videos, voice, email (including attachments), chat, screen share and file transfer from mobile messaging platforms to SMS and WhatsApp to enable compliance with the relevant FINRA and other requirements. It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption.
- AI-enabled automated detection of potential regulatory issues and requirements including risky URLS, misconduct, promissory statements and complaints through to provision of Form CRS and disclosures. Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams. Theta Lake has more than 85 risk detections which are pre-trained and ready for customer use with customers able to provide feedback and training on the classifiers.
- The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation with full context retained together with in-meeting communications and images, GIFs, emojis or reactions that change meaning and context.
- The ability to monitor communications, as well as enforce information barriers, across multiple platforms - supporting heightened supervision.
- Theta Lake’s suite is SOC2, Type II audited and maps controls to ISO 27001 so confidential, privileged or sensitive data can be automatically redacted to meet data privacy and other legal obligations.
- There’s complete flexibility to set retention periods to suit your needs. Rich eDiscovery and search capabilities with capabilities across hundreds of search filters and metadata, as well as free-form text search across what is spoken, shown on screen, shared, or written.
we'd love to show you How Theta Lake can help your organization safely, compliantly, and cost-effectively respond to evolving regulatory priorities