Theta Lake Blog

2023 Regulatory Priorities from SEC & FINRA: Key Takeaways for Compliant Communications

Written by Stacey English | Feb 16, 2023 3:52:57 PM

At a Glance

Both the SEC and FINRA have announced their examination priorities for 2023 giving investment advisers and broker dealers important insight into the areas to include in their compliance monitoring plans. For those tasked with maintaining compliance, security and data privacy across an organization’s unified communications there are specific areas to focus on to ensure the continuing deployment and use of platforms meet regulatory expectations, including:

  • Cybersecurity and protecting sensitive customer information or confidential firm data from being exposed. 
  • Establishing effective information barriers and controls to prevent information leakage and the misuse of material, MNPI. 
  • Monitoring for new communications methods and retaining all correspondence by staff conducting firm business.
  • Being able to identify communications containing ‘false, misleading, or promissory statements or claims’, customer complaints, Form CRS and disclosures.


Key Priorities

The SEC’s priorities ‘reflect the changing landscape’ for investment firms facing volatile markets and the unpredictable impact of new technology. FINRA’s report highlights issues that ‘remain perennially important, with updates to reflect evolving risks, industry trends and findings’ from its recent oversight activities.  

Both cite compliance with Regulation Best Interest (Reg BI) and sales practice rules as well as cybersecurity as top priorities. Following the intense scrutiny of workplace communications with more than $2bn in fines levied by US regulators for record-keeping and supervision deficiencies over the last year, it’s no surprise this critical area remains firmly on the regulatory radar. Given the priorities have been developed from a number of sources including coordination with other regulators, there’s every likelihood that similar focus areas will feature in regulators’ plans globally, Especially as many aspects such as cybersecurity and the need for effective information barriers are universal challenges.


The Division has long emphasized the importance of robust broker-dealer compliance and supervisory programs as a proactive measure to ensure compliance with the federal securities laws. This year, the Division intends to focus examinations on broker-dealer compliance and supervisory programs generally, including those for electronic communications related to firm business, as well as the recordkeeping for those electronic communications.”  - SEC


As well as giving a broad view of priorities, FINRA also provides more granular details of the areas it will scrutinize during examinations, along with valuable examples of effective practices
it has observed. Regulators have encouraged firms to incorporate relevant practices into their own compliance programs. 

For those tasked with maintaining compliance, security and data privacy across an organization’s unified communication platforms there are key areas to focus on to ensure the ongoing deployment and use of communications tools meet regulatory expectations.  They cover cybersecurity, supervision, record-keeping, regulatory events reporting, communications and Sales - Regulation Best Interest and Form CRS and communications with the public.

Click here to read our full perspective on these updates.

How Theta Lake can Help

Compliance programs, including resources, technology and plans need to align with regulatory priorities to ensure the compliance and supervisory expectations of FINRA and SEC examinations staff relating to coverage, retention and oversight of communications are met. Equally those responsible for UC communications within a firm should be aware of the continuing regulatory priorities and focus.

Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. Here’s some of the ways Theta Lake can help meet the effective practices FINRA and the SEC will be expecting in examinations:

  • Theta Lake captures and compliantly archives communications including videos, voice, email (including attachments), chat, screen share and file transfer from mobile messaging platforms to SMS and WhatsApp to enable compliance with the relevant FINRA and other requirements. It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption.

  • AI-enabled automated detection of potential regulatory issues and requirements including risky URLS, misconduct, promissory statements and complaints through to provision of Form CRS and disclosures. Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams. Theta Lake has more than 85 risk detections which are pre-trained and ready for customer use with customers able to provide feedback and training on the classifiers.

  • The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation with full context retained together with in-meeting communications and images, GIFs, emojis or reactions that change meaning and context.

  • The ability to monitor communications, as well as enforce information barriers, across multiple platforms - supporting heightened supervision.

  • Theta Lake’s suite is SOC2, Type II audited and maps controls to ISO 27001 so confidential, privileged or sensitive data can be automatically redacted to meet data privacy and other legal obligations. 

  • There’s complete flexibility to set retention periods to suit your needs. Rich eDiscovery and search capabilities with capabilities across hundreds of search filters and metadata, as well as free-form text search across what is spoken, shown on screen, shared, or written. 

we'd love to show you How Theta Lake can help your organization safely, compliantly, and cost-effectively respond to evolving regulatory priorities