Theta Lake Blog

26 More Firms Fined for Communications Recordkeeping Violations in Regulatory Crackdown - Key Takeaways

Posted by Stacey English on Aug 22, 2024 7:00:00 AM
Stacey English
Find me on:

Blog_ThetaLake_26FirmsFined_Aug2024_SEnglish

The SEC and the CFTC have announced charges against another 26 broker-dealers and investment advisers for significant recordkeeping failures. The combined $477.75 million in fines add to the penalties already levied for widespread and longstanding failures to maintain and preserve electronic communications bringing the total to over $3 billion. 

The findings from this latest round of actions mirror those of other recent enforcement cases, and serve as a stark reminder that the obligations and ongoing regulatory scrutiny on recordkeeping and supervision haven’t gone away.

While credit in the form of lower penalties was given to the three firms that proactively co-operated by self-reporting their record-keeping failures, such enforcement action still brings adverse financial, reputational and operational consequences. Keeping employees on monitored channels and tools where records can be retained and communications supervised, instead of going off-channel for communications, is the only way to avoid future sanctions. 

“....the CFTC’s message remains clear—recordkeeping and supervision requirements are fundamental, and registrants that fail to comply with these core obligations do so at their own peril.”

Ian McGinley, CFTC Director of Enforcement


“....we remain committed to ensuring compliance with the books and records requirements of the federal securities laws, which are essential to investor protection and well-functioning markets,” 

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. 


Below is a summary of key findings, actions and takeaways. 

Pervasive record-keeping violations were identified
The SEC’s investigations uncovered pervasive and longstanding use of unapproved or ‘off-channel’ communication at each firm. The failures were widespread, involving employees of all seniority levels including supervisors and senior managers. Employees sent and received off-channel communications internally and externally with colleagues, clients, customers, and other participants in the securities industry, which included investment recommendations, advice or related to placing or executing trades.

Not maintaining or preserving off-channel communications also had a direct impact on the regulator’s ability to carry out its investigations. The SEC has frequently reiterated that preserved records are the primary means by which it monitors compliance with applicable securities laws.

Widespread non-compliance with firms’ own policies
The investigation also found widespread and longstanding failures in firms’ adhering to their own policies and procedures, including those that specifically prohibited unmonitored communications. Employees had been advised that the use of unapproved electronic communications methods was not permitted, and they should not use personal email, chats or text messaging applications for business purposes, or forward work-related communications to unapproved applications on their personal devices.  

The steps taken to remedy non-compliance
Each firm has undertaken significant action to improve their compliance policies and procedures, including a review of recordkeeping and a program of remediation. Significant remedial action was also mandated by the regulator, bringing additional financial and operational costs including:

  • The appointment of an independent compliance consultant to review policies and procedures relating to the retention of electronic communications and to submit a report on findings to the regulator plus a follow-up assessment one year later. 

  • A review of training, with staff certifying on a quarterly basis that they are complying with preservation requirements. 

  • An assessment of the technological solutions that firms are using to meet record retention requirements

The key takeaways for financial services firms:
As with all enforcement actions there are lessons to be learned and the regulator gives a deliberately clear message to other firms, in-line with previous advice.  

  • Regulatory patience has run out: The background to this latest set of fines reinforces the zero tolerance approach regulators are taking with regards to communications capture. Firms had consistently and pervasively failed to fulfil their electronic communications records capture and preservation obligations. Equally important is the failure to learn the lessons of previous enforcement and proactively consider whether they too were in breach of recordkeeping requirements. 

  • Revisit communications compliance: The regulatory scrutiny and focus on all aspects of communications compliance continues unabated and firms need to consider how to facilitate and evidence compliant communications. Theta Lake’s annual survey found that the vast majority of financial services firms are revisiting their approach to communications compliance with only 6% confident in their approach. 

  • Facilitate compliant communications It is clear that the challenge of unmonitored communication channels is far from over. Firms must determine how they can open up approved platform features to both enable productivity and ensure employees are not driven to alternative off-channel platforms. 

  • It’s not just a WhatsApp issue. The consequences of unmonitored communications continue to plague firms, but it’s not just unapproved channels. Regulators will be scrutinizing all communication types. Being able to capture, and provide records from, all channels, from voice to in-meeting chat, as well as the context like emojis, GIFs, reactions, deletions etc, must be a priority for firms.

  • Being proactive pays off: Firms are much better off finding regulatory breaches for themselves, self-reporting and remediating as quickly as possible. While a firm may still be fined, the penalties imposed are likely to be substantially smaller and there is far less likelihood of individual liability.

In the current regulatory climate, if firms choose to do nothing and unmonitored communications are found by a regulatory body, then significantly larger sanctions are likely including the potential for senior individual liability and accountability. Ensuring employees have access to channels and tools that they and customers want to use, and where records can be retained and communications supervised is the only way to avoid future penalties.


Comment Here

Theta Lake provides security and compliance for modern collaboration platforms using frictionless partner integrations with Cisco Webex, Microsoft Teams, RingCentral, Slack, Zoom, and more. Using patented machine learning and NLP, Theta Lake detects risks in: video, voice, chat, and document content across what is shared, shown, spoken, and typed. Those risks are surfaced in an AI-assisted, patent-pending review workspace that adds consistency, efficiency, and scale for security and compliance teams. All of this enables organizations to safely realize the full ROI of a collaboration-first workplace while reducing the cost of security and compliance.

www.thetalake.com

Subscribe here to stay up to date!