The UK Office of Gas and Electricity Markets (Ofgem) has, for the first time, used its powers tofine a firm over £5.4m for failure to record and retain electronic trading communications. Between January 2018 and March 2020 the firm did not record or retain the communications made by wholesale energy traders, on privately-owned phones via WhatsApp, which discussed energy market transactions. The initial fine was £7,730,213 but as the firm admitted the breach and agreed to settle the matter, the fine was discounted by 30% and, accordingly, the penalty was reduced to £5,411,149.

Regulators and policymakers around the world remain focused on culture and conduct risk. Indeed, Ian Johnston, Chief Executive of the Dubai Financial Services Authority, has gone so far as to suggest that conduct risk could be considered the "new" prudential risk. In an article for Starling Insights, Johnson wrote "Until events of the past couple of months, I would have said ‘no’. But perhaps the Credit Suisse matter shows that a string of misconduct episodes might sufficiently affect the reputation of an institution that confidence could be eroded. And we know where that can lead."

The U.S. regulators the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have, once again, fined a raft of firms for ‘widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.’

The UK Financial Conduct Authority has published consultative guidance on how its financial promotion requirements apply to promotions on social media. By definition, all financial promotions should be fair, clear and not misleading. The FCA’s financial promotion rules are deliberately designed to be technology neutral and apply across all channels used to advertise, including social media.

Artificial intelligence or AI and its new, generative, iteration has hit the headlines. Depending on where you look the likes of ChatGPT is either going to save the world or be the cause of armageddon. Somewhere in between financial services firms need to navigate the real-world use case(s) for AI in a competitive marketplace where the successful deployment of AI has the potential for substantial cost savings and efficiencies.

In a panel at the FINRA annual conference in May, a segment was devoted to FINRA’s evolving examination focus on the use of text messaging by firms and the issues associated with unmonitored communications channels. Michael Solomon, head of FINRA's national examination program made a series of compliance observations related to text messaging based on recent experiences engaging with U.S. broker-dealers:

The UK Financial Conduct Authority (FCA) has published a ten point checklist for firms to consider ahead of the Consumer Duty coming into force on July 31, 2023. The Consumer Duty is a significant shift in regulatory expectations and will apply to new and existing products and services that are open for sale or renewal. 

Regulators around the world already expect firms to have comprehensive policies and procedures for record keeping. That focus is set to increase as not only regulators are investing in technology and revamping their data strategies but also firms are expected to be able to preserve an ever widening range of content including emojis, GIFs, chat, etc. Given the expectations around retrieval and surveillance, the capture and preservation needs to be in the native context to allow, if need be, the content to be retrieved in its original state and surveilled.   

Spring 2023 has seen a busy conference season with financial services practitioners getting together to discuss current compliance and security challenges. Theta Lake’s experts presented at multiple forums and locations alongside both regulators and other senior industry figures. From an exceedingly wide-ranging set of agendas with over a thousand attendees, a central thread of the need for complete communications records and oversight was highlighted.

What do the chief executive of a US online store, the chief information officer at a UK bank and multiple senior employees at a US bank all have in common? They have all faced individual enforcement action for failing to comply with compliance expectations around the use (or indeed abuse) of technology.