It’s clear that the flexibility regulators including ESMA, the FCA, FINRA, and the SEC offered financial services firms around the relatively unfettered use of modern collaboration and chat tools like Zoom, Microsoft Teams, and Webex by Cisco during the pandemic has come to an end. No action relief issued at the outset of COVID-19 has expired, and regulatory missives in the second half of 2021 indicate a marked change of tone and expectations for firms using dynamic communication platforms.
A steady stream of guidance during the back half of 2021 demonstrates that regulators now expect firms to implement consistent compliance and supervisory controls for collaboration and chat platforms whether in-office or remotely. Moreover, regulators have taken a closer look at the video, voice, chat, and file transfer capabilities of collaboration and chat tools and are expanding their interpretation of written electronic communications to extend to collaboration features like screen shares, whiteboards, and polls.
Starting with ESMA’s updated MiFID II Questions and Answers in May 2021, and reaching a crescendo last week with the SEC’s announcement of a horizontal sweep of electronic communications platforms, regulators are telegraphing clearly and consistently that they expect adherence with both the spirit and letter of e-comms, record keeping, and supervision requirements.
ESMA’s Q&A kicked off the notification cycle emphasizing the breadth of its expectations in defining the types of e-comms subject to MiFID II recordkeeping and supervision. ESMA stated “‘electronic communication’ covers many categories of communications and includes amongst others video conferencing, fax, email, Bloomberg mail, SMS, business to business devices, chat, instant messaging and mobile device applications.” The inclusion of video conferencing in the revised Q&A likely piqued the interest of Continental compliance officers who had not previously considered the implications of VC platforms.
Having issued a set of COVID-19 FAQs in March of 2020, FINRA followed up with amendments to its Advertising FAQs on September 30, 2021. These updates included guidance regarding e-communications capture, retention, and supervision obligations for online videos, dynamic charts, whiteboards, polls, file transfers, and chat. Notably, under certain circumstances, each one of these features now falls under FINRA’s definition of an electronic communication and may require pre- or post- review as well as implicate recordkeeping and supervision obligations depending on the forum in which they are presented. For example, FINRA’s updated take on the use of collaboration platform whiteboards in the retail communications context is as follows:
if during an online meeting that includes more than 25 retail investors, a representative responds to a live audience question by using the platform’s whiteboarding feature to draw a diagram illustrating the differences between a conventional bond and a stock, that content would meet the definition of a retail communication in FINRA Rule 2210(a)(5) . . . the firm may review the whiteboarding content in the same manner as required for supervising and reviewing correspondence pursuant to FINRA Rule 3110(b) and 3110.06 through .09.
Following up a few days later, the FCA released “Remote or Hybrid Working Guidance for Firms” covering compliance, supervision, the Senior Managers Regime, and electronic communications platforms. While the FCA’s release touches on several relevant issues, the overarching intent of the expectations is crystal clear:
It's important any form of remote or hybrid working adopted should not risk or compromise the firm's ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them. (Emphasis added).
There should be no confusion about firms’ compliance obligations in the “new normal” of hybrid work: it does not matter where employees are sitting, they are subject to existing FCA requirements without exception.
While nearly all of the FCA’s pronouncements are worth quoting, the following points are particularly relevant and, when read in conjunction with ESMA’s guidance, apply equally to collaboration tools like Zoom, Slack, and Webex as well as the voice recording platforms discussed below. The FCA states that firms must be able to prove they have adequately planned in these areas:
Rounding out the busy regulatory season, news hit on October 12, 2021 that the SEC is engaged in a horizontal sweep of firms’ practices as they pertain to electronic communications. While publicly available details of the inquiry are sparse, the review was likely prompted by an issue at a particular financial institution. Moreover, while the analysis is focused in part on employee use of personal or non-business messaging platforms, it will no doubt focus on the risks related to the increased use of collaboration tools as a critical component of most firms’ hybrid work strategies.
As a whole, regulators are mandating record keeping and oversight requirements for collaboration and chat features like screen shares, whiteboards, webcams, and polls that previously occupied a grey area in compliance and enforcement. These recent statements coupled with an expectation that supervisory and cybersecurity controls must be applied consistently across work from anywhere environments means that compliance frameworks for dynamic communication tools must be modernized to incorporate comprehensive capture, archiving, and supervision across voice, video, and chat. Firms must move quickly, leveraging appropriate supporting technologies like Theta Lake’s, to align with emerging regulatory expectations.
Have a look at our case studies and customer testimonials below to understand how financial services firms have successfully deployed Theta Lake at scale to help them solve complex compliance and supervisory challenges.