Theta Lake Blog

Firms Need to Follow FINRA’s Evolving Focus on Texting

Posted by Susannah Hammond on Jul 14, 2023 8:26:34 AM
Susannah Hammond
Find me on:


In a panel at the FINRA annual conference in May, a segment was devoted to FINRA’s evolving examination focus on the use of text messaging by firms and the issues associated with unmonitored communications channels. Michael Solomon, head of FINRA's national examination program made a series of compliance observations related to text messaging based on recent experiences engaging with U.S. broker-dealers:


  • Have you reviewed your written supervisory procedures (WSPs) recently? FINRA will be looking at what’s changed and whether the relevant WSPs specifically cover the use of text messaging within the firm.

  • Can your systems comprehensively ‘ingest’ text messaging? And does that ingestion allow for text messaging to be surveilled and supervised properly? The need to be able to retain voice clips and emojis from within text messages were highlighted as two areas where FINRA has seen compliance issues.

  • Have you reviewed what you consider to be a Rule 4530 complaint that needs to be reported? The point was made that a ‘very angry face’ emoji in a text message from a client may well need to be considered as a complaint.

  • Have you reassessed how you define ‘business as such’ in a world where text messaging is commonplace? Specifically have you determined what now constitutes a business communication and have you given that updated guidance to employees?

  • What is the level and rigor of your training on the use of text messaging? And has the training focused on the ‘tone from the top’ and the dissemination of the business approach to text messaging?

  • Have you updated your lexicon(s) to accommodate the differing language used in text messages such as acronyms, emojis and GIFs? And specifically has your email lexicon been updated to catch where communications are taken offline? 

  • Have you enhanced/updated your text messaging control framework for employees that are in possession of material nonpublic information? 

  • What is the process as and when red flags have been raised when texting has happened outside of monitored channels? FINRA will be looking at the firm’s approach to discipline.


In addition to the overarching expectation that firms need to think differently and more broadly about how to supervise texting, there was also a reminder that in the branch questionnaires there has always been a question as to whether, as an employee, you have used communications channels outside of those monitored by the firm.

There are two other key points for firms to consider. First off it is worth noting that the use of lexicons is highly manual (and therefore time consuming) as well as being technically simplistic. Firms may wish to consider modern AI-based computing techniques which account for word lookalikes, soundalikes and the context of conversations including, say, the use of emojis. Secondly the observations made by FINRA are not limited to just text messaging but should prompt a consideration of all the firms' messaging channels and the strategic implications of their deployment and use.

FINRA has promised future guidance on evolving good and better practice for communications compliance but in the interim firms would be well advised to consider the points raised.

How Theta Lake can help

Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. It is exactly the kind of technology investment referenced in one of the firm’s own remedial actions to facilitate compliant communications.

  • Theta Lake captures and compliantly archives communications including videos, voice, chat, screen share and file transfer from mobile messaging platforms to SMS and WhatsApp to enable compliance with relevant record keeping and other requirements. It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption. 

  • AI-enabled automated detection of potential or actual misconduct requiring reporting to the risk committee or regulator. Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams. Theta Lake has more than 85 risk detections which are pre-trained and ready for customer use with customers able to provide feedback and training on the classifiers. 

  • The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors, regulators or prosecutors. For example, chat messages can be viewed in their native format over the entire history of the conversation with full context retained together with in-meeting communications and images, GIFs, emojis or reactions that change meaning and context. 

  • Theta Lake’s compliance suite is SOC2, Type II audited and maps controls to ISO 27001 so confidential, privileged or sensitive data can be automatically redacted to meet data privacy and other legal obligations. 

Ways to learn more

  • You can find further regulatory perspectives from Theta Lake here.
  • Get our guide: “Smart Compliance Capture Considerations for Unified Communications” which outlines a buyer's checklist to use when evaluating capture solutions.

  • Join a weekly 30-minute demo webinar showing Theta Lake’s Smart Capture solution by registering here.

Comment Here

Theta Lake provides security and compliance for modern collaboration platforms using frictionless partner integrations with Cisco Webex, Microsoft Teams, RingCentral, Slack, Zoom, and more. Using patented machine learning and NLP, Theta Lake detects risks in: video, voice, chat, and document content across what is shared, shown, spoken, and typed. Those risks are surfaced in an AI-assisted, patent-pending review workspace that adds consistency, efficiency, and scale for security and compliance teams. All of this enables organizations to safely realize the full ROI of a collaboration-first workplace while reducing the cost of security and compliance.

Subscribe here to stay up to date!