In a panel at the FINRA annual conference in May, a segment was devoted to FINRA’s evolving examination focus on the use of text messaging by firms and the issues associated with unmonitored communications channels. Michael Solomon, head of FINRA's national examination program made a series of compliance observations related to text messaging based on recent experiences engaging with U.S. broker-dealers:

Since 2018, Theta Lake has partnered with Zoom to provide cutting-edge compliance and security for Zoom's unified communications (UC) suite. Our expertise in delivering deep purpose-built compliance and security technology perfectly complements Zoom, particularly in addressing the compliance and security requirements of risk sensitive and highly regulated organizations when using Zoom. This evolving partnership has delivered significant value to leading organizations, including five of the top ten North American Banks, and resulted in Zoom's investment in Theta Lake in 2022. By leveraging this partnership, customers have the confidence to maximize comprehensive and compliant access to the latest Zoom apps and features.

With the most certified compliance and security apps on Zoom Marketplace, Theta Lake continually enhances our integration and deep technology to ensure every new Zoom innovation is covered with cutting-edge compliance.

The UK Financial Conduct Authority (FCA) has published a ten point checklist for firms to consider ahead of the Consumer Duty coming into force on July 31, 2023. The Consumer Duty is a significant shift in regulatory expectations and will apply to new and existing products and services that are open for sale or renewal. 

Regulators around the world already expect firms to have comprehensive policies and procedures for record keeping. That focus is set to increase as not only regulators are investing in technology and revamping their data strategies but also firms are expected to be able to preserve an ever widening range of content including emojis, GIFs, chat, etc. Given the expectations around retrieval and surveillance, the capture and preservation needs to be in the native context to allow, if need be, the content to be retrieved in its original state and surveilled.   

Spring 2023 has seen a busy conference season with financial services practitioners getting together to discuss current compliance and security challenges. Theta Lake’s experts presented at multiple forums and locations alongside both regulators and other senior industry figures. From an exceedingly wide-ranging set of agendas with over a thousand attendees, a central thread of the need for complete communications records and oversight was highlighted.

What do the chief executive of a US online store, the chief information officer at a UK bank and multiple senior employees at a US bank all have in common? They have all faced individual enforcement action for failing to comply with compliance expectations around the use (or indeed abuse) of technology. 

We are excited to be a part of this years, very real, in person (as well as visual) Cisco Live in Las Vegas June 4-8. If you’re not familiar with the event, Cisco Live delivers education and inspiration to technology innovators worldwide through large-scale events, as well as on-demand education. It is the premier destination for Cisco customers and partners to gain knowledge and to build community. 

On April 13, the US Cybersecurity and Infrastructure Security Agency (“CISA”) and several other global cybersecurity agencies issued a practical roadmap for technology product design called “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.” The document provides a clear articulation of CISA’s cybersecurity expectations, which signals a emerging paradigm shift noting that “[m]anufacturers are encouraged to take ownership of improving the security outcomes of their customers.” This transition finds CISA focusing more on software developers as responsible for consumer security as opposed to the governmental or private sector users of these applications.  

Generative AI refers to a set of technologies that produce new data based on the information they have been trained on–these applications “generate” new information like text or images based on their training data, hence the “generative” monniker. The most popular uses of generative AI, or “GAI,” have been as part of interactive chat applications like Open AI’s ChatGPT and Google’s Bard, image generating applications like Stable Diffusion, Midjourney, and DALL-E, and code generating systems like Copilot. 

The U.S. Securities and Exchange Commission (SEC) and the Commodities Futures Trading Commission (CFTC) have fined three firms, two in the same group for ‘widespread and longstanding’ failures by the firms and their employees to maintain and preserve electronic communications. To settle the SEC charges, both firms acknowledged that their conduct violated recordkeeping provisions and agreed to pay penalties of $15 million and $7.5m, respectively. In related actions, the CFTC brought cases against two firms in the same group for failing to maintain, preserve, or produce records, and failing to diligently supervise matters related to their businesses. The firms were fined $15 million. The CFTC also fined a firm $30 million regarding recordkeeping and supervision failures for the widespread use of unapproved communication methods.