XLoD Global 2024, held in NYC on June 11 brought together regulatory intelligence leaders, entrepreneurs, and tech enthusiasts from around the globe focused on organization experiences, best practices and technology approaches to the three lines of defense for risk and audit scenarios. While there were a broad array of topics covered- from AI and blockchain to cybersecurity and IoT, the issue of voice compliance- and how to best approach it was a topic that surfaced itself in numerous panel sessions, roundtables and customer interactions. As seen in one session, 67% of the audience is seeing an increase in voice compliance regulatory inquiries and exams.

Contact centers are, by definition, all about communication. And the richness of the communication has been enhanced immeasurably by the deployment of unified communication and collaboration (UCC) tools with their wide range of features and functionality. That said, firms have not always been able to take full advantage of much needed functionality due to potential compliance concerns which have led some users to switch features off. UC providers are alive to the need from customers and are prioritizing helping by providing more ways to solve recordkeeping and supervision needs - the recent news from Zoomon its approach serves as a positive example on what firms can (and should) expect from their communication and collaboration providers.

The news

A number of events in the past few years have validated the Theta Lake thesis that successful unified communications and collaboration (UCC) requires seamlessly integrated compliance and security. One of the first signifiers was the 50M series B round investment in Theta Lake, which included participation by some of the leading UCC providers including Zoom Video Communications Inc, RingCentral Ventures, Cisco Ventures and Salesforce Ventures. The market need has also been proven (an understatement) by the 2.6B in regulatory fines that have been levied on the financial services industry due to poor recordkeeping and unmonitored communications. The latest far reaching market event and a benefit to organizations everywhere, waslast month’s announcement from Zoom of the availability of Zoom Compliance Manager, powered by Theta Lake.

The toggle tax is a concept introduced by Harvard Business Reviewto describe the amount of time users spend (and waste) toggling between their different workplace applications. While it may seem like just a measure of the time users spend, the study reveals that there is an enormous cognitive toll that takes place as users engage in what is known as context switching, and recalibrating themselves. As a result, it leads to losses in productivity.

What does the fining of a major Wall Street firm for trade surveillance failures, the holding to personal account of the CEO of a UK bank, the impact of cyber security incidents at a pair of broker dealers and another two firms being held accountable for off-channel communications all have in common? They all represent failures of one or more aspects of upstream recordkeeping with the consequent downstream inability to meet compliance obligations.

An investigation into the use of off-channel and unpreserved communications by the SEC has led to another 16 firms being fined for recordkeeping failures. The $81m in penalties adds to the $2.6bn already levied for failures to maintain and preserve electronic communications, serving as a stark reminder that regulators’ focus on recordkeeping isn’t going away.  

Data protection is, and will remain, a key priority for regulated firms and regulators alike and is an even greater focus in Data Privacy Week. For companies subject to multiple overlapping global privacy regimes, there is a patchwork quilt of regulation and legislation covering the demands of government regulations regarding sensitive data and data protection, such as theEU General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA).  

2024 isn’t even a month old and already two U.S. regulators have updated their expectations on communications compliance. Firms need to be under no illusions - recordkeeping is, and will remain, a key regulatory focus.


Against a backdrop of $2.6bn+ fines and continuing enforcement action against both firms and individuals, U.S. regulatory expectations on communications compliance are continuing to evolve. Both the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) have updated their stance, approach and expectations as to good and better practice when it comes to communications compliance. U.S. firms in all sectors of financial services would be well advised to review and consider the updated supervisory approach.

The last couple of years have been full of headlines not only of firms being fined for failing to capture digital communications but also of firms themselves taking action against employees for breaching internal policies on the use of unmonitored channels. Wall Street firms in particular are reported to have demoted and exited personnel as well as clawing back bonuses and other remuneration for failing to adhere to the required approach to recordkeeping. 

2023 was an eventful year for digital communications governance. Hundreds of millions in additional fines were imposed in the U.S., with the regulatory focus expanding from banks to include broker-dealers, investment advisers and credit rating agencies. The U.S. wasn’t alone with the UK regulator sanctioning a bank and its energy regulator fining a firm for failing to capture trading communications.