2024 isn’t even a month old and already two U.S. regulators have updated their expectations on communications compliance. Firms need to be under no illusions - recordkeeping is, and will remain, a key regulatory focus.


Against a backdrop of $2.6bn+ fines and continuing enforcement action against both firms and individuals, U.S. regulatory expectations on communications compliance are continuing to evolve. Both the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) have updated their stance, approach and expectations as to good and better practice when it comes to communications compliance. U.S. firms in all sectors of financial services would be well advised to review and consider the updated supervisory approach.

The last couple of years have been full of headlines not only of firms being fined for failing to capture digital communications but also of firms themselves taking action against employees for breaching internal policies on the use of unmonitored channels. Wall Street firms in particular are reported to have demoted and exited personnel as well as clawing back bonuses and other remuneration for failing to adhere to the required approach to recordkeeping. 

2023 was an eventful year for digital communications governance. Hundreds of millions in additional fines were imposed in the U.S., with the regulatory focus expanding from banks to include broker-dealers, investment advisers and credit rating agencies. The U.S. wasn’t alone with the UK regulator sanctioning a bank and its energy regulator fining a firm for failing to capture trading communications. 

Gartner introduced a new market category earlier this year, Digital Communications Governance (see our earlier blog here). Recently in November, they published the first Market Guide, outlining what constitutes a DCG vendor and offering some guidance. 

Co-author: Matt Lehman, Industry Principal, Financial Services, RingCentral

Since 2018, Theta Lake has partnered with Zoom to provide cutting-edge compliance and security for Zoom's unified communications (UC) platform. Our expertise in delivering advanced, purpose-built compliance and security technology perfectly complements Zoom, particularly in addressing the specific requirements of risk-sensitive and regulated organizations when using Zoom. As one of the select group of strategic partners chosen to participate in Zoom’s ISV Exchange Program, it is now easier than ever for organizations to benefit from Theta Lake’s purpose-built compliance platform to ensure that all communication content is securely captured, preserved, and supervised.

The SEC exam prioritiesfor 2024 give an essential insight into likely practices, products, and services which will be the focus of the Division of Examinations in the coming year. The priorities are those that pose emerging risks to investors or the markets, as well as examinations of core and perennial risk areas. Given the now more than $2.6bn of fines imposed for recordkeeping failures, it is fair to say that unmonitored communications channels and the incomplete capture of required records will continue to be key supervisory considerations for all U.S. financial services firms.

The results are in

Theta Lake is delighted to unveil its 2023/24 Digital Communications Governance, Compliance and Security Report. In its fifth year, this unique industry report provides an unparalleled insight into not only how modern unified communication tools are being used in practice and the challenges faced by firms in a unified communication and collaboration (UCC) powered work environment, but also current good and better approaches to managing compliance and security challenges.  

The U.S. Securities and Exchange Commission’s Risk Alert provides additional information regarding the Division of Examination’s risk-based approach for both selecting registered investment advisers to examine and in determining the scope of risk areas to examine. It sets out the documents and information that staff will initially request as well as additional requests for information and documents from the adviser the staff may request as the examination progresses. Firms need to be aware that electronic communications–with all of the modalities such as emojis, GIFs, additions and deletions–are specifically included in the regulator’s risk-based approach.