Theta Lake Blog

The Failure to Capture Digital Communications Gets Personal

Posted by Susannah Hammond on Jan 11, 2024 9:05:00 AM
Susannah Hammond
Find me on:



The last couple of years have been full of headlines not only of firms being fined for failing to capture digital communications but also of firms themselves taking action against employees for breaching internal policies on the use of unmonitored channels. Wall Street firms in particular are reported to have demoted and exited personnel as well as clawing back bonuses and other remuneration for failing to adhere to the required approach to recordkeeping. 

The personal consequences of a failure to capture digital communications are here to stay with regulators showing zero tolerance for continuing breaches. As an example, in December, the Financial Industry Regulatory Authority (FINRA) announced two disciplinary actions against individuals for failures to capture and retain digital communications.

Individual barred

In the first action, FINRA barred an individual from the industry in all capacities. Without admitting or denying the findings, the individual consented to the sanction and to the entry of findings that he refused to provide documents and information requested by FINRA in connection with its investigation into the circumstances surrounding his termination from his member firm. The individual was registered with FINRA as a General Securities Representative until the member firm terminated his registration in March 2023, the member firm subsequently filed an amended termination form stating that at the time of the individual's termination, he had been under internal review for the "use of digital communication channel (text messaging) and discretionary orders."

Individual fined and suspended

In the second action, an individual was fined $5,000 and suspended from conducting business for 30 days. The individual consented to the sanctions and to the finding that he caused his member firm to maintain incomplete books and records by using a text messaging application that was not approved by the firm to exchange information concerning customers’ investment profiles and account balances, among other details. The findings stated that the individual did not retain copies of any of such communications for his firm to preserve.

“I support this enforcement action … as another victory in holding Wall Street institutions accountable for their pervasive use of unauthorized communication methods, like private texts and in some cases Whatsapp, violating the law and evading regulatory oversight requirements. Together with our previous offline communications enforcement actions, the Commission has levied over $1 billion in penalties against 20 Wall Street institutions and large foreign banks, sending a zero-tolerance message to those who seek to evade regulatory oversight. This is combined with over $1.5 billion in penalties from the SEC, for a total of more than $2.5 billion in penalties.

These and the previous CFTC cases shut down and bring transparency and public accountability to pervasive and evasive market participant practices that jeopardize market integrity and violate the law.

Statement of Commissioner Christy Goldsmith Romero In Support of Holding [ ] Accountable for Widespread Use of Whatsapp and Personal Text Messaging to Evade Regulatory Oversight, September 29, 2023

Predictions for 2024

Theta Lake’s exclusive industry and regulatory insights for 2024 included the fact that the consequences of unmonitored communications will continue to plague firms with 74% of firms saying it's likely that employees are still using unmonitored communications channels. But it’s not just unapproved channels. Regulators will be scrutinizing all communication types. Being able to capture all channels, from voice to in-meeting chat, as well as the context like emojis, GIFs, reactions, deletions etc,  will be a priority for firms.

In addition to the insight that the vast majority of firms are revisiting their communications compliance with 40% already having made it a board level topic. Firms should be aware that the issue needs to be assessed urgently at the highest level before a review is mandated or required by regulators. In particular firms and their senior management should be under no illusions - the fines for communications compliance failures are NOT over and personal liability is increasingly likely. The regulatory rhetoric is now exceedingly blunt citing both zero tolerance and a spotlight on the C-suite to embed the required compliance.  

Indeed the unintended consequences of disabling unified communication and collaboration (UCC) features will be increasingly expensive. The practical reality is that many firms have chosen to disable core UCC features as their existing tools can’t capture them &/or make them searchable for detecting and reporting risks. The unintended consequences of disabling productive features in approved UCC platforms is not only the perpetuation of staff being driven to unmonitored communication channels, but also a profoundly diminished ROI in the UCC tool(s) themselves with firms paying for features they aren’t using so employees aren’t able to maximize their productivity. 

How Theta Lake can help

Backed by the investment arms of Cisco, RingCentral, Salesforce, and Zoom, Theta Lake’s multi-award winning product suite provides patented compliance and security for modern collaboration platforms, utilizing hundreds of frictionless partner integrations including RingCentral, Webex by Cisco, Microsoft 365 and Teams, Slack, Zoom, Movius, Box, Mural, Asana and more

Theta Lake empowers organizations to safely, compliantly, and cost-effectively expand their use of unified communication platforms by enabling capture, compliant archives, and acting as an archive connector for existing archives of record across video, voice, and chat collaboration systems. Customers benefit from:

  • Searching instantly across participants, all modes of unified communication and collaboration tools, meshed conversations, and timelines in an easy to navigate search system that covers and provides full replay for voice, video, chat, email, images, emojis, files, whiteboards, and more.

  • Patented AI & ML to detect, surface, and enable actual response for regulatory, privacy, and security risks in an AI assisted review workflow with remediation and patented UCC security control integrations for protection across what is shared, shown, spoken, and typed.

  • The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation, with full context retained including images, GIFs, emojis and reactions.

  • Theta Lake’s risk and compliance suite provides an advanced security and privacy architecture named STAR3 (Secure in Transit, Access, in Redaction, Remediation, and Removal), which is  SOC2 Type II certified with ISO 27001 mapping, PCI DSS certified, 17a-4 and audit trail attested, BAA supported, and undergoes regular penetration testing so our customers, partners, and regulators worldwide are confident in That Lake’s data and system security, integrity, and privacy. 

Ways to learn more

  • Theta Lake’s Digital Communications Governance, Compliance and Security Report 2023/24 can be downloaded here

  • Visit: | LinkedIn | X at @thetalake

  • Join a weekly 30-minute demo webinar here or request a bespoke demo today from the  friendly Theta Lake team here

  • Keep up to date with regulatory perspectives from Theta Lake here


Comment Here



Subscribe here to stay up to date!