Banks and financial institutions are accountable for their employees’ communications. Regulatory bodies like the US Securities and Exchange Commission (SEC) ensure that these institutions remain compliant with that rules and regulations that protect them and their clients. By November 4, 2022, new SEC compliance reforms will be fully enacted, with stricter requirements regarding social selling and record keeping.
However, these SEC enforcement actions, as well as rigorous fines, have highlighted the digital communication challenges that the financial sector is experiencing – especially when remote work is so normalized, and employees are using unofficial communication applications to conduct business and drive sales.
In October 2020, Morgan Stanley fired two of its executives for breaching internal policies and protocols by using unsanctioned WhatsApp instances for business-related discussions. Six months later, JPMorgan Chase let one of their senior traders go (and cut off bonuses for more than a dozen more), again because of unsanctioned WhatsApp use.
Now, in 2022, even asset managers are tightening their controls regarding the use of unsanctioned apps after the crackdown on banks these past few years.
Cases like these are likely to increase. Changes to the regulatory environment – and rigorous fines and enforcement actions – pose a substantial risk to financial institutions, as they are forced to clamp down even harder on employee communications if they want to avoid fines.
SEC Compliance: A Major Digital Communication Challenge
The not-so-new era of remote work has accelerated the trend of employees using BYOD devices and unofficial communication applications to conduct business and drive sales. Unfortunately, ensuring compliance for these apps and devices is difficult for most organizations.
In October of 2021, the SEC performed a “sweep” of Wall Street banks, peering into how they are keeping track of the digital communications of their employees.
This broad inquiry from the SEC enforcement staff was a check on how well companies were documenting and archiving work-related communications – from text messages to emails – from their employees, particularly those using personal computers, phones, and other devices.
This industry sweep has highlighted:
- The SEC’s move to ramp up the recent regulatory enforcement actions of the Biden administration.
- The digital communication challenges that banks face in keeping track of staff missives and messages in this prevailing era of work-from-home set ups.
As a result of this inquiry, SEC has charged 16 Wall Street firms a total of more than $1.1 billion, after they admitted to a widespread failure of recordkeeping. Furthermore, SEC’s scrutiny has now shifted to include investment funds and advisers.
SEC Compliance: “Be More Proactive”
In a speech, the Director of the SEC Division of Enforcement, Gurbir Grewal, acknowledged that this “time of rapid and profound technological change” we are experiencing has two sides:
“[This change] can help amplify the dynamism of our markets and increase access for investors. But at the same time it also creates new avenues for misconduct, and new responsibilities for compliance.”
Grewal invites everyone to be more proactive in terms of record-keeping violations. Firms need to rigorously consider how their business models and products interact with enforcement priorities and the emerging risks of digital communication, and tailor their compliance policies and protocols accordingly. This helps the SEC, as an investigating body, to conduct proper investigations and maintain market integrity.
Unfortunately, the opposite happens in real life, and this affects financial institutions and firms negatively:
“We continue to see in multiple investigations instances where one party or firm that used off-channel communications has preserved and produced them, while the other has not. Not only do these failures delay and obstruct investigations, they raise broader accountability, integrity and spoliation issues.”
Success Story: Fast-Growing Mortgage Company Reduces Security and Compliance Risks
Walking the Fine Line of Employee Privacy and Data Security
The SEC is clear: a proactive compliance approach should not be a waiting game for market participants. Instead of holding out for SEC enforcement actions, or for other authorized bodies to establish policies and procedures and demand the preservation of these communications, financial institutions need to anticipate these.
“You need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps.”
Successful enterprises are already finding ways to embrace this trend rather than try to work against it. Their solution? Automating compliance supervision and archiving for new communication apps across social and mobile chat.
Banks and similar institutions often walk a fine line between safeguarding employees’ data privacy and securing their business-related communications. However, with the right solution, companies can secure both sides without violating user privacy or increasing the risks of digital communication.
What companies need is a compliance and governance solution that empowers them to automate regulatory reviews, and detect and flag non-compliance without viewing private messages and missives. Specifically, new SEC compliance mandates demand a solution that can isolate business-related messaging from private threads and chats, monitor and archive violations, and send alerts to teams and regulatory agencies within and out of the company. These archives should be ready to access and review anytime, which will help any investigations that follow, without ever needing to expose private and sensitive information from the employee/executive in question.
Crucially, coverage should extend to every device, across social and mobile chat. This way, whatever apps employees are using can be folded into company oversight. The reality of communications can be embraced rather than resisted, and companies can protect themselves.
SEC compliance requirements will only grow stricter in the coming years, especially with the new mandates taking effect this November. Of course, this should not be taken as a detriment to financial services and banks — rather, it’s a way to make sure that both financial institutions and their clients remain protected in this era of digital uncertainty. Therefore, it is high-time for businesses in the financial space to take SEC enforcement actions to heart and bolster their compliance and cybersecurity protocols, with the right solution.
Ready to ensure SEC compliance? See our solution in action!