Communications Compliance: The Takeaway for 2019

Post-Email Channels Deserve Increased Scrutiny

Text messages, social media and collaboration platforms are now squarely in regulators’ crosshairs, and organizations are increasingly being caught unaware. Smarsh’s Mike Pagani discusses why, as firms enable contemporary communications to enhance efficiency, it’s critical to capture and supervise all pertinent communications for proactive monitoring and supervision. The alternative leads to higher risks of reputational damage and progressively painful fines.

If 2017 set the stage for enhanced scrutiny of non-email communications channels, 2018 cemented this trend as the new status quo. Text messages, social media and collaboration platforms are now squarely in regulators’ crosshairs, and organizations of all shapes and sizes are increasingly being caught unaware.

A prime example of this enhanced scrutiny occurred last March, when a former Equifax CIO was charged with insider trading following the company’s massive, widely publicized data breach. Federal prosecutors allege the CIO sold nearly $1 million in Equifax stock after learning of the breach, but before Equifax notified the public. At the center of this case is a series of text messages and emails sent by the CIO revealing fears about the breach immediately prior to the stock sale.

Text message supervision failures struck again in April as a broker was suspended and fined $7,500 for sending 20 business-related text messages to a customer. As the broker’s firm prohibited text message use, these communications were not captured or archived, and thus were not retained. That same month, another broker was suspended and fined $5,000 for using unapproved email accounts and text messages to communicate with “an unregistered administrative assistant about member firm customers.”

Regulators Step Up Enforcement

Alongside an increased focus on newer communications channels, regulators have been stepping up enforcement efforts across the board. As a result, 2018 saw numerous sizable fines levied against firms for offenses ranging from failure to supervise to misconduct. In March, the SEC penalized a bank $3.7 million for failing to supervise traders who were in the habit of making false or misleading statements while discussing bond prices. According to the investigation, the bank failed to employ compliance procedures that might detect that sort of misconduct.

June saw an even larger fine handed down to a clearing firm for anti-money laundering failures as well as recordkeeping and financial failures related to penny stock shares. Not only did the firm fail to institute an anti-money laundering program, it also failed to file suspicious activity reports. All told, the firm was hit with $6.1 million in fines.

Perhaps the most notable example of enforcement from 2018 occurred in August, when the SEC handed down a massive $10.5 million fine to Citigroup for inaccurate recordkeeping and failure to properly supervise traders. According to the SEC, from 2013 to 2016, three traders “mismarked illiquid positions in certain proprietary accounts they managed,” resulting in a loss of $81 million. Though Citigroup fired the brokers, the SEC sanctioned the company for failing to detect the misconduct sooner.

The Takeaway for 2019

As the Smarsh 2018 Electronic Communications Compliance Survey Report reveals, modern communications channels such as social media, text messages and collaboration platforms are in high demand from clients and employees, who both value the speed and efficiency these newer channels offer. Simultaneously, regulators are increasing their focus on these new channels and levying heavy fines where firms are found to be deficient in their recordkeeping and supervision efforts.

Text messages, social media, collaboration platforms and mobile devices are the future of business communications, and your firm must be prepared to deal with this new reality. We highly recommend you update your firms’ written supervisory procedures (WSPs) to include all potential communications channels — and whatever you do, do not rely on prohibition. Prohibiting channels simply does not work, and by prohibiting a channel, you’ve effectively guaranteed that it’s not being monitored. Inevitably, that decision will come back to haunt you.

The key takeaway you should keep in mind throughout 2019 is that as your firm enables modern communications to enhance the efficiency of its workforce, it’s critical to capture and supervise all relevant communications for proactive monitoring and supervision. The alternative only leads to higher risks of reputational damage and increasingly painful fines.