The Securities and Exchange Commission recently announced penalties levied against broker-dealers, investment advisers, and other registered entities for compliance failures relating to off-channel communications. With 16 firms fined over $81 million, this development drives the total fines imposed by the SEC and Commodity Futures Trading Commission on these matters to a staggering $2.6 billion.
Increasing instances of such sanctions should push Compliance Officers to reassess and refine their strategic objectives. Each of these cases highlights different aspects of non-compliance and yields insights, which if heeded, can help organizations avoid the same pitfalls.
Credit for cooperation and self-reporting of recordkeeping issues emerge as significant takeaways in the current fines. Notably, the firm that self-reported its compliance shortcomings, Huntington, was only fined $1.25 million which is a stark contrast to the usual fines ranging from $8 million to $16.5 million.
Another insight: the SEC does not hesitate to impose hefty penalties if it finds senior staff involved in unauthorized activities. Fines have also been levied for using unapproved communication methods or personal devices, underlining a clear need for thorough and widespread emphasis on compliance.
In addressing communication oversight issues, the SEC’s stance on personal devices requires careful attention. Rule 17a-4(b)(4) clearly requires the retention of “[o]riginals of all communications received and copies of all communications sent“, and applies to all devices and applications. If the conversation pertains to firm business, it must be recorded and retained, no exceptions.
To meet this stringent requirement, Compliance Officers should consider deploying multi-capability communication applications like Zoom Video Communications Inc., Cisco Systems Inc., or RingCentral Inc. These apps facilitate conversations on corporate-issued or personal devices and can be integrated with modern compliance platforms that capture the entire spectrum of dialogues, including emojis, file transfers, reactions, and more.
In instances where popular applications such as WhatsApp or WeChat are used, solutions offering integrations into these platforms could be leveraged. Feeding into compliance platforms, they facilitate monitoring of the various modes of interactions including chats, voice calls, and video calls.
Tracking identities and analyzing conversations across platforms become pivotal when senior managers are potentially engaged in problematic activities. Compliance platforms that stitch together email addresses, corporate IDs, and phone numbers can provide a comprehensive identification and search of all message content, yielding useful insights.
Moreover, strongly worded prohibitions on off-channel communications are insufficient. Substantial behavioral changes are needed, and proactive reporting of identified compliance issues to the SEC is crucial. However, reporting violations is not the end-goal, but a step in a process that includes meaningful remediation efforts.
As illustrated by the reduced fine imposed on Huntington for its self-reporting, the firm assisted the SEC in investigating the conduct while undertaking significant remedial measures. This laid a path for all firms seeking reductions on potential fines—swift identification and rectification of issues coupled with proactive reporting.
In conclusion, an emphasis on unifying and capturing interactions, exploring and leveraging innovative communications platforms, and proactive reporting and remediation of identified issues will aid Compliance Officers in steering clear of ‘Groundhog Day’ situations of their own.