“With more employees working remotely and regulatory agencies taking a tougher approach to off-channel communications, financial services firms need to make sure their business communications and data governance policies are updated and enforced so that they are complying with recordkeeping and supervision regulations.”
– Antonio Rega, John Ivan, and Stephen Strombelline, J.S. Held
This week, we examine how financial services organizations can address regulatory risks associated with off-channel communications (OCC). We also further explore new Department of Justice (DOJ) requirements around compliance compensation systems, business data preservation, and the use of personal devices and ephemeral messing applications. Finally, we consider how companies should prepare to address this guidance and what policies they should implement to manage misconduct risk.
Off-Channel Communications: How Financial Services Organizations Can Address Regulators’ Latest Target
Financial services companies have been fined and penalized by regulators for non-compliance with regulations related to off-channel communications. OCC occurs when employees use unapproved and inadequately protected devices or applications to communicate with co-workers, counterparties, and/or clients. Firms must maintain copies of all communications regarding their business, supervise the same, and produce them in response to regulatory requests. Learn how companies can mitigate the risks of OCC, the potential pitfalls associated with OCC, and software applications that can help financial institutions manage OCC. In addition, companies should engage an independent third party with expertise and experience in both digital forensics and compliance issues to ensure compliance.
DOJ Announces New Requirements for Compliance Compensation Systems and Business Data Preservation
The DOJ announced new policies relating to corporate compliance programs, including a pilot program to incentivize companies to promote good behavior and punish criminal misconduct. The Department will require companies to implement a compensation system that rewards compliance and clawback deferred compensation from individual executives who commit misconduct. It will also reduce financial penalties for companies that recover funds from culpable executives through a clawback program. Additionally, the DOJ emphasized the importance of positive incentives for improving compliance programs, such as promotions and rewards, and announced changes to the Evaluation of Corporate Compliance Programs, which will address using personal devices and messaging applications to preserve business data.
New U.S. DOJ Guidance on Executive Compensation, Personal Devices and Ephemeral Messaging
The DOJ has released new policies and guidance on corporate compliance, focusing on executive compensation and the use of personal devices and ephemeral messaging. The department believes that compensation systems that effectively penalize misconduct can incentivize compliance conduct, while personal devices pose significant compliance risks. Accordingly, the new policies will require companies anticipating a resolution with the Criminal Division to implement compliance-based criteria within their compensation and bonus system. In contrast, the DOJ will assess companies’ policies and implementation of financial incentives and disincentives. Companies should also consider the rise in using personal devices and messaging platforms and how to mitigate the associated risks.
Messaging Platform & Personal Device Use is a Firm-Wide Compliance Problem
There is broad regulatory concern over personal devices and third-party messaging applications and the risk they pose to compliance. Prosecutors have been advised to ensure companies have policies that allow collecting all non-privileged documents, including those on employees’ personal devices. Companies should prepare for forthcoming guidance by understanding how employees use personal devices and messaging platforms. Managing misconduct risk related to personal communications and messaging platforms will require companies to develop strong policies that include an individual accountability element for employees. It is suggested that companies implement accountability regimes to hold employees personally responsible for their actions.