“[The firms that settled] not only have admitted the facts and acknowledged that their conduct violated these very important requirements, but have also started to implement measures to prevent future violations. Other broker-dealers and asset managers who are subject to similar requirements under the federal securities laws would be well-served to self-report and self-remediate any deficiencies..”
— Gurbir S. Grewal, the SEC’s Director of the Division of Enforcement
With several major banks facing $1.1 billion in penalties for using unauthorized digital message channels to conduct business, it’s clear that it’s time for a change. Additionally, the SEC’s scrutiny extends beyond broker-dealers to investment funds, indicating the issue is being investigated from a more holistic standpoint. The government has made it clear that it expects businesses to conduct all business dealings on approved channels and must archive all communication. Those that don’t adhere to these rules can expect an investigation and hefty fines. It’s time for the finance industry to update its communications policies and ensure its employees are adequately trained to remain compliant.
With $1.1 Billion Penalty Deal, SEC Joins DOJ in Firing Warning Shot at Financial Services Industry About Outdated Employee Communications Policies
The SEC has long required securities broker-dealers to closely monitor and preserve employees’ business communications. In 1997, the SEC extended the rules to electronic communications and proposed updates to these requirements in late 2021, underscoring the need for preservation while also updating the rules to better reflect the evolving technology in the field. However, financial institutions and other businesses have found it increasingly difficult to monitor and preserve employee communications due to the proliferation of personal email, text, and messaging platforms. As a result, many large banking institutions received significant fines for not adhering to the rules. With the help of competent counsel, financial institutions and other companies might consider policies that discourage employees from using personal devices, personal email, social media, or messaging accounts to transact and document business. In addition, counsel can assist companies in implementing these practices to track and preserve such communications to improve business functions and prepare for audits, government investigations, and litigation.
In Law360, Litigation & Enforcement Team Discuss the SEC’s Crackdown on Employee Use of Messaging Apps
Employee use of unauthorized messaging apps in the banking industry is a well-documented problem that the SEC is cracking down on. But there are a few key areas to focus on to address this issue: policies and procedures, training, testing, and enforcement. First, companies should closely examine their policies and procedures addressing message retention and using personal devices and third-party messaging platforms. Companies should focus on training to evaluate whether employees fully understand relevant corporate policies, including message retention and corporate access, and the company’s risks for failing to comply. Finally, violations of company policies and procedures on these issues should be investigated and come with tangible consequences. Firms should have appropriate frameworks to address noncompliant behavior, including exploring additional technological safeguards.
Companies Should Beware Of Employees Texting Business Communications
For companies that are not subject to securities or commodities laws or regulations, off-channel communications nevertheless present a compliance problem. One example of this is Foreign Corrupt Practices Act (FCPA) enforcement. The policy provided that a company could not receive full credit for remediation of a potential FCPA violation without demonstrating that it “prohibit[ed] employees from using software that generates but does not appropriately retain business records or communications.” In 2019, the DOJ updated its FCPA policy, clarifying that companies do not have to prohibit employees from using messaging apps but must at least “implement appropriate guidance and controls” regarding the use of these apps, which undermine the company’s recordkeeping capabilities. This policy shift freed companies from having to impose blanket prohibitions on messaging apps. Still, it required them to make difficult decisions about what kind of guidance and controls would be considered “appropriate” by a potential DOJ investigator based on the business’s particular circumstances or the type of communication at issue. The bottom line: companies must carefully consider what guidelines and training are necessary to ensure that the company maintains a proper level of recordkeeping.
SEC Scrutiny into Wall Street Communications Shifts to Investment Funds
According to four people familiar with the inquiry, the SEC’s scrutiny of how Wall street handles work-related communications on personal devices and messaging apps has expanded beyond broker-dealers to investment funds and advisers. The SEC’s enforcement unit has sent inquiries to several funds and advisers asking for information about their protocols for so-called “off-channel” business communications as recently as last week. In addition, the agency has asked firms to preserve and produce documents and share information on policies related to the use of devices and platforms. The SEC periodically conducts such sweeps to quickly gather information on issues it suspects may be widespread. Sweeps can sometimes, although not necessarily, lead to formal probes.