“Financial institutions are like ships at sea, vulnerable to crises that arise unexpectedly. Like a ship struck by a wave, the institution has an urgent need to regain stability. Compliance teams are well-positioned to help right the ship and navigate through the crisis.”
– Sepidah Rowland, Senior Managing Director, FTI Consulting
This week, we learn about the expectations of rapidly evolving digital communication preservation, regulatory guidelines, and what this means for firms to remain compliant with an increased focus on off-channel communications. We also consider the role of compliance in a crisis and how to utilize it to stabilize the situation. Finally, explore emerging issues and best practices for ensuring effective compliance programs.
Policing the Wild Frontiers of Digital Communications
As of January, the National Archives and Records Administration acknowledges through preservation requirements that most people use multiple devices and platforms to communicate about work and that important conversations occur outside of paper and email. As a result, agencies should expect guidelines to evolve rapidly as digital natives become more prevalent in the workforce and diversify the tools they use. To ensure compliance, agencies should create, distribute, and audit policies outlining where and when employees can discuss their work. They should also ensure they have the technology to collect and store relevant data, especially for new data types like chats, cell phone messages, and app data. Finally, they should adopt cloud-native technologies and regularly review and update policies to future-proof against emerging trends.
Messaging Missteps: SEC’s Increasing Focus on Off-Channel Communications
The US Securities and Exchange Commission’s (SEC’s) Enforcement Division is conducting a sweep investigation of large investment advisers regarding their employees’ use of “off-channel” communications, which includes text messages from personal phones, personal email, WhatsApp, and other platforms not typically captured or monitored by advisers. The sweep follows the SEC’s announcement of settlements against several large broker-dealers for using off-channel communications, resulting in $1.235bn of cumulative penalties. As a result, private fund advisers are reviewed more closely, and smaller asset management firms may face similar scrutiny. Asset managers can minimize future exposure by reassessing compliance with recordkeeping requirements relating to off-channel communications, ensuring policies and procedures accurately reflect current practices, and having a process for handling potential violations.
Finding Stability in a Storm: The Role of Compliance in a Crisis
Financial institutions, like ships at sea, are vulnerable to unexpected crises that can have regulatory, financial, and legal implications. Compliance teams can help these institutions right the ship and navigate through crises. Situations can arise from various external and internal events, such as geopolitical developments, liquidity problems, cyber events, data breaches, domestic violent extremism, internal investigations, litigation or enforcement actions, and natural disasters. These events can cause damage to the institution’s brand or reputation and lead to negative comments on social media, shareholder expectations, and regulatory scrutiny. Therefore, compliance professionals must establish basic skills and relationships to help stabilize their organizations during crises.
On the Cutting Edge: Emerging Issues and Best Practices for Ensuring Effective Compliance Programs
Implementing an effective compliance program for organizations is essential, with the U.S. Federal Sentencing Guidelines for Organizations 8B2.1 Effective Compliance and Ethics Program serving as a framework. The recently updated guidance memo from the U.S. Department of Justice (DOJ) provides more specific guidelines for evaluating a compliance program, focusing on its design, adequate resourcing, empowerment, and whether it works in practice. This article discusses the DOJ’s emphasis on individual accountability and the importance of incorporating lessons learned through culture surveys, audits, investigations, and updated risk assessments, policies, and practices. This article also introduces Compliance Maturity Model (CMM) as a tool to measure the effectiveness and maturity of each element of a compliance program, with templates available to assess progress and identify the next steps to improve compliance programs.