Enforcing from within: Morgan Stanley proactively tackles compliant communications

As a result of 2022 enforcement action from the Securities and Exchange Commission (SEC), which saw Morgan Stanley pay $200m in regulatory fines for longstanding failures to “maintain and preserve electronic communications”, the firm has taken steps to call out those that were involved in the activity and issue them with monetary fines.

These fines, according to the Financial Times, are being issued on a sliding scale, from a few thousand dollars to over $1 million per individual. The penalties take into account aggravating factors such as the seniority of the employee, the number of messages sent, and whether they had received prior warnings about their use of illicit communications. These may either be clawed back from previous bonuses, or docked from future pay.

Morgan Stanley’s internal action adds to a long line of enforcements coming out of the U.S. surrounding illicit communications. Last year, the SEC’s Enforcement Results revealed that $1.235 billion of the $4.2 billion in regulatory fines issued concerned “cumulative penalties paid in connection with recordkeeping violations”. Regulators have been closing in on communication data for some time, and here we see firms proactively looking to ensure they meet more stringent regulatory requirements.

What is interesting in this instance is that the punitive action is coming from within the firm, rather than from regulators directly. Morgan Stanley are making it clear that they take compliant communications seriously by taking proactive steps to tackle illicit communications, and deterring similar activity moving forward so they won’t face similar regulatory attention in future.

Will internal enforcement set a precedent?

Moving away from a historically applied “3 strike system”, Morgan Stanley are instead taking a tailored approach to internal enforcement, with varying scales of fines issued. As mentioned above, aggravating factors include seniority of employee, and whether they received prior warning concerning their use of illicit communications.

In December 2022, FINRA issued fines to two senior managers who, despite ample warning from the compliance team, continued to use prohibited channels to conduct business communications. As well as showing its desire to take compliant communication seriously, Morgan Stanley’s action could set a precedent for how firms tackle unauthorized communications going forward – adding a degree of jeopardy for employees.

Reputational damage is a high price to pay

In the wake of the SEC’s 2022 enforcement action, Morgan Stanley will have faced long-lasting reputational damage with both consumers and peers questioning the firm’s compliance systems. This internal enforcement sends a clear message to the outside world; ‘we’re taking compliant communications very seriously now’. Of course, an element of these internal fines will be a reputation boosting exercise, as much as it’s an exercise in proactive compliance too.

Of course, while Morgan Stanley should be applauded for their willingness to weed out bad actors from within, their action still comes as a result of compliance failings to begin with. Incidentally, none of this remedial action would have been necessary if Morgan Stanley had a robust grasp on their business communications from the outset. And some may ask whether the threat of punitive action is the best solution to empower employees and simultaneously boost compliance.

Commenting on the announcement in CityAM, Global Relay’s Director of Regulatory Intelligence, Alex Viall, said:

“Morgan Stanley is being proactive here and adapting to market practice that everyone is currently struggling with. The penalty system sends a strong message to regulators that it takes its recordkeeping compliance seriously. All of the firms that faced significant enforcement, and indeed the rest of the market, have had time to analyze how pervasive the use of personal devices and messaging is within their own organization. There has been a range of reaction, from a total ban on using social messaging to contact customers, to adoption of manual recordkeeping, and new technology adoption.

But the genie is out of the bottle. This is a short-term approach and firms need a better technology solution that enables traders, brokers and asset managers to continue connecting with their counterparts efficiently and compliantly.

There are workable solutions that allow for communication by text, voice or social that are compliant and official, and are still captured and seamlessly pushed into the required supervisory systems and workflow. Compliance is crucial but adopting these solutions is also a matter of competitive advantage.”

Solutions, not restrictions, for compliant communications

Within its reporting, the Financial Times notes that “many banks now require employees to take a picture of work-related messages on personal devices and forward them to the compliance departments so that they can be preserved”. This revelation, which does not link directly to a source, raises interesting questions around the reliability of any such disclosure. Screenshots of messages creates room for manipulation and doctoring – a deleted text here or there to frame a conversation in a different way, perhaps.

This case once again demonstrates that banning communication channels – or patching together a cumbersome, screenshot-based alternative – is not an effective solution for compliance. Instead, it creates an underbelly of illicit or misleading communications where employees – unwittingly or otherwise – continue to communicate for business on prohibited channels. This creates more gaps and greater risk in the long run.

Instead of imposing channel bans, firms should be looking to empower their employees to communicate compliantly. The Global Relay App, for example, allows firms to enable all channels and capture all business-related communications, from WhatsApp through to text and voice. This means that no channel is off limits and all communication can be captured, stored and is easily accessible in the event of regulatory scrutiny.

If firms want to genuinely enable compliant communications now and in the future, they should find solutions – not restrictions.

Global Relay has an end-to-end solution to enable your business communicate compliantly on WhatsApp, text, voice, and beyond.