A man types on his phone in the dark because he is using illicit comms

Illicit comms: not just a few bad actors

As technology evolves, it's hard for firms to ensure compliant communications. But does banning certain apps lead to a rise in illicit comms?

24 January 2023 5 mins read
By Jennie Clarke

Not all communication channels are created equal, especially when it comes to compliance. While many channels (take email, for example) have longstanding and established compliance frameworks, newer channels have yet to receive the same treatment, leading a rise in illicit comms.

The problem with compliant communications lies at the intersection of time and innovation: new methods of communication are created rapidly, leaving regulators and compliance teams struggling to keep pace with innovation. Take Snapchat, for example. Just as financial regulators managed to get their heads around SMS texting for business purposes, along came Snapchat – which allows users to send ephemeral messages that exist briefly and self-delete 10 seconds after delivery. And while this might be a challenge for financial regulators, imagine the headache it gives the compliance team.

What are illicit comms?

With the proliferation of digital messaging tools for business purposes, some firms are moving to ban or restrict certain communication channels in an attempt to avoid recordkeeping gaps. However, the rise in banned applications has given way to a new problem: illicit communications (illicit comms), aka business communications that take place on these banned apps.

The birth of illicit comms

From the Financial Conduct Authority’s (FCA) Handbook SYSC 10A, to MiFID II and FINRA Rule 3110, regulations surrounding the capture, monitoring, and surveillance of digital communication channels are far-reaching and robust. However, while regulatory obligation is not new, many firms have yet to fully get to grips with the gamut of communication options, nor how to capture them all.

This was made clear in December 2021, when JPMorgan Securities received a $200m fine for widespread and longstanding use of unrecorded eCommunications including text, personal emails, and WhatsApp. In September 2022, the Securities and Exchange Commission (SEC) and the Commodities Futures Trading Commission (CFTC) issued fines amassing $1.8bn to 15 broker dealers – in a move which “underscored the importance of recordkeeping requirements”.

In the wake of these unprecedented fines, many firms acted to ensure they wouldn’t be next in the firing line. However, in most instances financial organizations simply banned communication channels, on the premise that ‘if employees aren’t using it, we don’t have to record it’. Nothing could go wrong… right?

However, as a result of channel bans, we’re quickly seeing a rise in the use of illicit comms, and punitive action as a result. Employees – at all levels of an organization – seldom respond well to banned apps; perhaps they’ve got a prospect who insists on using WhatsApp, or perhaps they like to SMS text their peers about potential trades. Either way, the banning hasn’t worked and thus these illicit comms are slowly getting firms into even deeper regulatory hot water.

For example, in December 2022, FINRA took action against an investment bank and two senior managers for their use of illicit comms. Within the firm, the use of text messages for business operations had been prohibited, however senior managers continued to use text messages for business purposes, despite ample warning from the compliance team. This use of illicit comms saw the firm pay $1.5 million in fines, with the two senior managers facing fines and suspensions.

In the UK, the Financial Conduct Authority has set its sights on financial promotions that are made across digital services, such as Instagram and Twitter, which will also need to be captured where they are used for business purposes. For compliance officers, this is a communication minefield.

How can we eradicate illicit communications?

While compliant communications may be a minefield, 2023 is not the year for compliance officers to take cover or bury their heads in the sand. As demonstrated in recent regulatory action, the restricting of certain channels is not a viable solution. Channel bans seldom work and are increasingly falling out of favour with financial regulators who are encouraging a proactive approach to compliant communications.

So how can firms prevent the pervasive use of illicit communications? The answer, somewhat paradoxically, is to open up your communication channels and capture them all, turning illicit comms into compliant comms with the flick of a switch.

The logic is clear: if you capture business communications, you will be compliant. So, if you capture all communication channels, you remove the potential for messages to fly under the radar, mitigate your risk, and can be confident that your business is communicating compliantly.

At Global Relay, we like to make every day a ‘yes day’ for compliance. No longer must firms ban channels and cross their fingers that staff will comply (or senior managers, for that matter). Instead, organisations can enable compliant communications by ensuring that they are capturing every communication from every channel.

With Global Relay, you can say goodbye to illicit comms by WhatsApp enabling your business and monitoring eComms across text, voice, video and instant message. This means that illicit comms are eradicated for good, because nothing is illicit when you’re able to compliantly capture it all.

If you’d like to know more about how Global Relay empowers compliant communication for your business, we’d love to hear from you.