SEC Wall Street Inquiry a Forewarning to Financial Firms on Employee Supervision

Last week, an inquiry opened by the U.S. Securities and Exchange Commission (SEC) into how a number of Wall Street banks are keeping track of their employee communications grabbed headlines.

According to Reuters, the agency’s staff are contacting a number of banks to understand how adequately they are documenting their staff’s work-related communications, such as text messages and e-mails, with a focus on their personal devices, in a so-called ‘sweep’ of the industry.

While it is not clear if this is an actual SEC ‘sweep’ at this point, what is apparent is that the regulator is very interested in how these banks are capturing and supervising digital work-related communications on employee-owned devices.

It’s an interest that has almost certainly heightened amid the rise in remote working since the pandemic, and recognition that the remote worker is here to stay. While remote working certainly has its benefits for both organization and employee, having workers, possibly stressed workers, sending messages at all hours in a home environment, can amplify the compliance risks and challenges at hand.

The rise and rise of mobile communication

It’s no secret that text messages have become a preferred means of communication between financial advisors and clients – they’re easy, convenient, and usually get a quicker response. However, business-related text messages must be retained under SEC and FINRA regulations and even though text messaging enables firm representatives to communicate with their clients effortlessly, many firms are hesitant to adopt a compliant texting solution.

Policies intended to ‘manage’ this risk that prohibit staff from contacting clients from their private devices are proving ineffective, with employees sending texts regardless, a number landing their firms in hot water.

The cost of non-compliance

Last year, a California broker-dealer was fined $100,000 and censured for failing to capture and preserve business text messages that its representatives exchanged with customers, and with each other. This was the first-ever fine issued exclusively for non-compliant texting by the SEC.

In 2018, a New Jersey advisor was fined $20,000 and suspended, partly for conducting securities business via text, and unbeknown to the advisor’s firm. The firm did not retain or review the advisor’s text messages, estimated at 200-400 exchanged messages per month over a two-year period.

And earlier this year neglecting to capture text messages between firm personnel and customers formed one part of a multi-layered action by FINRA against a registered firm, resulting in a $1.5M fine.

Compliance teams who lean on ‘no-texting’ policies to prevent staff sending work-related correspondence on devices that aren’t monitored will find this defense insufficient in the face of a regulator investigation, a point proven by enforcements after exchanges occurred without the firm’s knowledge, and now amid more regulator proactivity on this aspect of compliance.

The benefits of a fully compliant solution

As well as not exposing their firms to unnecessary risk, a compliant texting policy brings viable business benefits including:

• Client engagement – Improving your firm’s relationship with clients by being able to text them back and facilitate engaging client communications.
• Revenue – By increasing communication efficiency, you can prevent lost revenue from opportunities missed if advisors are not able to chat compliantly in-situ, or lose time by moving to a compliant channel.
• Defensible data – Close compliance gaps and empower your firm to produce defensible data against any enforcement action, and mitigate fines and risk to company reputation.

Walking the data privacy tightrope

On the need for firms to keep records of all business-related communications a source told Reuters: “Banks have to walk a fine line to comply with those requirements without infringing upon employees’ privacy.” As such, firms need to look to solutions that help them achieve a balance between their obligation to capture business communication while complying with data privacy rules pertaining to staff, even if they are conducting work-based correspondence on a personal device.

Help is out there

Fortunately, solutions are available to help compliance departments to manage this grey area with employees while achieving cost benefits through Bring Your Own Device (BYOD) solutions.

Global Relay’s secure app (downloadable to an employee’s preferred device) provides a compliant texting solution purpose-built to meet the needs of regulated firms. All business-related conversations exchanged within it are compliantly captured and preserved in a secure cloud, where they can be easily supervised, accessed, and retrieved. The application also separates personal from work-based correspondence, to offer regulated industries a wholly compliant tool for easy communications through a single device, while giving employees the freedom to communicate with their clients, anytime, anywhere.

Regulatory scrutiny around records capture – especially in a fast-moving digital age – is only set to get more intense, and non-compliant behavior – whether intentional or accidental – can be very costly. After all, it only takes one employee act, regardless of intention, to propel their firm into risky waters.

If your firm lacks a compliant texting solution, it is facing regulatory risks every day. Firms would do well to explore policies that cover personal devices for business correspondence in order to fully meet their data governance obligations, and with an increasingly mobile workforce, avoid the penalties of not doing so.

To find out more about how we can help you achieve a fully compliant policy, contact one of our specialists.