As private communication apps, like WhatsApp or text messaging, are becoming increasingly popular in the workplace, the risk of recordkeeping failures becomes greater, particularly in the financial services industry.
In late 2022, the U.S. Securities and Exchange Commission (SEC) investigated 15 broker-dealers and one affiliated investment advisor for firm-wide recordkeeping failures through private electronic communications.
According to their report, the SEC found that from January 2018 through September 2021, all 16 firms’ employees communicated via off-channel communications on their personal devices about business matters, involving various levels of authority, including supervisors and senior executives.
The firms combined were charged over $1.1 billion in penalties for violating recordkeeping provisions of the Securities Exchange Act of 1934 and failing to prevent and detect these violations.
One of the biggest challenges companies face is the ever-evolving messaging apps.Each app has its own methods of access, AI capabilities, and messaging abilities, which are hard to keep track of and retain records for when necessary. This can especially make it difficult to monitor and keep records of private communications, which played a role in the SEC’s investigation of these 16 firms.
What best practices have we learned from their errors in digital communication and recordkeeping?
- Learn which messaging tools work for your employees and clients and ensure that it is being monitored.
- Be aware of the information security risks that are present with BYOD (bring your own device). Consider the use of corporate owned devices if communication is prevalent.
- Review your record retention policy on a yearly basis and ensure that your definition of “business records” is up to date with current technology and client dynamics.
- Review your current supervisory technology to ensure that they are up to date with messaging technology. Furthermore, perform due diligence on third party vendors. These vendors should be familiar with the regulations of the financial service industry.
- Policies don’t cut it! Ensure that behind a policy there is enforcement and a company culture that supports the prevention of record retention failure.
Understanding the prevalence and consequences of private digital communications in the financial services industry as well as being able to mitigate its risks is crucial to protecting your institution and clients.
The Schneider Downs Risk Advisory Services team can aid with the prevention and detection of digital communication via off-channel communications.
About Schneider Downs Risk Advisory
Our team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.
Explore our full Risk Advisory Service Offerings or contact the team at [email protected].