The U.S. Securities and Exchange Commission (SEC) has intensified its focus on the compliance of financial services firms with record-keeping regulations.
Since 2021, the SEC, along with the Commodity Futures Trading Commission (CFTC), has levied fines totaling $2.7 billion against over 40 firms for failing to adequately record and preserve employee communications conducted through messaging apps like WhatsApp and iMessage, as noted by ACA Group's compliance experts.
While the initial enforcement actions have largely targeted large broker-dealers and swap-dealers, RIAs (Registered Investment Advisors) are also under obligation to retain employee communications. Krista Zipfel, Director of Regulatory Compliance at ACA, in a recent presentation, highlighted that RIAs could soon be under closer scrutiny by the SEC.
SEC Enforcement Director Gurbir Grewal emphasized the commission's shift towards imposing significant penalties to ensure industry compliance. A notable instance was the joint announcement with the CFTC in September, where eight firms were fined $125 million each for record-keeping failures, amounting to a combined penalty of $1.8 billion from both regulators.
The rigorous enforcement reflects the regulators' reliance on accurate record-keeping for effective market oversight and investor protection. The extent of non-compliance, involving widespread and long-term use of unapproved communication channels even at senior levels, has been a significant concern for regulators.
Faced with this heightened regulatory focus, advisors must proactively ensure compliance with communication policies. ACA Group suggests a comprehensive approach starting with a survey to identify the communication apps used by employees. This informs the creation of an approved list of communication channels that meet record-keeping requirements.
Marc Salter, ACA’s Managing Director of Business Development, advises engaging with advisors to understand their communication preferences and exploring technological solutions to integrate business needs with compliance requirements.
In developing a communication strategy, firms should consider policies regarding the use of company-issued devices versus personal devices, ensuring all communications are recorded irrespective of the device used. Employees must be aware that there is no expectation of privacy in communications conducted on approved channels, even on personal devices.
ACA underscores the importance of firmwide training and education on these policies, suggesting that firms require employees to attest to their compliance with communication policies.
Finally, firms should implement monitoring and surveillance systems to ensure adherence to approved communication channels. These systems should be designed to detect anomalies, such as discrepancies between trading activity and recorded communications.
In summary, the SEC's stringent enforcement on record-keeping underscores the necessity for RIAs and other financial firms to rigorously maintain their books and records. The steps outlined by ACA provide a structured approach to achieving and maintaining compliance in this critical area of financial regulation.
