The SEC’s Review of Personal Phones for Business Communications
A recent Bloomberg report revealing that the SEC has required more than 100 Wall Street employees and executives to hand over their personal cell phones has sent shock waves through the financial services industry.
However, regulations for text messaging are not new. In 2007, regulatory fines for communications expanded to IM and text message. FINRA issued Regulatory Notice 07-59 noting that the context of the message (e.g., the content of the message, the timing, the audience), rather than the electronic form by which it’s transmitted, classifies it as business communication. Yet many firms are still failing to either allow or adequately supervise, the use of text and other mobile messaging for business communications.
Regulators have continued to reinforce the role that communications play in their ability to adequately examine financial service companies. In October of 2021 the Director of Enforcement, Gubir Grewal, stated that these failures not only delay and obstruct investigations, but they raise broader accountability, integrity and spoliation issues.
The hard truth is that business communications in financial services are neither personal nor private. The SEC has demonstrated that they can and will ask for personal devices if they intend to perform an inspection. Firms must make sure they have the right processes and technology in place to establish, maintain, and enforce supervisory systems for all business communications, whether internal or external, in case of regulatory or legal review.
How to ensure mobile compliance
Update your electronic communications policies and procedures to address mobile messaging. Consider addressing in your policies and procedures which mobile messaging applications you allow, and which are prohibited. How will you effectively capture, archive, and supervise the messaging applications that you allow? Consider taking proactive steps to monitor for prohibited networks to watch for policy violations and maintain evidence of this review.
Make sure that employees understand and adhere to their obligations regarding communications. The cost of non-compliance is higher than ever. The SEC is conducting a sweep exam on how financial services firms are meeting their obligations with mobile messaging communications (one large Wall Street bank has already been charged $200 million in fines and fired several executives). So, prioritize this in your training program. Be clear about the possible corrective actions taken against policy violators and enforce these actions. Additionally, be sure to include all employees in your training program. While registered employees tend to require more training due to their regulatory obligations, this is an issue that should be considered firm-wide.
How Smarsh can help
Smarsh offers a solution that can capture mobile content directly from leading carriers and BYOD providers. Once captured, mobile content is automatically sent encrypted to Smarsh where it’s available for fast, on-demand search alongside your other archived communications. These communications are threaded together to contextualize conversations, allowing for a more effective review.
With the ever-increasing demand from clients and employees for the use of mobile messaging for business communications, continuing to prohibit all use of these applications is futile. Consider which applications can be most effective for your employees and engage with a reliable vendor to help ensure you can meet your regulatory obligations.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US