Industry Insight

Digital Communications Compliance: Predictions for the 2nd Half of 2023

July 14, 2023by Robert Cruz

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

June 30, 2023, marked the end of an unprecedented year in digital communications. We’ve witnessed a slew of 37 new or updated rules, the implementation of the SEC 17a-4 recordkeeping update, a Marketing Rule update and a cyber rule (Rule 10) that will impact the industry well into the future. Meanwhile, we also have seen the unfettered explosion of ChatGPT and similar large language models (LLMs) as tools to improve content generation and decision-making efficiency. How firms communicate and collaborate will continue to be front and center on the regulatory radar for the balance of 2023.

So, what should we expect over the next six months? Here are a few observations related to the two topics that dominated the headlines in the first half – off channel and LLMs – that will continue into the second half of 2023.

Off-channel: The beginning of the end of regulation by enforcement?

Despite clear signaling by the SEC and FINRA regarding ongoing focus on off-channel communications, many firms struggle to arrive at a point they believe is ‘good enough’ to satisfy the regulatory mandate to identify and remediate deficiencies. It’s clear, as SEC Chairman Gensler stated at the FINRA Annual Conference, “policies alone are not sufficient” – but determining the optimal mix of policy tuning, updated training, and oversight procedures remains elusive. This parental notion of scolding the child – and only then telling it what should have been done – is raising the frustration level surrounding the ‘regulation by enforcement’ strategy and will increase the pressure level for the SEC to modify its approach. Other implications of the off-channel communications topic include:

The move toward corporate-owned devices (COD) continues, with limits

While we can expect a continuation in the shift toward COD strategies, the economics of deploying and maintaining mobile devices becomes more challenging with size. This will drive greater awareness of mobile device management (MDM) features available to support BYOD strategies, as well as an increase in firms that use hybrid approaches.

Oversight practices of mobile remains vexing

Beyond the device policy decision, the struggle of determining what supervisory/surveillance practices will be considered ‘reasonable’ by regulators will continue – particularly for non-regulated users such as executives. Should non-regulated users be added to supervisory pools? Should existing supervisory policies be tuned to look for off-channel breadcrumbs from non-regulated users for further inspection? Best practices will remain elusive, which we have recently attempted to capture in this white paper we produced in conjunction with Ernst & Young.

The playing field expands to non-text-based messaging

As noted by FINRA at the annual conference, firms should be considering the use of alternative content formats like voice and emojis as potential sources of off-channel activities from those attempting to avoid monitored channels. We expect that scrutiny in this area will intensify given the nature of today's multi-modal collaborative tools and will likely be the subject highlighted in future enforcement actions.

Self-reporting and stronger collaboration with regulators will increase

The SEC made a very clear statement in contrasting its most recent enforcement actions in the $7M to $15M neighborhood against the more sizable earlier fines. In paraphrasing SEC enforcement head Grewal's words, the difference is intentional to reflect firms that had self-reported off-channel lapses and action taken on deficiencies that had previously been identified. The results of this message should become evident through additional enforcement actions in the second half in the 'smaller' fine category for global banks, as well as smaller broker-dealers and advisers.

ChatGPT will make its mark on compliance

Over the last year, ChatGPT and other large language models (LLMs) have gone from the obscure to the mainstream. What has become clear is the enormous potential to completely redefine everything from specific jobs to entire industries. What needs to be clarified are the implications for regulated businesses in terms of understanding how they can be governed to remediate their risks effectively. Here’s what lies ahead:

Prohibition policies will be enacted

Despite the disruptive opportunities created by AI, the policy move most firms will make is to say 'no' until they have a better understanding of its impact and risks. For many of its potential uses, ChatGPT serves as a tool to support decision-making and delivery of content, and as such, will initially be treated under the same (if not greater) level of scrutiny as other unapproved communications tools currently under the regulatory microscope.

Due diligence of existing applications will intensify

As we've seen countless times, prohibition is rarely effective, and it isn't easy to see a different outcome for an area of technology that is driving at a pace of innovation never seen before. Firms can provide policies, training and squash internal projects. Still, they will continue to expend a growing amount of energy in assessing how AI-driven functionality may be embedded by existing applications and systems to ensure that the firm's assets and information are not exposed to models with inadequate controls.

Firms will prioritize investments in controlled applications and systems

Despite the hype surrounding ChatGPT, regulated firms will look first toward large language models designed and trained for specific, controlled processes such as conduct surveillance for investigation of off-channel communications and outside business activities. Other processes are also likely to focus on internal decision-making processes using closed models where inputs and outputs can be better controlled.

AI will change monetization strategies of content source providers

AI and LLMs will continue to be seen as a monetization opportunity for many, including Microsoft, Google, Salesforce, Meta and what remains of Twitter. This has changed the perception of value created by the information within their applications and has resulted in a change in the cost that some seek to impose to extract information from those applications. This has significant implications for the content sources financial services firms choose to allow for business use and will result in increased pushback from the industry and a switch to more economically favorable alternatives.

Regulators will chime in

With opportunity comes the potential for fraud and abuse, followed by regulatory focus. As the SEC has already stated that it sees AI as a source of the next financial crisis, we should fully expect guidance from the SEC on how regulated firms should attempt to govern its use and manage its risk.

These are just the beginning of topics that center on digital communications. Crypto appears to be finally reaching the end of its era of regulatory limbo as infrastructure, payment or security – or some combination – and getting closer to an oversight structure as the result of current litigation. Regional banking will likely see increased regulatory oversight, including increased inspection into insider trading and greater accountability placed upon external auditors.

There’s a long list of topics — RegBI, Digital Engagement Practices, Marketing Rule enforcement, Rule 10 finalization and more —for us to explore further over the Summer Break Sessions. Stay tuned.

Share this post!

Robert Cruz
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.