End of 2023 Sets Tone for Admission and Voluntary Self-Remediation in 2024
Last year was a whirlwind of regulatory enforcement actions, and the final quarter of 2023 proved to be more of the same. By looking at the fines and penalties regulatory agencies are imposing on financial services firms and individuals, we can discover trends regulatory agencies like FINRA, SEC and CFTC are prioritizing for 2024.
Inadequate supervision of MNPI
A financial services firm was recently censured and fined $100,000 for inadequate supervision of material non-public information (MNPI), with regulators calling out substantial gaps in communications controls. According to regulators, the firm lacked sufficient policies and procedures between April 2019 and December 2021 to prevent potential misuse of MNPI, despite operating an investment banking business. The firm exhibited glaring deficiencies in processes related to communications and information security:
- No controls verifying supervisors reviewed employee emails and communications
- No controls verifying supervisors were properly authorized to access sensitive information
- Systems failed to reliably track and monitor affiliate staff with access to MNPI obtained through emails and shared drives
- Delays adding issuers to MNPI restricted trading lists after emails and meetings where confidential details were exchanged
- There weren’t timely reviews of securities transactions in personal brokerage accounts of employees who may have been influenced by email tips or shared documents
Regulators noted that these significant issues with communication channels and information security were first flagged in March 2019 but persisted, culminating in formal disciplinary action. The enforcement action calls on the firm to prioritize enhancing oversight of internal access, usage tracking, and monitoring related to material non-public and other confidential information obtained through emails, shared folders, instant messages and virtual meetings.
Non-compliance with recordkeeping and privacy rules
A U.K. financial services company was fined $140,000 by industry regulators for non-compliance with recordkeeping and privacy rules. Specifically, the firm:
- Failed to record all oral communications by brokers, who were using personal cellphones, violating a rule requiring firms to keep records of all business-related communications
- Allegedly failed to prevent brokers from improperly disclosing customers' confidential information
- Breached supervision obligations
Improper text messaging
Three individuals were fined and suspended — with one even barred from associating with any FINRA member — due to the improper use of text messaging, violating their firms' policies. The fines ranged between $5,000 and $10,000. This breach of communication protocols is crucial for maintaining regulatory compliance and preserving accurate records.
In each case, the individuals used unapproved text messaging services, preventing the preservation of communications as required by regulations. This not only led to incomplete recordkeeping but also compromised the integrity of the firms' compliance frameworks.
Adhering to approved communication channels, ensuring accurate record retention, and maintaining transparency in financial transactions remains a critical compliance concern for employees within financial firms. Regulatory sanctions serve as a reminder for financial professionals to prioritize compliance with established communication policies to help avoid legal and reputational consequences.
CFTC signals policy shift from “neither admit nor deny” to admissions of guilt in enforcement settlements
The Division of Enforcement of the Commodity Futures Trading Commission (CFTC) indicated potential changes forthcoming in enforcement resolution recommendations into financial sector misconduct.
Historically, settlements between the CFTC and firms accused of violations have permitted companies to resolve cases without admission of wrongdoing (or a “neither admit nor deny” approach). However, the Division stated it may now require admissions of infractions in some situations rather than defaulting to the past settlement norm.
Compelled admissions promote accountability and serve to deter future violations according to regulators. This echoes a similar statement in 2021 from the SEC signaling potential changes in settlement practices.
In addition to seeking acknowledgement of violations, the CFTC Division outlined intentions to recalibrate calculation methods for civil monetary penalties. The goal of these updated enforcement policies is to ensure fines better reflect updated priorities around preventing ongoing industry misconduct through impactful sanctions.
As a result, financial penalties for non-compliance may exceed those levied in comparable past cases. Ongoing violations by recidivist firms will also be factored into penalty amounts in a departure from previous procedures.
Collectively these measures signal an emphasis by CFTC officials on asserting deterrence and spurring changes in behavior by regulated entities through stepped-up application of enforcement tools. The days of assuming boilerplate “no admit, no deny” settlements as standard practice appear to be over.
Ensure adequate compliance infrastructure
Effective communications compliance is a fundamental yet often overlooked aspect of financial firms' regulatory duties.
As shown by the recent $500,000 Massachusetts regulators fine, gaps in oversight of customer communications can accumulate over years. In this case, the firm had just one compliance employee monitoring hundreds of thousands of accounts, making it impossible to properly screen and address the volumes of client correspondence received.
To prevent such issues, firms should conduct regular assessments to determine the appropriate number of compliance personnel based on the scale and nature of their operations. This proactive approach ensures that firms can meet regulatory obligations and maintain the integrity of their financial services operations.
To enable appropriate surveillance, firms must consistently evaluate communication workloads, scale oversight staffing accordingly, and consider various channels such as email, mobile apps, and social media. As digital engagement continues to accelerate, financial institutions must make ongoing improvements to align with regulatory mandates.
By investing in and consistently optimizing communications compliance, these institutions can demonstrate their commitment to both clients and regulators. The risks associated with weak oversight far outweigh compliance costs, emphasizing the imperative nature of building vigorous compliance structures and addressing potential regulatory challenges proactively.
Another firm was recently censured and fined $3 million for deficiencies in its supervision of trading activities. According to regulators, the firm failed to adequately monitor potentially manipulative trades, including marking the open or close, prearranged trading, and wash sales.
The firm's surveillance alert review process was found to be inadequate, primarily due to insufficient staffing and resources. This resulted in:
- Over one million system alerts exceeding predefined risk thresholds were neglected
- Significant delays observed in the firm’s review of internal system alerts
- Front-line staff were able to close alerts without appropriate supervision by senior management
Additionally, the firm lacked reasonable written procedures for evaluating potentially manipulative trading patterns.
Regulators highlighted these supervisory gaps as a key factor enabling customers to engage in trading activity that exhibited red flags without prompt follow-up. Sufficient compliance personnel and controls are vital to identify and respond to signs of manipulation. The enforcement action serves as a reminder of the importance of devoting adequate attention and resources to monitoring for abusive practices.
What this means for 2024
As shown by recent regulatory actions, financial services firms must prioritize building vigorous and adaptable compliance frameworks centered on communications oversight. Sufficient staffing, updated policies, and continuous process improvements are essential to address the risks of non-compliance – from recordkeeping gaps to information security vulnerabilities.
While expanding digital channels create new supervisory challenges, firms that proactively evaluate workloads and invest in compliance measures can meet rising regulatory expectations. Appropriate admissions, penalties, and remediation commitments also serve accountability aims when violations do occur. Overall, the imperative for financial institutions is to foster an organizational culture valuing transparency, integrity, and regulatory partnership through adequate resourcing and controls.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US