The Big Question at SIFMA C&L Orlando: “Can We Just Be Done with Off-Channel Enforcement Now?”
"Can we just be done with off-channel enforcement now?”
That was asked by a senior member of a major law firm to a regulator during the main-stage interview that kicked-off the SIFMA C&L conference in Orlando.
He continued with, “Can’t we all just stop text messaging?” This references an earlier interview with SEC Enforcement Head, Gurbir Grewal, who stated that enforcement actions are producing the intended result in changing firm behavior.
The contrast in the two questions — asked by a single person — provides a good snapshot of where the industry stands now nearly two years into the regulatory focus on the use of unapproved communications tools: they’re wildly divergent views on even the basic root cause of the issue.
No, people will not just stop using text messaging. And the issue is not even about text messaging, WhatsApp, or any other technology. It’s about behavior. The fact that we continue to discuss it and search for best practices highlight that it remains embedded in many parts of the industry as a reality of how business has always been done.
We also continue to discuss it, because the very next day produced two more enforcement actions from the CFTC.
Off-channel was the most discussed topic of the conference, right alongside the use of generative AI (which we will touch on in an upcoming blog). Off-channel was discussed in so many conference sessions that the only thing missing was off-channel survival swag, complete with aspirin, earmuffs and sleeping masks.
We did manage to pull together a very well attended break-out session on the topic, picking up on where some of the earlier discussions left off. Our big thanks to FTI Consulting’s John Goff, Reed Smith’s Anthony Diana and EY’s Abishek Chaki in sharing their time and insights.
Here are some of the key takeaways from that discussion.
Question 1: Have enforcement actions been effective in changing behavior?
Our panel offered a qualified yes – firms are now aware, as was witnessed by the full house of senior-level compliance and legal executives in attendance. The qualified aspect is that we continue to hear examples of firms who view the use of unapproved tools as a part of doing business, in particular to personal mobile devices. Business will not be deterred if that is the way that engagement with their most important clients has been done. However, the decrease in average settlement sizes that we’ve seen since January does seem to be having an impact. While none of the regulators have offered a step-by-step roadmap toward the highly prized “cooperation credit,” firms do appear to be paying close attention to the language in settlement letters resulting in smaller fines. Many of these letters outline the involved firm take steps that include proactive inspection, self-reporting and remediating gaps in compliance controls.
Question 2: What did firms do in 2023 to improve visibility into this topic?
The panel agreed that many firms have implemented changes in policy and procedures and training programs as we have also seen in our own Smarsh data . That has included expanding processes to evaluate new tools for potential risks evaluating existing supporting tools as they deploy new features and capabilities, such as Microsoft’s launch of Co-Pilot that is embedded into Teams and other M365 tools.
That challenge with existing tools is very frequently raised as a top concern, that technology providers continue to add new features and capabilities into collaborative and conferencing platforms such as white boards, break-out rooms, and voice and video recording.
Panelists also noted that some rationalization of communications tools is happening, driven both by the incremental risk as well as increasing pressures on financial services firms to cut costs. As one panelist noted, there are examples where firms have chosen to ‘turn off-channel on” by examining:
- How an unsupported tool is currently being used
- What benefit is being produced to the business, either in the form of client satisfaction or internal productivity
- Whether a reliable means of capture of that technology currently exists in the market
Some tools, like ephemeral messaging apps like Snapchat, may never be suited for purpose. But many can be leveraged and yield a complete and accurate historical record as required under SEC 17a-4 and other requirements.
Question 3: What do we expect to happen over the course of 2024?
Our discussion around this question led to a very consistent conclusion that this challenge is far from over. In fact, we’ve said many times that compliance gaps never disappear. They only move to the next technology that emerges.
What results is a perpetual game of whack-a-mole, where the job of compliance simply moves to the next target. What our panelists felt strongly about is that the newer modalities of collaborative platforms such as Microsoft Teams and Zoom are very likely to find themselves as the source of future regulatory action.
What also appears inevitable is that topic will not be the exclusive domain of financial services regulators. The Department of Justice stated that they will be examining corporate compliance programs to assess how firms are addressing this topic. This likely means that the impact of off-channel communications on e-discovery and non-regulatory driven investigations is likely only the first large case away from becoming reality.
What remains for firms are the harder questions regarding changes in oversight practices.
For some, that means continuing to tune lexicons past their high false positive rates toward greater effectiveness in being able to spot the leading indicators that off-channel activities may be happening. For others, this will mean continued acceleration in their use of large language models specifically built and designed to uncover patterns and behaviors, while addressing the regulatory explainability requirements from FINRA and the SEC.
What lies ahead is the continued search for best practices. For our expert network of advisory firms and ICCs, we will continue the dialog with firms and industry influencers to spot emerging practices that will help the industry come closer to a common understanding of the risks of off-channel communications, and the most effective approaches to protect their businesses.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US