Electronic Communications Compliance in Light of SEC Scan

Gurbir Grewal, the new director of the Enforcement Division of the Securities and Exchange Commission, gave a wide speech in October, providing his perspective on compliance and covering topics ranging from Reg BI to electronic communications record keeping. A few days later the news of the The horizontal scan of the SEC Broker-trader digital communication channel compliance was broken, resulting in an exclamation mark during the director’s presentation.

The continued business criticality of email systems coupled with the SEC sweep presents a perfect opportunity to review compliance best practices for digital communications. A reminder is also timely given the rapid adoption of new collaboration tools such as Zoom, Microsoft Teams, Slack, and Cisco WebEx during the pandemic.

The ground rules requiring broker-dealers to capture, maintain and supervise electronic communications can be found in SEC Rule 17a-4 (archiving and conservation in a non-rewritable, non-erasable format) as well as the FINRA rules 3110 (monitoring) and 2210 (communication with the public). FINRA has issued several regulatory notices relating to the use of social media and SMS as well as a set of Covid-19 FAQ in April 2020 and Advertising FAQ updates in September 2021, which provide requirements for collaboration and online video.

A key concept to keep in mind is that only communications relating to a broker’s “activities as such” under SEC Rule 17a-4 require retention and monitoring. This point can be confusing when considering the relevance of employee activity on personal devices and messaging systems. However, the SEC and FINRA take a strong stance on this issue: If a communication, regardless of where it takes place, relates to the business of the company, it should be kept and supervised.

In light of these regulatory requirements, below you will find quick summaries of how the SEC and FINRA rules apply to various digital communication channels. This overview takes a historical approach to explain how companies should approach electronic communications compliance frameworks in order to best align with regulatory expectations and prepare for the SEC sweep.

The old guard: legacy email, SMS and chat

Emails have been subject to the requirements of the SEC, FINRA, and virtually every other global financial services regulator for over 20 years. Messages from all company-issued email accounts should be captured, stored, and supervised. Employees cannot use personal Gmail, AOL, or Yahoo accounts to conduct business.

Likewise, older instant messaging systems like Skype, Bloomberg, and ICE Chat have long been subject to the same compliance checks as email. Finally, to complement the old guard, SMS and text messaging platforms (including iMessage and Android variants) fall into the regulated category.

Collectively, FINRA and the SECOND imposed millions of dollars in fines for the prohibited use of personal messaging, instant messaging and chat platforms and the associated supervisory failures. To describe the old guard’s approach to compliance in one word: “Weknowdis. “

Recent arrivals: social networks and ephemeral messaging systems

The early rise of social media platforms such as Twitter, LinkedIn and Facebook has prompted companies and regulators to question their business value and potential regulation. Based on the three FINRA regulatory notices described above, the use of social media for commercial purposes clearly falls within the regulated area.

A caveat here, however, excludes personal use of social media platforms to share non-commercial information such as charity events, job postings, and volunteer activities. FINRA said these non-business interactions do not trigger record-keeping rules, reminding companies that the content of a communication determines its relevance to compliance.

In a similar sphere are the “ephemeral” messaging platforms, which in their first incarnation included pre-video Snapchat, and now encompass WhatsApp, Signal, WeChat and others. While FINRA has made it clear that commercial communications as such on these platforms must be captured, retained and supervised, practical compliance has proven more difficult given the closed nature of these systems, where the capacity to capture and archive conversations is limited.

What’s new: collaboration, modern chat and video marketing

Finally, collaboration platforms like Zoom, Microsoft Teams and WebEx, the use of which flourished during the pandemic, pose new compliance challenges for businesses and regulators. Collaboration tools are based on traditional text-based communication models and incorporate dynamic features such as screen sharing, webcams, virtual whiteboards, audio, and file transfers.

Regulators recently issued guidelines requiring the capture, retention and supervision of many of these characteristics. FINRA’s September 2021 Advertising FAQ clarifies that under certain circumstances, screen shares, virtual whiteboards, and polls require retention and monitoring either before or after the conversation.

Modern chat platforms like Slack and Microsoft Teams chat also fit in here with compliance obligations spanning animated gifs, reactions, and emojis shared on them.

Finally, the growing popularity of visual voicemail messages and one-on-one sales videos created on platforms such as Vidyard and Kaltura has prompted FINRA to include online video compliance obligations in its advertising FAQs.

As emerges from the above discussion, the concept of what constitutes electronic communication under SEC and FINRA rules has evolved beyond the traditional notion of written person-to-person interaction. The visual capabilities of collaboration platforms, the dynamic functionality of modern chat systems, and video marketing applications now trigger many of the same regulatory compliance obligations as the old guard.

As a farewell feeling to the primacy of communications compliance regimes, keep in mind Grewal’s statement on the issue: “A proactive compliance approach requires that market participants do not wait for action. coercive puts in place appropriate policies and procedures to preserve these communications and anticipate these new challenges.

This column does not necessarily reflect the opinion of the Bureau of National Affairs, Inc. or its owners.

Write for us: Instructions for authors

Author Info

Marc Gilman is General Counsel and Vice President of Compliance at Theta Lake Inc. He is also an Assistant Professor at Fordham University School of Law. Follow him on Twitter: @marcwiki.

About Yvonne Lozier

Check Also

Verisk and LIMRA partner with Co

JERSEY CITY, NJ, and WINDSOR, CT., June 07, 2022 (GLOBE NEWSWIRE) — Building on the …

Leave a Reply

Your email address will not be published.