2023 FINRA Risk Management Priorities: The Year of Digital Communications

Feb 16th '23

Note from the “author:”

This summary was produced by ChatGPT, with further editing representing 20% of the final copy. The impact of AI on financial services and communications with the public is enormous in light of recent announcements of the integration of OpenAI into Microsoft Teams and Google’s investment in its new Bard platform. More on that topic to come.


Featured Template 650x330 2 2
gotowebinar.com – recording


Smarsh recently hosted a webinar focused on Financial Industry Regulatory Authority’s (FINRA) 2023 Exam and Risk Monitoring priorities, focusing on the digital communications implications of the report. Elin Cherry, the Global Head of Compliance Services for Elinphant, a Softek company, shared her expertise in implementing compliance programs and conducting electronic communication review. Tiffany Magri, Smarsh Regulatory Advisor, brought her experience in compliance, risk management, and regulatory and policy analysis to provide insights on the current financial-service regulatory environment. Robert Cruz, VP of Information Governance at Smarsh, moderated the discussion.


Given the density of the report, Elin Cherry recommended that every item be read and evaluated in terms of its relevance to a particular firm. She suggested asking two questions for each item in the report:


  • Does this apply to my firm?
  • If so, are we covered (i.e., have we managed it well, and do we need to test it or address any weaknesses)?


Cherry also emphasized the importance of documenting the findings and addressing the highest-risk items.


Furthering the conversation, Magri underlined the importance of focusing on what applies to a firm and prioritizing the highest risks as identified by FINRA. She suggested adjusting your firm’s risk matrix as needed, then putting the findings through a compliance risk assessment throughout the year to fill any gaps and improve best practices.


The panelists then turned to three topics that directly impact digital communications:


  • Mobility
  • Updated recordkeeping requirements
  • Technology governance and cyber compliance


The Focus on Mobility

Mobility has become a front-and-center issue because of remote and hybrid work and recent enforcement actions for off-channel communications. Since individuals use their devices all day long, firms need to adjust their oversight strategies. Magri noted that the last two years accelerated the use of technology such as text messaging, social networks, and applications like WhatsApp, surfacing a key challenge of determining the gaps in a firm’s mobility strategy and ensuring that prohibited activities are not taking place. Regulators have taken a much more aggressive stance about being proactive in this area. Firms will need to address this by looking for prohibited activities, increasing their training, and redefining how they allow people to communicate.


Cherry shared that her clients are reacting by getting the ear of senior people, and the confiscation of phones from senior people at firms is sending the right message. However, attestations are not enough. Firms need to make sure they are proactive in protecting themselves from regulatory fines. In addition, senior levels need to understand the importance of ensuring that off-channel communications are not being used.


Given ongoing sweeps activities, both panelists agreed that all firms need to be on alert — from large to small and covering all segments of the industry — as noted by the recent Securities and Exchange Commission (SEC) action taken against hedge fund firms.


Updated Recordkeeping Requirements

The updated recordkeeping requirements under SEC 17a-4 have led to changes in the way firms are thinking about records management. The update focuses on a principle-based approach and attempts to harmonize regulation with current technology. Cherry highlighted that the update had generated questions from her clients regarding revisions to Letters of Undertaking, as well as third-party downloader requirements and the due diligence that firms must undergo when using cloud-service providers. She also highlighted that one of the biggest concerns from an operational standpoint is the process of reviewing the records and recreating them during a supervisory obligation or audit. Firms should ensure that their vendors understand the books-and-records, and don’t impede the firm’s ability to meet their regulatory obligations.


All panelists agreed that a shift towards an audit trail would not be a simple process, as it requires a log of everything that takes place for each individual record for each day of the year — and for each time a different communication type is used. The operational aspects of this process are difficult, and firms may not be willing to take on the risk. This is especially true when it comes to the trade-settlement process and other areas where vendors are involved.


Webinar attendees also raised questions regarding regulatory guidance on using video communications and recordings, natural-language processing, and models in the financial industry.


Magri noted that there is additional guidance from FINRA on the use of video technologies and how they should be integrated into communications with the public. Video content is being considered as business record by more firms and Magri encourages all firms to evaluate their policies and procedures in this area.


Attendees were also curious about the use of machine learning in conduct surveillance and electronic communications review. Magri noted she is seeing a lot of interest in natural-language processing and its potential to reduce the number of false positives in reviews and identify red flags that a lexicon-based review system may miss.


Cruz also noted that regulatory guidance on the use of artificial intelligence and natural language processing is expected, and that FINRA has indicated that it will be vocal on the topic. Cruz also expects the use of these technologies to increase in the industry, as it provides a way to address the variety of information which can escape a lexicon or human reviewer’s ability to understand.


Technology Governance and Cyber Compliance

Technology governance and cyber compliance is a crucial aspect of the financial industry, with organizations like FINRA increasing their department by 200% to deal with cybersecurity risks. The SEC has also put forth a yet-to-be-finalized cyber compliance rule that is expected to change the way companies approach technology governance and cyber compliance.


cybersecurity vs cyber compliance promos 1200x628


Magri highlighted that regulatory focus has shifted from solely the IT department. Compliance teams are being tasked with understanding third-party risk and the risk that may be present with cloud providers. The FINRA exam priority list highlights the importance of cyber and technology governance, focusing on the risk of financial crimes.


Cherry suggests vendor due diligence should be a top priority. At the same time, Magri adds that testing is crucial to identify areas of weakness and that it is essential to bring in outside sources for help with cybersecurity and IT, which can be intimidating for some. Both experts emphasized that technology governance and cyber compliance are increasingly important aspects of regulatory focus and that firms must take them seriously.


Key Takeaways

Considering the high visibility and focus on digital communications, firms must act in response to recent letters from FINRA and the SEC to implement a comprehensive plan for managing data and allocating the necessary resources to make it a success. Testing should also be ongoing, focusing on bringing outside sources of knowledge and collaboration, particularly in cybersecurity and IT.


It is also important for firms to increase their investment in keeping up with the latest technologies and tools, as the pace of change will only continue to accelerate. Firms must stay informed about new capabilities, social media platforms, and other trends that may impact their business to stay ahead of the curve.


As ChatGPT illustrates, the digital landscape is rapidly evolving, and firms must be diligent in their efforts to keep up. By prioritizing vendor due diligence, testing, and staying on top of technology, firms can harness the power of today’s digital communications while mitigating potential risks.



What Does the SEC 17a-4 Regulatory Recordkeeping Update Mean for You – Read now


Source: Smarsh


About Smarsh

Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. Smarsh provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.


Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.


Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.


About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.


We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


Need A Regulatory Marketing Compliance Consultant? A Bit More About Us


We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…


You can see our Google reviews here.