End of 2023 Sets Tone for Admission and Voluntary Self-Remediation in 2024


INSIGHT
Published
Jan 16th '24
Share
Facebook

Last year was a whirlwind of regulatory enforcement actions, and the final quarter of 2023 proved to be more of the same. By looking at the fines and penalties regulatory agencies are imposing on financial services firms and individuals, we can discover trends regulatory agencies like Financial Industry Regulatory Authority (FINRA), Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) are prioritizing for 2024.

 

Inadequate supervision of MNPI

A financial services firm was recently censured and fined $100,000 for inadequate supervision of material non-public information (MNPI), with regulators calling out substantial gaps in communications controls. According to regulators, the firm lacked sufficient policies and procedures between April 2019 and December 2021 to prevent potential misuse of MNPI, despite operating an investment banking business. The firm exhibited glaring deficiencies in processes related to communications and information security:

 

  • No controls verifying supervisors reviewed employee emails and communications
  • No controls verifying supervisors were properly authorized to access sensitive information
  • Systems failed to reliably track and monitor affiliate staff with access to MNPI obtained through emails and shared drives
  • Delays adding issuers to MNPI restricted trading lists after emails and meetings where confidential details were exchanged
  • There weren’t timely reviews of securities transactions in personal brokerage accounts of employees who may have been influenced by email tips or shared documents

 

Regulators noted that these significant issues with communication channels and information security were first flagged in March 2019 but persisted, culminating in formal disciplinary action. The enforcement action calls on the firm to prioritize enhancing oversight of internal access, usage tracking, and monitoring related to material non-public and other confidential information obtained through emails, shared folders, instant messages and virtual meetings.

 

Non-compliance with recordkeeping and privacy rules

A U.K. financial services company was fined $140,000 by industry regulators for non-compliance with recordkeeping and privacy rules. Specifically, the firm:

 

  • Failed to record all oral communications by brokers, who were using personal cellphones, violating a rule requiring firms to keep records of all business-related communications
  • Allegedly failed to prevent brokers from improperly disclosing customers’ confidential information
  • Breached supervision obligations

 

Improper text messaging

Three individuals were fined and suspended — with one even barred from associating with any FINRA member — due to the improper use of text messaging, violating their firms’ policies. The fines ranged between $5,000 and $10,000. This breach of communication protocols is crucial for maintaining regulatory compliance and preserving accurate records.

 

In each case, the individuals used unapproved text messaging services, preventing the preservation of communications as required by regulations. This not only led to incomplete recordkeeping but also compromised the integrity of the firms’ compliance frameworks.

 

Adhering to approved communication channels, ensuring accurate record retention, and maintaining transparency in financial transactions remains a critical compliance concern for employees within financial firms. Regulatory sanctions serve as a reminder for financial professionals to prioritize compliance with established communication policies to help avoid legal and reputational consequences.

 

CFTC signals policy shift from “neither admit nor deny” to admissions of guilt in enforcement settlements

The Division of Enforcement of the Commodity Futures Trading Commission (CFTC) indicated potential changes forthcoming in enforcement resolution recommendations into financial sector misconduct.

 

Historically, settlements between the CFTC and firms accused of violations have permitted companies to resolve cases without admission of wrongdoing (or a “neither admit nor deny” approach). However, the Division stated it may now require admissions of infractions in some situations rather than defaulting to the past settlement norm.

 

Compelled admissions promote accountability and serve to deter future violations according to regulators. This echoes a similar statement in 2021 from the SEC signaling potential changes in settlement practices.

 

In addition to seeking acknowledgement of violations, the CFTC Division outlined intentions to recalibrate calculation methods for civil monetary penalties. The goal of these updated enforcement policies is to ensure fines better reflect updated priorities around preventing ongoing industry misconduct through impactful sanctions.

 

As a result, financial penalties for non-compliance may exceed those levied in comparable past cases. Ongoing violations by recidivist firms will also be factored into penalty amounts in a departure from previous procedures.

 

Collectively these measures signal an emphasis by CFTC officials on asserting deterrence and spurring changes in behavior by regulated entities through stepped-up application of enforcement tools. The days of assuming boilerplate “no admit, no deny” settlements as standard practice appear to be over.

 

Ensure adequate compliance infrastructure

Effective communications compliance is a fundamental yet often overlooked aspect of financial firms’ regulatory duties.

 

As shown by the recent $500,000 Massachusetts regulators fine, gaps in oversight of customer communications can accumulate over years. In this case, the firm had just one compliance employee monitoring hundreds of thousands of accounts, making it impossible to properly screen and address the volumes of client correspondence received.

 

To prevent such issues, firms should conduct regular assessments to determine the appropriate number of compliance personnel based on the scale and nature of their operations. This proactive approach ensures that firms can meet regulatory obligations and maintain the integrity of their financial services operations.

 

To enable appropriate surveillance, firms must consistently evaluate communication workloads, scale oversight staffing accordingly, and consider various channels such as email, mobile apps, and social media. As digital engagement continues to accelerate, financial institutions must make ongoing improvements to align with regulatory mandates.

 

By investing in and consistently optimizing communications compliance, these institutions can demonstrate their commitment to both clients and regulators. The risks associated with weak oversight far outweigh compliance costs, emphasizing the imperative nature of building vigorous compliance structures and addressing potential regulatory challenges proactively.

 

Another firm was recently censured and fined $3 million for deficiencies in its supervision of trading activities. According to regulators, the firm failed to adequately monitor potentially manipulative trades, including marking the open or close, prearranged trading, and wash sales.

 

The firm’s surveillance alert review process was found to be inadequate, primarily due to insufficient staffing and resources. This resulted in:

 

  • Over one million system alerts exceeding predefined risk thresholds were neglected
  • Significant delays observed in the firm’s review of internal system alerts
  • Front-line staff were able to close alerts without appropriate supervision by senior management

 

Additionally, the firm lacked reasonable written procedures for evaluating potentially manipulative trading patterns.

 

Regulators highlighted these supervisory gaps as a key factor enabling customers to engage in trading activity that exhibited red flags without prompt follow-up. Sufficient compliance personnel and controls are vital to identify and respond to signs of manipulation. The enforcement action serves as a reminder of the importance of devoting adequate attention and resources to monitoring for abusive practices.

 

What this means for 2024

As shown by recent regulatory actions, financial services firms must prioritize building vigorous and adaptable compliance frameworks centered on communications oversight. Sufficient staffing, updated policies, and continuous process improvements are essential to address the risks of non-compliance – from recordkeeping gaps to information security vulnerabilities.

 

While expanding digital channels create new supervisory challenges, firms that proactively evaluate workloads and invest in compliance measures can meet rising regulatory expectations. Appropriate admissions, penalties, and remediation commitments also serve accountability aims when violations do occur. Overall, the imperative for financial institutions is to foster an organizational culture valuing transparency, integrity, and regulatory partnership through adequate resourcing and controls.

 

FEATURED WHITEPAPER: Generative AI and Compliance

 

Source: Smarsh. Author: Tiffany Magri Regulatory Advisor at Smarsh

 

About the author: 

As a Regulatory Advisor at Smarsh, Tiffany monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.

 

About Smarsh

Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. Smarsh provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.

 

Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.

 

Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.

 

About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.

 

We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.

 

Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.

 

Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.

 

Explore our full range today.

 

Need A Regulatory Marketing Compliance Consultant? A Bit More About Us

 

Contact us

 

Why Not Download our FREE Brochures! Click here.

 

Call Us Today on 020 8087 2377 or send us an email.

 

We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…

 

FOLLOW US

Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.

 

Facebook | Instagram | LinkedIn | X (formally Twitter) | YouTube

 

Contact us