As more firms begin to allow the use of mobile communication channels, the need for robust books and records and supervisory controls is paramount. Firms understand that these tools are critical for meeting regulatory compliance obligations and reducing the risk of an enforcement action.

The Securities and Exchange Commission (SEC) has begun cracking down on off-channel communications and, between September 2022 and August 2023, the SEC brought 30 enforcement actions. The SEC also ordered more than $1.5 billion in combined penalties for what the SEC called “widespread and longstanding failures” by financial services firms and their employees to maintain and preserve electronic communications.

Enforcement sweeps like these force firms to pay more attention to their employees’ mobile communication activities. “They are thinking about this a little bit more,” said Steve Boyd, director and head of the Miami office for Optima, a consulting and regulatory services firm. “They’re asking the right questions and trying to be on the right side of it.”

In our recent webinar, “Mobile Apps are the New Email: Is Your Firm Compliant,” experts discussed best practices for implementing policies and procedures and supervisory practices that enable compliant mobile communication. Below is a summary of key points from that discussion.

Firms must grasp which mobile apps they use – both from a marketing standpoint and from the perspective of communicating and engaging with clients. From there, put the proper guardrails in place by pinpointing the firm’s books and records and supervisory obligations around their compliance obligations. “Always make sure that you are not using anything you can’t capture, retain, and supervise,” Magri said.

Policies need to be structured in a way that’s achievable for the firm based on its size, culture, and business approach. “There is no blanket policy that’s going to work for [all firms],” Boyd said.

For example, when considering whether to implement a bring-your-own-device (BYOD) policy, cost savings will likely be the most important factor for a small firm just starting out. For firms with greater resources – enough to issue corporate-owned devices – security considerations will likely be at the top of their list, Boyd noted.

Policies and procedures also should address how to handle any one-off situation that might arise in the event business-related communications are received over unapproved channels. Specifically, employees should know who to call and what steps to take to combat compliance gaps.

Boyd provided an example wherein a portfolio manager at a fund received text messages from a trader. “You want to make sure that there is a policy that allows you to then forward that to a specific email address or get it back onto an email or a messaging platform that will then archive that message,” he said.

Policies and procedures should also cover what disciplinary actions will be taken for non-compliance, such as disciplinary warnings, bonus or compensation clawbacks, or even suspensions or terminations in egregious cases. “Also, make sure to document that, as well as any remedial actions taken,” Magri said.

Many firms today choose to capture all communications because it’s often too difficult to delineate between which communications should be captured and which should not, Boyd said. “Therefore, by default, everything becomes a business record,” he said.

“As compliance [officers], it’s your obligation to supervise, but it’s also your obligation to educate,” Boyd added. Reminding folks verbally during large team meetings or department gatherings is one way. Sending out periodic emails reminding employees about the firm’s mobile communication policy is another way.

In addition to training and education, employees also should have to attest, preferably on a quarterly basis, that they comply with the firm’s electronic communication policies and procedures, “so that you’re getting their word,” Boyd said. These check-ins also keep compliance top of mind for employees and remind them of the seriousness of only using approved communications channels.

From a supervisory standpoint, it’s critical to have the right set of lexicons in place and to update those at least annually, or even more frequently as new apps are introduced. Meta’s new social networking website, Threads, is one example. “Have you included something about Threads in your lexicons in the last month or two to see if people are now moving over to Threads?” Magri said. Monitoring trending channels and getting a lay of the land will help firms stay on top of compliant communications practices.

Boyd noted that other language to watch for that could point to non-compliant behavior includes:

“These are [key phrases] that give compliance officers pause,” Boyd said.

Lastly, Magri advised that firms make sure to conduct ongoing evaluations around the firm’s mobile application channels. “Particularly as new features are added to those applications, make sure those communications can still be captured,” Magri said.

For example, firms need to think about how to capture and put supervisory controls around emojis and gifs, and voice-to-text features, that could signal off-channel business communications, which regulators have signaled they are paying more attention to.

Source: Smarsh. 

About Smarsh

Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. Smarsh provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.

Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.

Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.

About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.

We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.

Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.

Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.

Explore our full range today.

Need A Regulatory Marketing Compliance Consultant? A Bit More About Us

Contact us

Why Not Download our FREE Brochures! Click here.

Call Us Today on 020 8087 2377 or send us an email.

We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…

FOLLOW US

Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.

Facebook | Instagram | LinkedIn | X (formally Twitter) | YouTube

Contact us