Off-Channel Communications: Debunking the Myths

Sep 18th '23

From the webinar: Mythbusting Prohibition: Is it really less work? by Stacie Craddock, Founder & Senior Consultant, Integrated Compliance Advisors and Tiffany Magri, Senior Regulatory Advisor, Smarsh.


Preventing employees from carrying out business-related communications over unapproved channels is critical to avoiding regulatory violations and fines, but there are a few misconceptions that can put a financial services firm at risk. In a recent Smarsh webinar, experts discussed these myths and how to mitigate the risk of these “off-channel communications” so that firms can avoid compliance gaps.


ssb 23 session 5 feat img



  • Myth #1: A prohibition policy is enough

“The reality is that general prohibition policies are no longer enough,” said Tiffany Magri, a senior regulatory advisor at Smarsh.


Advisers continue to rapidly adopt new ways of communicating with clients, but if these communications are occurring on prohibited channels, that puts the firm at risk of regulatory violations and fines if they are not being properly captured and preserved.


The U.S. Securities and Exchange Commission (SEC) has been clear that firms must adopt a proactive risk management posture to prevent employees from engaging in off-channel communications or using unapproved personal devices for business purposes if they are to meet their recordkeeping and supervisory obligations.


It starts with the “tone from the top,” as the SEC has emphasized in its recent enforcement sweep against firms resulting from senior management and compliance teams using prohibited channels for business purposes. In addition to the SEC, Financial Industry Regulatory Authority (FINRA) similarly indicated during its 2023 annual conference that its examination priorities will also focus on off-channel communications.


Senior management and compliance teams should do more than just talk the talk — they need to walk the walk. Rather than preaching about the risks of off-channel communications and taking no action, they must find ways to ensure employees are following the firm’s e-communication policy and procedures.


For firms that don’t yet have an off-channel communications policy or supervisory procedures, “what I would first do is review the SEC risk alerts,” said Stacie Craddock, senior consultant and founder of Integrated Compliance Advisors. “See what the regulators are seeing. Review those enforcement actions.”


Senior management and the firm’s compliance team should decide which communication channels the firm approves and implement a clearly defined e-communication policy and procedures. Once the compliance controls are in place, firms should enlist a records-retention vendor or decide how the firm will monitor communications themselves.


Regularly take inventory of all the communication channels that the firm’s employees and advisers use. “We suggest reviewing those on a quarterly basis for larger firms and then a semi-annual basis, or as needed as more channels come out and advisers are coming to you with questions on whether they can use [certain communication channels] or not,” Craddock said.


It’s also important to understand what business records the firm must keep to meet its record-keeping requirements and where to keep those records, Magri said.


  • Myth #2: Annual training is sufficient

Annual training is not sufficient to keep pace with new communication channels and ever-evolving regulatory requirements concerning off-channel communications. It’s necessary to hold refresher courses to keep employees up-to-date. Training should be viewed as a continuous process.


Employees should know what communication channels the firm approves as well as prohibits. “Reinforce that message regularly,” Magri said.


One way to do that is to issue an email newsletter that addresses, for example, any new regulations or enforcement actions resulting from violations of off-channel communications. Then, firms ought to integrate those into employee training as well.


As part of their training, employees should know what to do in the event they inadvertently engage in off-channel communications — such as a text message from a client. In this instance, the message or conversation goes completely undocumented. Firms should prep employees on answers to questions such as, “Who do I call? How do I manage that? How do I document for that?”


One best practice is for the firm’s Chief Compliance Officer (CCO) to have an open-door policy. “You definitely want to make sure people feel like they can come to the CCO or whoever is in charge of these policies and procedures should that action happen,” Magri said.


Post-employee training, employees should be required to attest that they understand the firm’s e-communications policy. To take those attestations one step further, if something is uncovered during a risk assessment, consider having employees acknowledge, “‘If you violate the policy, we’re allowed to look at your device to ensure that you’re not [engaging in off-channel communications].’ That’s really what the regulators expect — how are you controlling that environment?” Craddock said.


Magri also noted that firms should have a handle on what disciplinary actions to take, or what escalation procedures should be in place, in the event of a policy violation. Examples include:


  • Issuing a disciplinary warning
  • Clawing back executive compensation or bonuses
  • Terminating individuals at the center of the misconduct



  • Myth #3: It’s impossible to reasonably monitor for off-channel communications

Policies and procedures, training, and reasonable supervision of off-channel communications should be part of your compliance framework,” Magri said. When monitoring for off-channel communications, regulators expect firms to watch for red flags and follow up on them.


Lexicon searches are just one way to proactively detect potential misconduct, looking for keywords and phrases and potential off-channel communications in the datasets that the firm is already capturing. Firms should use lexicons to their advantage.


Additionally, firms should adjust their lexicons and monitoring practices to detect channel-hopping, which occurs when conversations transition from approved channels to off-channel communications. For example, a firm could institute the lexicons “Let’s take this conversation offline,” or “Text me.”


“If you’re doing a lexicon-based search, which I think is best within your archiving solution, update those words,” Craddock advised. As new off-channel communications arise, it’s important to keep those lexicons fluid, she said.


It’s also a good idea to adapt the firm’s lexicon search to accurately capture communications beyond text, to include emojis, GIFs, videos, and voice-to-text features that could also point to misconduct. Keep in mind, however, “in the eyes of the SEC, a text is a text,” Craddock said. “It doesn’t matter what’s in it.”


If a text is taking place over approved channels, “how is it being archived and reviewed and monitored? And if it’s happening over an unapproved channel, and it’s not being captured, “you’re out of compliance,” Craddock said.


Oftentimes, too, employees aren’t capturing internal communications taking place on approved platforms within their archiving processes — and not just communications with clients, but any internal business communications, Craddock said. So, another best practice is to have a review process in place to look for off-channel communications within permitted channels.


For example, FINRA has indicated that using visual aids — such as whiteboards, or a chat or instant messaging feature during a live, unscripted online presentation — could have consequences for the firm if those aspects of the presentation are not being supervised correctly. Magri advised that, “it’s crucial you’re capturing all those communications within your supervision framework.”


Firms should think about whether to go through older communications to see if there may be compliance gaps elsewhere. “Maybe take a look back and see how that’s going to affect what the firm is going to do with its policies and procedures going forward,” Magri said. It will also let the compliance team know that remedial measures need to take place.


  • Don’t ignore compliance gaps

Keep in mind, your firm might be required to self-report potential violations to regulators. While self-reporting a violation could still lead to a fine, you could find yourself in a more favorable situation going into an exam in the future. Regulators expect companies to mitigate that risk before they find out about a problem, so it will pay off to be proactive. Fixing the problem will always be a better option than ignoring it.


Source: Smarsh.


About Smarsh

Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. Smarsh provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.


Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.


Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit


About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.


We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Need A Regulatory Marketing Compliance Consultant? A Bit More About Us


Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…



Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.


Facebook | Instagram | LinkedIn | X (formally Twitter) | YouTube


Contact us