REGULATORY ALERT: SEC Targets Its Own Staff’s Text Messaging


INSIGHT
Published
Apr 30th '24
Share
Facebook

By Robert Cruz. Vice President, Information Governance at Smarsh.

 

This month, the Security and Exchange Commission (SEC) announced that it is moving toward a ban of third-party messaging apps and text messaging from employee’s work mobile phones.

 

The move, which, in theory, demonstrates a move toward its own enforcement standards in the financial services industry, will likely produce other dynamics that have led firms to the conclusion that it is a dynamic and unsolvable challenge.

 

The SEC states that it is an attempt “to reduce potential risks” by blocking access to apps on agency-controlled infrastructure and devices, where vulnerabilities and recordkeeping challenges can be created. The move, which began with removing third-party apps in September, now adds text messaging as of March of this year. As with the case of financial services firms, a combination of technology controls, policy updates, and employee training would accompany the change. It is believed that the Commodity Futures Trading Commission is considering whether to follow suit.

 

Potential risk vs. benefit?

What is not clear from the announcement is the due diligence conducted by the agency to assess how text messaging and mobile applications are being used by employees, including the benefits to the agency in productivity or response time. Are staff members able to conduct investigations more efficiently, communicate faster, or collaborate on a third-party application more effectively than through agency approved tools, including email?

 

This question is essential for any organization attempting to stay updated with technology. We’ve learned that the use of unapproved communications tools happens for three primary reasons:

 

  • Because the tool works better.
  • Because of push from your constituents or clients.
  • By those with intent on wrongdoing and who are attempting to avoid detection.

 

Of those three, the latter is a small minority. Consequently, most financial services organizations have responded to off-channel enforcement by re-examining their cost-benefit-risk decision-making processes to ensure that business benefits can be properly evaluated against the regulatory, data security, privacy, and IP risks that may arise. For example, suppose the business case shows that a tool can enable productivity or greater efficiency. In that case, the analysis shifts toward policy adjustments and available technology controls that ensure that historical records can be securely captured and preserved. If that case cannot successfully be made, then an alternative messaging app can be explored to make mitigating the risk easier.

 

The risk never leaves

However, as we’ve seen over time, compliance gaps never leave. They can evolve and move, but the risk that employees either accidentally or intentionally wind up on an unapproved tool or device is only as far away as the nearest social app on a personal phone. Chairman Gensler himself has stated that the issue is not addressed by policies alone, and firms need to demonstrate that they are actively monitoring their internal adherence to their policies. This is the hard part, but it’s also the part that puts us in control. Even with a prohibition policy, firms need to be confident that hot spots are not springing up somewhere in the organization, where they need to focus additional action on changing behavior. That is the stated goal of the SEC: to change behavior, and we have the power to make that change through active monitoring.

 

The whack-a mole-problem

What makes this challenge unsolvable is that it is dynamic. WhatsApp and text messaging are already being out-innovated by newer tools that simply work better. This is largely due to the proliferation of generative AI now being integrated into virtually every application that has a messaging feature. That’s the hard part, and every firm will continue to spend resources chasing new tools as they emerge. This is the whack-a-mole problem.

 

As we’ve heard from the industry, best practices around off-channel communications continue to evolve, and we continue to lack a prescriptive formula to mitigate the risks. This creates a great opportunity for the SEC to signal to the industry the proactive steps they’ll take in their own internal enforcement of this policy.

 

FEATURED E-BOOK: Off-Channel Communications: Exploring Impact and Emerging Best Practices

 

Source & image: Smarsh

 

About the author:

Robert is Vice President, Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.

 

About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.

 

We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.

 

Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.

 

Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.

 

Explore our full range today.

 

Need A Regulatory Marketing Compliance Consultant? A Bit More About Us

 

Contact us

 

Why Not Download our FREE Brochures! Click here.

 

Call Us Today on 020 8087 2377 or send us an email.

 

We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…

 

FOLLOW US

Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.

 

Facebook | Instagram | LinkedIn | X (formally Twitter) | YouTube

 

Contact us