What’s an odd text message here or there about business between two brokers? To H.C. Wainwright & Co., LLC, it was $1.5 million in fines. In September 2022, this FINRA brokerage firm was fined for failing to preserve and reasonably supervise its employees’ business-related text messages.
In the fall of 2022, this firm - among more than a dozen others - was part of a series of investigations and fines of financial firms violating the rules of FINRA and the SEC due solely to off-channel communications.
It’s the responsibility of financial institutions and online marketplaces to ensure business-related communication occurs only through approved and supervised channels. Since these organizations are responsible for having a record of all company communications related to business, off-platform communications need to be prevented and stopped. Both fraud and Trust & Safety teams will need to be diligent about preventing off-channel communications to ensure they have adequate records - and avoid potential penalties.
So, what qualifies as off-channel communication? Let’s dive in.
Off-channel communications - sometimes referred to as off-platform communications - are when members of an organization bound by FINRA and the SEC use an un-approved form of communication to discuss business, and is typically done through text messaging or online messaging services.
These include text messages, social media, and internet-based messaging platforms such as WhatsApp or WeChat, and it includes anything that is considered ‘business communications.’ The rules set by regulatory bodies regarding off-platform communications are in place to prevent fraud and malicious behavior, and are enforced vigilantly.
In September 2022, the SEC charged 16 Wall Street firms with recordkeeping failures that ran each organization from $50-125 million each, totaling fines of $1.1 billion. The fines occurred because from January 2018 to September 2021, the firms’ employees routinely communicated about business matters by texting with their personal phones.
It is a violation of SEC Rule 17(a), SEC Rule 204-2, FINRA Rule 4511, FINRA Rule 3110, and FINRA Rule 2010 to not be able to produce business-related text messages. In the UK, the Financial Conduct Authority (FCA) also upholds these standards.
Individual fines (of a broker for example) in the tens of thousands, organizational fines in the hundreds of millions, and suspension of FINRA membership are among some of the penalties for violating these rules. Financial institutions and online marketplaces that are responsible for keeping these records need to do their part to ensure they don’t fall subject to fines. For many companies, this type of failure can not only lead to fines, but can also cause reputational damage to the organizations.
Off-platform communications pose a significant threat to an organization looking to avoid fines or violate FINRA & SEC rules. There are a lot of essential factors to consider:
The SEC warned immediately after this large-scale investigation that they were just getting started, and that investigations will continue, and fines will increase. On the subject, SEC Chair Gary Gensler stated:
“Make no mistake: If a company or executive misstates or omits information material to securities investors, whether in an earnings call, on social media, or in a press release, we will pursue them for violating the securities laws.”
To those responsible in any way for compliance at an eCommerce marketplace or financial organization, preventing and enforcing these rules is critical to avoiding fines. There are clear best practices that can be followed to avoid the mistakes made by the organizations already fined, and who now have updated their compliance policies to reflect these guidelines:
This might seem simple, but a prohibitory policy on off-channel communication is not nearly enough. This policy must be in place, all employees at all levels must be aware of it, it must take reasonable steps to prevent off-platform communication, it must actually collect data from employees, it must be easily enforceable, and it must be enforced - regularly.
Begin by considering every step below, and incorporating how each aspect is reflected in your policy.
To not be in violation, you must actually have surveillance protocols in place that can identify off-channel communications about business activities. You must collect data from employees’ personal devices, and retain that information over time to prove that it was done in case of an investigation.
That information also must be reviewed regularly, and communicated to the proper channels, which ideally would be a communications supervisor.
The amount of vigilance required to follow SEC & FINRA rules necessitates a designated supervisor who can review text messages or other off-platform messages. This person must be responsible for actually reviewing the employee surveillance, managing access to proper communication for employees, and escalating issues.
If the firm does nothing to preserve or review the off-platform messages collected, they are failing to reasonably supervise them.
With a designated supervisor, you must have clear-cut guidelines for the supervisor to follow and enforce. All of the following aspects should be reflected in the supervisor’s process:
Employees must be provided with training on proper communication techniques that follow your policy, as well as easy access to approved channels of communication, and the ability to complete their work within those channels. It should not be necessary in the first place for employees to text each other on their personal devices.
Senior team members and managers must send clear messages about which channels are authorized and which aren’t, and they must do this regularly. All new employees must be aware of it during onboarding, and all changes should be explained and incorporated into the continued training of employees.
Employees must be penalized for using off-channel communications, and not lightly. Just because this occurred and the firm noticed it rather than the SEC, this is still a violation, so the consequences should be appropriate given the violation.
You must also establish a system where other employees who are aware of off-channel communications must report them, or otherwise be considered complacent and equally penalized. If employees are aware this is occurring yet not doing it themselves, this is a violation and a clear indicator to the SEC of willful wrongdoing - regardless of who the employee is that is aware (i.e. even if this is just another broker rather than a senior manager).
Make sure the process of how the policy is updated to reflect new regulatory changes is also clear. Conduct frequent risk assessments of the policy and adjust practices accordingly and promptly, because an airtight policy that covers everything except the most recent regulatory change is not an airtight policy.
Ensure these changes are communicated to everyone down the line - from new employees to existing ones to your communications supervisor to senior management to executives.
A proactive compliance program is the key to preventing off-platform communications, as well as the hundreds of other potential violations of SEC & FINRA rules. AML regulations and other consumer protection laws require many additional best practices.
While commonly associated with financial institutions, many eCommerce marketplaces are also bound by the same rules. It’s essential that business communications are kept on record; to make that happen, all communication needs to be conducted through the proper channels.
Unit21’s all-in-one solution optimizes all aspects of fraud and anti-money laundering compliance, including automatic SAR filing through an efficient Case Management system.
Schedule a demo of Unit21 today to see how it could help enhance your compliance program.