Federal regulators have cracked down on the use of texts messages and messaging platforms for business communications, using their broad authority to root out record retention violations, resulting in significant fines and sanctions. In 2022 alone, the Securities and Exchange Commission charged 15 broker dealers and one affiliated investment advisor with widespread and longstanding failures by employees to maintain and preserve their communications from 2018 to 2021. In August 2023, both the SEC and the Commodity Futures Trading Commission hit another 11 brokerage firms for a total of $550 million in fines, and one month later the SEC fined five more broker dealers with combined penalties of $79 million.
While the financial services sector is the first to face enforcement actions, other sectors could feel an impact too. The Federal Energy Regulatory Commission, for instance, has reporting requirements and enforcement authority for violations of certain preservation obligations related to ensuring market transparency. While FERC has yet to focus on off-channel communications, traders and compliance personnel should take steps now should they find themselves the target of a government investigation.
Moreover, the enforcement action need not relate specifically to the use of off-channel communications. Enforcement matters on other subjects regularly implicate use of mobile devices, and a record-keeping violation could easily manifest from an unrelated investigation.
If your company finds itself facing an enforcement action related to the use of off-channel communication, here are some best practices to follow to help ensure you have everything regulators might need and expect.
1. Create a Culture of Compliance.
Using WhatsApp and Signal often feels like you’re talking “off-the-record” to your co-workers. Because messaging apps are easier and more convenient than email, users tend to let their guard down. Regulators know this, which is why your company’s compliance practices need to evolve.
You can foster a culture of compliance by enforcing rules at the very top of the organization. Employees, no matter how senior, should face discipline if they aren’t following your company’s communications policies, or if they are actively instructing co-workers or reports to go off-channel to services like WhatsApp or Signal.
Practical Tips
- Require all written electronic workplace communication take place on company email and sanctioned messaging services.
- Ban employees from workplace messaging platforms and apps, such as Signal and WhatsApp, which automatically delete messages, unless your organization has implemented software to capture these communications.
- Preserve and retain business-related email records and messaging records; disable auto-delete functions for any device used for business-related communications.
- Use multi-factor authentication on any mobile devices that access workplace data.
- Instruct employees to comply with the policy.
- Tailor your policies to your particular industry. FINRA members, for example, need to comply with Rule 3110, which requires surveillance of employee electronic communications to monitor for market manipulation, insider trading and other potential securities law violations.
2. Communicate Honestly.
Employees should be encouraged to come forward if they inadvertently violate a policy in good faith. They should also be aware that sending a message to move the conversation “offline” could trigger additional scrutiny. Regulators will also notice and raise suspicions if there’s a communications gap during a period when a trader was busy and should’ve left a record of messages.
Open and honest internal communication is essential for any business to function properly. While notifying employees that their electronic messaging records are being monitored and preserved could have a “chilling” effect, it’s likely they will adapt to passive surveillance of their communications.
Practical Tips
- Communicate your company’s policy and notify employees that their workplace communications are subject to surveillance.
- Explain the consequences on the company of employees’ failure to comply.
- Hold regular trainings on the policy.
- Require employees to self-certify that they are following the policy.
- Have employees fill out questionnaires about which messaging apps they use for work.
- Understand where communications are taking place and adjust policies to address new technologies and messaging apps.
- Consider whether to self-report employee non-compliance to the appropriate regulatory agency.
3. Embrace New Technologies for Solutions.
Developing technology could help address the use of off-channel communications in the workplace. For example, several software products have already been introduced to help preserve work-related messages, with more on the horizon. WhatsApp, for example, has introduced an enterprise version that archives messages, while some apps allow for separate accounts for work applications. Mobile device management software could also be used to ensure compliance with company and regulatory obligations.