eComms are in the regulatory spotlight – is your firm ready to stand up to the scrutiny?


MyComplianceOffice (MCO) recently took a deep dive into the topic of eComms regulation and whether businesses are ready for it.

What makes eComms compliance especially challenging is that it’s constantly evolving. Compliance teams need to be able to monitor the communication channels that employees are using today and be ready for any innovations that tomorrow will bring.

Although it might be tempting for firms to enact policies that employees can only communicate via company landlines and email, it’s just not practical. Both customers and employees have come to expect quick and easy communications using electronic channels. It’s incumbent upon firms to protect themselves by monitoring and storing eComms to mitigate risk as part of an effective and integrated employee compliance program.

Regulatory enforcement has been aggressive

In recent months the SEC and CFTC have charged multiple Wall Street firms with widespread recordkeeping failures, handing down staggering penalties in excess of 1.5 billion dollars. Firms—including smaller ones—should only expect that the aggressive enforcement will continue.

As Sanjay Wadhwa, SEC Deputy Director of Enforcement, noted in an August 2023 release, “We know that other SEC-regulated entities have committed similar violations, and so our work to enforce industry-wide compliance continues.”

Common themes across the 30+ charges handed down from December of 2021 through August 2023 include:

  • Employees routinely sending communications regarding business matters using unauthorized apps and personal devices
  • Firms failing to preserve communications in violation of U.S. federal securities laws
  • Widespread failures to effectively enforce policies and procedures around communications compliance
  • Pervasive use of off-channel communications by personnel across all levels of the organizations, from junior associates to supervisors and senior executives
  • Failure of senior management to set the appropriate tone from the top to prevent misconduct

Regulators around the globe require proper preservation of electronic communications.

SEC Rule 17a-4 requires firms to maintain and preserve electronic records for three-six years depending on the type of record and communication in a non-rewriteable, non-erasable format to prevent alteration or deletion. Amendments to the rule adopted in October of 2022 provide that records can also be stored using an electronic recordkeeping system that maintains and preserves communications with a complete and demonstrable audit trail.

Chapter 10A of the FCA’s Senior Management, Arrangements, Systems and Controls Sourcebook requires firms to take reasonable steps to keep copies of electronic communications for at least five years. Firms must also take reasonable steps to prevent employees from using personal devices from which the firm cannot monitor and record communications for business purposes. In Europe, MiFID II requires covered firms to maintain records in a “durable medium” that can be easily accessed for five to seven years.  And in Canada, under IIROC’s correspondence rules, firms must retain communications for five years and be readily available by the agency for inspection at all times.

At MCO, we recommend that firms take a three-pronged approach to managing eComms.

Prevention: Proactively reduce non-compliant communication

A proactive approach to managing eComms is better than a reactive one. That approach starts with clear policies and procedures, plus controls around what needs to be done if those standards are breached.

Regular training ensures that employees are aware of expectations. Following up with attestations confirms receipt and understanding and provides proof for regulators and auditors. Required disclosures give insight on how employees are communicating – and opportunity to mitigate if the use of unapproved channels is disclosed.

Monitoring: Review communications in real-time across a range of sources

Comprehensive monitoring of eComms uncovers red flags and suspicious patterns of behavior that can indicate illicit activity.

We’ve heard from many firms that false positives can be an issue during the monitoring process. That’s where using the right rules and workflows comes in to efficiently screen out the noise. AI-based monitoring provides an even higher level of oversight, detecting complex patterns to spot suspicious behavior and identify risks.

As regulators use increasingly sophisticated tools, they will expect that firms are employing the latest in monitoring technology as well. The ability to identify the riskiest communications channels and message categories to uncover emerging risks and trends on both the organizational and employee level will help firms meet regulatory expectations. In addition, analyzing communications behavior in the context of other areas of employee compliance lets firms take an integrated view of behavior over time.

Archiving: Look for searchable and reportable multi-channel storage

Regulators expect that firms will have a solution in place to preserve eComms for efficient search and reporting that meets both the retention policies of the firm and the regulatory obligations the firm is beholden to.

Ideally, communications from all channels should be captured in a single archive for search and review, including data from third-party feeds. A single storage archive is easier to manage than siloed solutions for each channel. It’s also easier to spot patterns of concern when all relevant communications are stored in a single location providing consolidated reporting and search.

Take a comprehensive and proactive approach to eComms compliance with MCO.

 MyComplianceOffice’s eComms Keep and eComms Review solutions provide comprehensive communications monitoring and archiving management, enabling firms to:

  • Identify and understand eComms risk and patterns of misconduct across the firm
  • Reduce review and investigation time
  • Demonstrate compliance with regulatory requirements
  • Archive messaging in a single location for expedient search and compliance with recordkeeping
  • Improve compliance while protecting the firm’s brand and reputation

Keep up with all the latest FinTech news here.

Copyright © 2023 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.