We knew that it wouldn’t be long before regulatory authorities began flexing their enforcement muscles. COVID isn’t contained, but, nearly two years into the pandemic, we’ve more or less learned to live with the virus. That said, the authorities appear to be in general agreement when it comes to their efforts to begin ratcheting up Electronic Communications compliance. Financial firms who are not adequately tracking employees’ messages across all channels, be warned. The authorities are coming for you.
Previously, we covered the emerging story around the monitoring of social media. The waters there are murky. Guidelines are still lacking. As it stands, most firms have reasonable control and compliance checks when it comes to the posts made by and on behalf of their firm.
In contrast, current policies are generally and woefully inadequate when it comes to defining what a broker can say and do on social media with their personal accounts. Even anonymized accounts held by people that don’t specifically reference their employers are now in the crosshairs of the Securities and Exchange Commission (SEC) and other regulators. The recent $4 million dollars fine against MML Investors Services, a subsidiary of MassMutual, suggests that the SEC is just getting started.
The sweep has started
Reuters reported on 12-October-2021 that the SEC had begun its sweep on Wall Street. Three anonymous sources alleged that numerous banks have recently been contacted by SEC enforcement agents. Purportedly, the check-ins weren’t social calls: it appears that the SEC has begun formally inquiring how banks are tracking employees’ e-Communications, particularly on personal devices. The move illustrates how regulations and compliance measures in response to those regulations are shifting in this pandemic era. What will be interesting to watch closely is if these inquiries, and this sweep in general, escalate into a full-fledged probe.
Perhaps it’s an initial warning that affords financial firms a bit of time to prepare for the onslaught that could be coming. Prior to the appearance of COVID, compliance officers had their work cut out for them, tracking e-Comms on work-approved devices, and walking the trading floor. But those days are long gone.
Records preservation of those E-Comms is another part of the equation. In August 2021, JP Morgan revealed that it was in discussion with regulators regarding efforts the global financial giant was made to track and store messages that were being sent by their brokers using personal devices. No resolution has been announced but the outcomes of those negotiations could have wide-reaching implications for the industry at large.
As it currently stands, The Financial Industry Regulatory Authority and the SEC require that all business-related communications are maintained by broker-dealers. Part of the challenge is defining the line between communications that are personal versus business-related as that line is frequently blurred. Firms need to uphold compliance. However, they must be sensitive to the personal privacy rights expected by their employees. When there’s a lack of clarity around definition, there is bound to be fallout.
The rules are…
Two of Morgan Stanley’s most senior executives in commodities were ousted from the firm about this time last year (Autumn 2020). Both had been corresponding about work matters on WhatsApp despite clear policy – but no law – prohibiting them from doing so. Morgan Stanley felt strongly that their executives should lead by example and uphold the firm’s policies which are amongst the most stringent in the industry.
The laws are very clear about recording and retaining all correspondence between brokers, between brokers and their clients, and other parties. Any correspondence related to the size of the deal, the timing of the trade, the pricing of the asset, and so on, must not only be recorded and stored, but the firm must also be able to produce it on demand at the behest of the SEC. That’s where many firms get into trouble and encounter the wrath of regulators.
So, what are the rules around Communications? The SEC has an extensive list of proposed rules, but none specifically reference the use of personal devices and Electronic Communications on those devices. A search of “social media” in the Final Rules of the SEC also comes up empty. As it stands, the onus is on the financial firm to set and uphold policies that can help future-proof and minimize the risk of exposure for non-compliance. But the catch is, that they don’t legally have to do so. At least not yet.
What’s the SEC’s official position on all this?
Gurbir Grewal, Director, Division of Enforcement, gave a speech on October 6, 2021, regarding broker-dealer regulation and enforcement. One of the main themes that were echoed through the speech was the notion of market integrity and public confidence being “our” collective responsibility. That’s an interesting twist. He said, “So rather than issue warnings about how aggressively we will pursue you or your clients if you misbehave—which we, of course, will—I want to invite each of you—the lawyers, counselors, and gatekeepers who have such influence over market behavior—to join me.”
Is the SEC so overwhelmed with the sheer volume and complexity of social media posts with emojis, the number of e-Comms channels, and trillions of SMS messages that they need help? Or is this signaling a new strategy where a carrot may be more effective than a big stick?
The former seems highly plausible given Grewal’s subsequent statements, “You should be thinking, instead, about modeling excellence in your compliance efforts, as you do in your performance. Take for example an enforcement action the Commission brought last year against a California broker-dealer for failing to preserve business-related text messages. The SEC’s order found that some of the firm’s registered representatives used their personal devices when communicating … Unfortunately, this is not an isolated example. A proactive compliance approach requires market participants to not wait for an enforcement action to put in place appropriate policies and procedures to preserve these communications and anticipate these emerging challenges.”
Ambiguity is a funny thing. It can work for – or against you – it all depends on which side of the law you’re on. When it comes to a matter of who’s going to win that battle, my bet is on the SEC. But at least they’ve warned us that they’re coming … let the crackdown games begin.