Lessons Learned from Digital Communications Challenges

As private communication apps, like WhatsApp or text messaging, are becoming increasingly popular in the workplace, the risk of recordkeeping failures becomes greater, particularly in the financial services industry.

In late 2022, the U.S. Securities and Exchange Commission (SEC) investigated 15 broker-dealers and one affiliated investment advisor for firm-wide recordkeeping failures through private electronic communications.

According to their report, the SEC found that from January 2018 through September 2021, all 16 firms’ employees communicated via off-channel communications on their personal devices about business matters, involving various levels of authority, including supervisors and senior executives.

The firms combined were charged over $1.1 billion in penalties for violating recordkeeping provisions of the Securities Exchange Act of 1934 and failing to prevent and detect these violations.

One of the biggest challenges companies face is the ever-evolving messaging apps.Each app has its own methods of access, AI capabilities, and messaging abilities, which are hard to keep track of and retain records for when necessary. This can especially make it difficult to monitor and keep records of private communications, which played a role in the SEC’s investigation of these 16 firms.

What best practices have we learned from their errors in digital communication and recordkeeping?

  1. Learn which messaging tools work for your employees and clients and ensure that it is being monitored.
  2. Be aware of the information security risks that are present with BYOD (bring your own device). Consider the use of corporate owned devices if communication is prevalent.
  3. Review your record retention policy on a yearly basis and ensure that your definition of “business records” is up to date with current technology and client dynamics.
  4. Review your current supervisory technology to ensure that they are up to date with messaging technology. Furthermore, perform due diligence on third party vendors. These vendors should be familiar with the regulations of the financial service industry.
  5. Policies don’t cut it! Ensure that behind a policy there is enforcement and a company culture that supports the prevention of record retention failure.

Understanding the prevalence and consequences of private digital communications in the financial services industry as well as being able to mitigate its risks is crucial to protecting your institution and clients.

The Schneider Downs Risk Advisory Services team can aid with the prevention and detection of digital communication via off-channel communications.

About Schneider Downs Risk Advisory 

Our team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.

Explore our full Risk Advisory Service Offerings or contact the team at [email protected].

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Deutsche Bank Fined $186 Million For Insufficient Anti-Money Laundering Controls
ESG and Internal Audit: Board and Audit Committee Considerations
ESG and Internal Audit
The Latest on the Department of Defense CMMC Certification Levels and Timeline
Lessons Learned from Digital Communications Challenges
Putting the ESG Puzzle Together
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.