Lessons Learned from Digital Communications Challenges

Financial Services, Risk Advisory/Internal Audit
by Hayley Planitzer
share with a colleague Download PDF

As private communication apps, like WhatsApp or text messaging, are becoming increasingly popular in the workplace, the risk of recordkeeping failures becomes greater, particularly in the financial services industry.

In late 2022, the U.S. Securities and Exchange Commission (SEC) investigated 15 broker-dealers and one affiliated investment advisor for firm-wide recordkeeping failures through private electronic communications.

According to their report, the SEC found that from January 2018 through September 2021, all 16 firms’ employees communicated via off-channel communications on their personal devices about business matters, involving various levels of authority, including supervisors and senior executives.

The firms combined were charged over $1.1 billion in penalties for violating recordkeeping provisions of the Securities Exchange Act of 1934 and failing to prevent and detect these violations.

One of the biggest challenges companies face is the ever-evolving messaging apps.Each app has its own methods of access, AI capabilities, and messaging abilities, which are hard to keep track of and retain records for when necessary. This can especially make it difficult to monitor and keep records of private communications, which played a role in the SEC’s investigation of these 16 firms.

What best practices have we learned from their errors in digital communication and recordkeeping?

  1. Learn which messaging tools work for your employees and clients and ensure that it is being monitored.
  2. Be aware of the information security risks that are present with BYOD (bring your own device). Consider the use of corporate owned devices if communication is prevalent.
  3. Review your record retention policy on a yearly basis and ensure that your definition of “business records” is up to date with current technology and client dynamics.
  4. Review your current supervisory technology to ensure that they are up to date with messaging technology. Furthermore, perform due diligence on third party vendors. These vendors should be familiar with the regulations of the financial service industry.
  5. Policies don’t cut it! Ensure that behind a policy there is enforcement and a company culture that supports the prevention of record retention failure.

Understanding the prevalence and consequences of private digital communications in the financial services industry as well as being able to mitigate its risks is crucial to protecting your institution and clients.

The Schneider Downs Risk Advisory Services team can aid with the prevention and detection of digital communication via off-channel communications.

About Schneider Downs Risk Advisory 

Our team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.

Explore our full Risk Advisory Service Offerings or contact the team at [email protected].

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Cybersecurity, IT Risk Advisory, Risk Advisory/Internal Audit BY Nathan Shepler
8 Key Considerations When Reviewing User Access
read more >
Financial Services, Risk Advisory/Internal Audit BY Marcy King
Enhancing Focus on Risk Management and Consumer Protection
read more >
Financial Services, Fraud/Investigative & Forensic Accounting, Risk Advisory/Internal Audit BY Tyler Caven
Controlling Wire Fraud in the Financial Industry
read more >
Risk Advisory/Internal Audit BY Brendan Leech
The Top Risks Internal Audit Leaders Need to Know for 2024
read more >
IT Risk Advisory, Risk Advisory/Internal Audit, SOC 2 BY Nicholas DeLuca
SOC 2 Terminology: Vendor vs Subservice Organization vs Subcontractor vs Third Party vs Nth Party
read more >
IT Risk Advisory, Risk Advisory/Internal Audit BY Michael Sinkevich
Did Poor Change Management Contribute to the AT&T Wireless and McDonald’s Outages?
read more >
Register to receive our weekly newsletter with our most recent columns and insights.
subscribe for updates
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh
Columbus
Metropolitan Washington
Image of Prime Global Logo
follow us client portal

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×
Accept