Treliant Takeaway…SEC Off-channel Communications Violations

The SEC Continues to Push Forward on Off-channel Communications Violations, But What Will be the New Administration’s Impact?

On January 13, 2025, the Securities and Exchange Commission (SEC) announced charges against nine investment advisers and three broker-dealers for failures to maintain and preserve electronic communications, continuing their effort to bring charges to firms for violations around recordkeeping obligations.

The SEC announced the settlements with twelve financial firms for violations of the recordkeeping provisions of the Exchange Act, and agreements to pay a combined total of $63 million in penalties. The firms were charged with failing to properly maintain and preserve electronic communications, including texts and emails, on personal devices used by their employees.

This continues the trend of enforcement actions that started in 2021. In August 2024, the SEC settled with twenty-six firms for close to $400 million in penalties. The prior year the SEC fined eleven financial institutions requiring firms to ensure all work-related communications are properly archived for regulatory review. The use of off-channel communications violates the record-keeping provisions of the SEC requiring firms to maintain records of all business communications. The Financial Industry Regulatory Authority (FINRA) and the Commodity Futures Trading Commission (CFTC) have also fined firms for violations of rules such as Rules 4511, 3110 and 2010, and 17 CFR Sec. 131.

The SEC wants transparency and accountability in financial firms as the use of unapproved means of communication increases the probability that Non-Public Information (NPI) is shared outside the firewalls of the firm and raise the chance of using the information in these communications for illegal purposes.

Is the SEC Over-reaching?

A number of industry groups, as well as financial firms affected by the SEC’s aggressive approach in cracking down on off-channel communications, feel they are being overly punitive. For example, under the Advisers Act, Rule 204-2 requires Registered Investment Advisors (RIA)’s to preserve records specifically related to investment advice, transactions and related financial activities, unlike the broader recordkeeping requirements of broker-dealers under the Exchange Act’s Rule 17a-4(b)(4), which focuses on enforcing having all communications saved regardless of what the communication addresses. The SEC is moving more towards protecting the misuse of NPI and potentially expanding RIA rules. In addition, some question the size of the penalties and whether some firms are being more severely punished for similar violations.

Impact of the New Administration

The new administration has shown a desire, similar to when it was last in office, to move towards relaxing regulations with less regulatory oversight and instead focus on areas that are viewed as materially impacting market integrity. Firms have expressed mixed reactions as some like knowing that their compliance activities in this space are consistent with their counterparts while others applaud the move towards less emphasis on these communications as it is exceedingly difficult to fully police even with the best intentions resulting in higher compliance costs and regulatory burdens.

In short, this remains a moving target and firms need to stay vigilant in tightening up their surveillance and enforcing punishment for those that violate the use of off-channel communications. Firms should continue to strengthen their compliance programs, implement better monitoring and surveillance systems, and ensure that employees strictly adhere to approved communication channels.

What Can Firms Do to Increase Their Monitoring of Electronic Communications?

Proactive measures

• Create clear, comprehensive, and easily accessible compliance policies and procedures.`
• Develop effective controls.
• Provide mandatory trainings and awareness programs.
• Incorporate more advanced surveillance tools.
• Undergo compliance reviews and audits of communication practices to ensure compliance.

Reactive measures

• Review communications on a daily basis and react swiftly to potential violations.
• Identify root causes.
• Prioritize remediation.
• Remain transparent with regulators.
• Seek external guidance / services.

To create and maintain an effective electronic communications surveillance program, you should ask yourself the following:

• Outside of approved firm emails, what applications are you permitting for employees to communicate? Which are prohibited? Has this been documented and communicated to the employees?
• Do you have a complete inventory of all communication channels used by firm employees?
• Does your surveillance program include checking for use of unapproved communication channels?
• Do you permit personal email use for business purposes and/or business email for personal purposes?
• For these communication channels, what languages are they in? Do you have the appropriate personnel to review and understand these communications?
• Do you ask employees to certify whether they have used off-channel communications to communicate business-related matters outside of the firm? These certifications should be part of the annual certifications your firm requires of its employees.
• As part of increased testing, have you considered spot-checking as part of your overall surveillance looking for indications (i.e., volume pf communications by the employee) that communications may have moved off-channel?