smarsh.com

Compliance teams did not have the time to develop and implement policies for collaboration, conferencing and mobile platforms, revealing compliance gaps that expose them to damaging regulatory violations and legal risks. Our survey data exposes significant gaps between the communications channels firms have allowed for business use and the retention and oversight of those channels required to meet compliance obligations and manage risk. Regulated firms must consider mobile as the norm and get ahead of any compliance issues by developing explicit mobile device and communications policies for workers and enabling appropriate technology to archive and supervise communications content. They expect firms to develop and fine-tune realistic policies for the use of electronic communications instead of relying on the prohibition of tools that employees are likely to use.

A firm was censured, fined $65,000, and required to notify customers whose identifying information was transmitted to an unauthorized email account; revise its Identity Theft Prevention Program to address the deficiencies identified herein and comply with Regulation S-ID of the Exchange Act, and enhance its email security systems. The findings also stated that upon learning of an email security breach involving the firm email account of its CEO and CCO, the firm failed to implement the procedures set forth in its program to mitigate the risk of identity theft due to the exposure of its customers’ identifying information to an unauthorized third-party. The findings also stated that the broker caused his firm’s failure to make and preserve books and records by using personal email accounts to send and receive emails without providing copies to the firm, thereby preventing the firm from capturing the securities-related communications. Using his personal email account, the broker sent the company’s placement agent his son’s residential address and date of birth.

The action was in response to recent market activities, including GameStop, where activities over social media were undertaken by retail investors to “artificially inflate their stock price. This action, along with a series of other actions suspending trading due to unusual social media activity, can result in a suspension of trading activity for 10 days under existing SEC rules. The action was in response to recent market activities, including GameStop, where activities over social media were undertaken by retail investors to “artificially inflate their stock price. What is noteworthy is that the language of the perception of "unusual social media activity" may be occurring over a multitude of social media tools, mobile applications, and other consumer-oriented communications platforms that have increasingly crept their way into tools that are sanctioned for business use.

How often do you and your colleagues hold virtual meetings using a video conferencing platform? Financial firms have largely failed to implement policies and procedures around video sessions and other commonly used collaboration and conferencing technologies. It’s the elephant in the room of today’s communications compliance and regulatory environment, and neither FINRA nor the SEC will give firms a pass on meeting their obligations in this regard. Findings from the recent Smarsh 2020 Risk & Compliance Survey Report show that not enough financial firms acknowledge how the modern regulatory landscape is changing, particularly as newer communication and collaboration tools, like Zoom and Microsoft Teams, continue to evolve and create further complexity for e-communications record-keeping.