shedenn bibiannah ailina
Argenta Sugden
In December 2021, JPMorgan was fined $125m by the SEC and $75m by the CFTC for failing to maintain and preserve electronic records and for failing to reasonably supervise with a view to preventing and detecting those failures.
More recently, in May of this year, the SEC brought charges against HSBC Securities USA Inc and Scotia Capital USA Inc for the same lapses, with the Commodity Futures Trading Commission (CFTC) bringing its own claims against the latter firm.
And in early August, US regulators announced a further $549m in penalties against 11 large financial services firms for similar offenses, bringing the total fines for communications compliance breaches issued by the SEC to $1.5 billion and the CFTC to over $1 billion.
CFTC Commissioner Christy Goldsmith Romero did not hold back in her statement on August 8 when her agency charged four of those financial services firms for recordkeeping lapses pertaining to business-related communications that involved some senior-level executives.
US Securities and Exchange Commissioner Hester Peirce said in a podcast interview with GRIP in early August that technology has great promise for the financial services industry, albeit with limitations and challenges.
The great thing about technology is its ability to use abundant data and allows us to do something quickly with it, which leads to gains in efficiency and productivity. The worst thing about it is its ability to use abundant data and do something quickly with it, but in a way that was not intended.
When you get right down to it, this is not some external threat to the organization that is hard to detect or foresee. It is the nuts and bolts of internal oversight and enforcement, and nothing that the regulators are saying suggests that their enforcement actions are going to get more forgiving.
The author is admitted in Australia and the US and worked in regulatory enforcement matters in New York for over 15 years, including those concerning unmonitored business communications discussed below.
If anything, ASIC has understated US regulatory vigour. Since late 2022, US regulators have imposed approximately US$3 billion in fines industrywide, spanning banks, broker-dealers, and investment advisors. Individual institutions have been fined as much as US$200 million and senior industry professionals have been fired. Even though our regulatory penalties are often orders of magnitude lower than those elsewhere, the implications are sobering for Australian financial intermediaries and their staff.
In our experience, these penalty numbers barely scratch the surface. They do not include the vast expense, time, senior management attention, and business disruption required to resolve investigations into unmonitored communication channel issues.
The problem arises when personnel use unmonitored communication channels, whether texting, WhatsApp, personal email, encrypted, or ephemeral messaging platforms (think Snapchat, Signal, and Telegram, among others) for business purposes.
Unmonitored communications are problematic for many reasons. Prime among them, unmonitored communications may facilitate misconduct or other harmful activities. Accordingly, business conducted through unmonitored communications may result in financial intermediaries violating their obligation to supervise employees sufficiently to:
ASIC, like its overseas counterparts, considers financial intermediaries to be gatekeepers whose supervision failures threaten customers and market integrity. For regulators, unmonitored business communications represent a serious supervision failure, not just a failure to maintain required books and records. Furthermore, regulators may consider that failing to capture unmonitored communications will, by definition, cause a financial intermediary to violate its obligations to respond to information requests promptly and completely.
US regulators incline to an expansive view. Typically, they consider ancillary communications, such as those dealing with topics like scheduling, general market colour, remuneration, and personnel issues, to be business communications even though they do not concern the core financial services offered by the firm or its clients.
The takeaway is that financial firms must supervise communications beyond those required to be maintained under record-keeping rules. ASIC considers the failure to monitor and capture business communications to be a supervisory failure, not just a record-keeping violation.
In the US, some banks are reversing years of BYOD policies and are again providing firm-issued devices to employees to address monitoring and access issues. Others are deploying applications that claim to be able to monitor and ingest diverse types of electronic communications. Still others have completely banned the use of texting or WhatsApp for business, despite client appetite for these channels.
These requirements are best explained by the US experience that financial institutions often had excellent policies prohibiting unmonitored business communications, which were honoured in the breach. Senior executives and indeed even compliance personnel tasked with enforcing the policies were found to have violated the policies regularly without sanction. To American regulators, as reflected in the financial penalties, this was a paradigm example of the regulatory enforcement truism that the only thing worse than not having a policy is having an unenforced policy.
The resulting US requirement to evaluate controls and impose genuine consequences for policy violations creates significant challenges. US regulated entities must surveil for indicia of unmonitored communications (for example, by adding relevant terms to compliance lexicons to detect references to texting and WhatsApp) and then investigate those indicia by gaining access to employee personal devices.
Experienced lawyers can craft strategies and policies to balance these important competing interests, but they can be expensive and time consuming. For example, financial intermediaries may need to consider hiring forensic electronic discovery vendors or paying for independent lawyers to represent employees in the data collection and review process. Australian policies also need to cater for workplace surveillance laws, which differ from state to state.
Australian financial intermediaries are on notice that their supervision of employee business communications will be scrutinized. Now is the time to take stock and, as the Information Sheet recommends:
Beyond these important tangible steps, financial intermediaries should ensure that their corporate culture supports the appropriate supervision of business communications. Mere lip service is perilous. A recurring US theme is that a practice of unmonitored business communications by senior leadership and compliance staff will be a significant aggravating factor in a regulatory resolution.
ASIC acknowledges that one size does not fit all. Not everything done in the US will apply directly to Australia. Precisely what an Australian financial intermediary should do to ensure compliance depends on the nature, scale, and complexity of its business. Given the long lead time required to identify and remediate business communications issues, financial firms should act now to avoid the fate of their US peers.
Have you ever felt like your communication skills in the business world needed to improve? Have you ever felt uncomfortable using a specific language or speaking a certain way in meetings or at events around the office? These are some of the key characteristics that make up what is known as business communication service.
Understanding how they work and how other people will react to different types of language and behaviors is essential to optimize your performance. This article discusses many aspects of this field and even provides examples of effective business managers who use them effectively.
Consider the negative consequences of poor business communication: Employees working in the financial sector must communicate effectively with consumers and employees alike. It can result in valuable experience communicating professionally in front of a large group, which will benefit any future career.
Confident communication will build trust between you and your customers, translating into more business for the company. It can also improve the overall appearance of your business, small business phone service providers helping to make it better perceived by employees and clients alike.
The cost of business communication can often be prohibitive without proper guidelines and processes in place. These procedures should consider available resources, such as budget vs revenue growth targets, size of the business, etc.
(D) The requirements of paragraph (b)(1)(A) shall not apply with regard to the following retail communications, provided that the member supervises and reviews such communications in the same manner as required for supervising and reviewing correspondence pursuant to Rules 3110(b) and 3110.06 through .09:
(A) Members must maintain all retail communications and institutional communications for the retention period required by SEA Rule 17a-4(b) and in a format and media that comply with SEA Rule 17a-4. The records must include:
At least 10 business days prior to first use or publication (or such shorter period as the Department may allow), a member must file the following retail communications with the Department and withhold them from publication or circulation until any changes specified by the Department have been made:
b. The member adopts and implements written policies and procedures reasonably designed to ensure that the communication is relevant to the likely financial situation and investment objectives of the investor receiving the communication and to ensure compliance with all applicable requirements and obligations;
c. The member has a reasonable basis for the criteria used and assumptions made in calculating the projected performance or targeted return, and retains written records supporting the basis for such criteria and assumptions;
c01484d022