August 16, 2024
What Happened?
On August 14, 2024, the SEC announced charges against 26 broker-dealers, investment advisers, and dually-registered broker-dealers and investment advisers for widespread and longstanding failures by the firms and their personnel to maintain and preserve electronic communications. These firms included Ameriprise, Edward Jones, LPL Financial, Raymond James, RBC and BNY, among others. Larger firms agreed to pay $50 million in penalties with the smallest paying $1.6 million to $400 thousand. Three of the firms charged, Truist Securities, Cetera Advisor Networks and Hilltop Securities, had self-reported their violations, which the SEC said caused “significantly lower civil penalties.” These lower penalties for self-reporting came to $5.5 million, $4.5 million and $1.6 million, respectively.
These latest charges mean that over 50 firms have been charged with recordkeeping violations for off-channel communication at a cost of nearly $3 billion in penalties. The SEC’s message is the same: firms must comply with recordkeeping requirements; improve internal policies and procedures governing business communications; monitor these policies and procedures and self-report any violations.
How frightened should your compliance program be of off-channel communication? A recent RIA compliance survey conducted in collaboration with the Investment Adviser Association trade group found that off-channel communication topped the list of concerns for registered investment advisers. Is it any wonder this is the top concern when such violations are so easily committed, easily detected by regulators, and threaten a multi-million dollar penalty? Self-reporting reduced a possible tens of millions in penalties down to merely $5.5 to $1.6 million this time around. This is unlikely to reduce concerns around off-channel communication.
The Danger of Personal Devices and the Question of How to Monitor Them
Allowing personal devices appears to be a crack in the armor that policies and procedures, attestations and certifications hoped to create. One registered investment adviser from this latest round of charges was P. Schoenfeld Asset Management LP (“PSAM”). In the order it was noted that, PSAM’s employees acknowledged in writing that they read, understood, and abided by PSAM’s compliance manual, which provided that the use of unapproved electronic communication methods, including on their personal devices, was not permitted, and that they should not use personal email or any form of non-work authorized text messaging to transmit work-related messages. But failure to monitor this policy led to the charges: “PSAM, failed to implement a system of monitoring reasonably expected to determine whether personnel were following its policies. While permitting its personnel to use approved communications methods, including on personal phones, for business communications, PSAM failed to implement sufficient monitoring to ensure that its recordkeeping and communications policies were being followed.”
What Does This Mean for Me?
The continued focus on unretained means of communication, including from personal devices, may spell the end of the flexible, bring your own device approach to communication that became common during the pandemic. Company cellphones and retention apps can help capture written communication like texts. emails and instant messages. However, if a rogue employee makes use of an encrypted app like WhatsApp for business communication, it would still be a violation.
The good news is that each of these cases showed “widespread and longstanding” failures to preserve electronic communications. All efforts to reduce these failures will keep your firm from the “widespread” violations that led to such hefty penalties. Make reasonable efforts to determine if employees are using off-channel communication, increase training, continue refining your policies and procedures and the use of written attestations. Change your compliance culture around off-channel communications now, the SEC is not slowing down.