In light of a recent SEC penalty, now is not the time to rely purely on policy.
As part of my role with Hearsay, I am frequently asked for compelling Compliance-grounded reasons why customers might contract our products and services. In the past, a recitation of the relevant rule and laws, in conjunction with reference to regulatory smite, was sufficient to sway any customer. Recently, however, the underlying motives behind this conversation seem to have shifted. It seems the relative cost of a compliant product and service – usually measured by the license fee, without consideration to the benefit of the product and service – is being weighed against the likelihood, or severity, of regulatory censure. This is a worrying development. Since regulatory frameworks typically don’t prescribe how firms comply with the obligations, some have increasingly shifted responsibility to the employee, adopting a policy prohibiting certain activity, but not actually monitoring results that regulators have become more adept at testing for.
This approach may reflect the softening of regulatory censure for non-compliant communication in the email, texting and social media messaging channels, with penalties decreasing in size and frequency. Over-indexing on this trend, however, strikes me as concerning. In just a few short months, brokers and advisors went from meeting a friend for lunch at a restaurant or attending an event, to maintaining those relationships digitally from their home. In order to adjust to the world of social distancing, market participants have had to rethink their engagement model to adapt to new realities. The uptick in the use of social media and text messaging is significant, Hearsay observed a 300% spike in digital communications since the onset of the global pandemic.
The adaptations of market participants – as well as ill-intentioned individuals – has not gone unnoticed to regulators who have issued myriad alerts, FAQs and guidance to protect investors and remind organizations of their obligations. This can be viewed as both a warning and an opportunity. To prepare for what I believe to be a more stringent environment around texting, firms should be looking at the controls they have for their social media and electronic communications programs, assessing whether the channels being used by their employees are permitted, being used effectively, and are compliant with their organizations’ regulatory obligations. It’s only a matter of time before regulatory sweeps start focusing on remote electronic communications.
For those firms that already permit, with controls, engagement on social media and through text messaging, now is the time to assess whether their programs and controls remain effective and adequately address regulatory obligations as well as pandemic related adjustments. Those that are relying on a policy to prohibit control must assess whether the policy is sufficient and to extensively test – remediating and sanctioning where necessary – the effectiveness of the prohibition. Case in point – just recently the SEC levied a $100,000 penalty for over-reliance on policy and non-technical controls, such as attestations. This is indicative that such an approach can leave firms with a false sense of security regarding their texting program.
Regulatory scrutiny of such programs is already in progress and examiners have extensive tooling and a broad set of lenses by which to evaluate compliance (i.e., approved users/channels; content quality; required pre-approvals; extent & adequacy of post-review processes; accuracy & completeness of records made and retained). Given the rapid growth in the use of these channels, it does not seem unreasonable to expect a resurgence in the frequency and, for the most egregious cases, the size of penalties imposed by regulatory agencies in the ensuing months and years. As such, now does not strike me as the time to rely solely on a policy prohibiting certain activity, nor to ask whether implementing technical controls would be deemed a reasonable approach. Now is the time to ensure you have the appropriate solutions, processes, and expertise in place to confidently empower your field in a time when digital client engagement is table stakes.