Skip to content

Regulatory Scrutiny of Client Engagement is Here – Are You Ready?

In light of a recent SEC penalty, now is not the time to rely purely on policy.

As part of my role with Hearsay, I am frequently asked for compelling Compliance-grounded reasons why customers might contract our products and services. In the past, a recitation of the relevant rule and laws, in conjunction with reference to regulatory smite, was sufficient to sway any customer. Recently, however, the underlying motives behind this conversation seem to have shifted. It seems the relative cost of a compliant product and service – usually measured by the license fee, without consideration to the benefit of the product and service – is being weighed against the likelihood, or severity, of regulatory censure. This is a worrying development. Since regulatory frameworks typically don’t prescribe how firms comply with the obligations, some have increasingly shifted responsibility to the employee, adopting a policy prohibiting certain activity, but not actually monitoring results that regulators have become more adept at testing for.

This approach may reflect the softening of regulatory censure for non-compliant communication in the email, texting and social media messaging channels, with penalties decreasing in size and frequency. Over-indexing on this trend, however, strikes me as concerning. In just a few short months, brokers and advisors went from meeting a friend for lunch at a restaurant or attending an event, to maintaining those relationships digitally from their home. In order to adjust to the world of social distancing, market participants have had to rethink their engagement model to adapt to new realities. The uptick in the use of social media and text messaging is significant, Hearsay observed a 300% spike in digital communications since the onset of the global pandemic.

The adaptations of market participants – as well as ill-intentioned individuals – has not gone unnoticed to regulators who have issued myriad alerts, FAQs and guidance to protect investors and remind organizations of their obligations. This can be viewed as both a warning and an opportunity. To prepare for what I believe to be a more stringent environment around texting, firms should be looking at the controls they have for their social media and electronic communications programs, assessing whether the channels being used by their employees are permitted, being used effectively, and are compliant with their organizations’ regulatory obligations. It’s only a matter of time before regulatory sweeps start focusing on remote electronic communications.

For those firms that already permit, with controls, engagement on social media and through text messaging, now is the time to assess whether their programs and controls remain effective and adequately address regulatory obligations as well as pandemic related adjustments. Those that are relying on a policy to prohibit control must assess whether the policy is sufficient and to extensively test – remediating and sanctioning where necessary – the effectiveness of the prohibition. Case in point –  just recently the SEC levied a $100,000 penalty for over-reliance on policy and non-technical controls, such as attestations. This is indicative that such an approach can leave firms with a false sense of security regarding their texting program.

Regulatory scrutiny of such programs is already in progress and examiners have extensive tooling and a broad set of lenses by which to evaluate compliance (i.e., approved users/channels; content quality; required pre-approvals; extent & adequacy of post-review processes; accuracy & completeness of records made and retained). Given the rapid growth in the use of these channels, it does not seem unreasonable to expect a resurgence in the frequency and, for the most egregious cases, the size of penalties imposed by regulatory agencies in the ensuing months and years. As such, now does not strike me as the time to rely solely on a policy prohibiting certain activity, nor to ask whether implementing technical controls would be deemed a reasonable approach. Now is the time to ensure you have the appropriate solutions, processes, and expertise in place to confidently empower your field in a time when digital client engagement is table stakes.

The Key is Context – Unlocking the Modernization of Archiving & Supervision

Why mess with a good thing? Sometimes we hit on something that works so well that it never changes – like Coca Cola. Unfortunately, most things are not Coke and need to evolve. Email-based archiving – particularly when applied to client engagement activities across social and texting – is one of those areas begging to be modernized.

To meet regulatory recordkeeping requirements and standards (i.e., SEC, FINRA, CFTC, FCA and others), firms have long relied on an email-based approach to take delivery of client communications into their archives. Email-based archiving (SFTP) is akin to sending a package – data is stripped down and organized to fit nicely in a box that can be sorted in a similar way with all the other packages. While the approach results in compliance with archiving mandates, it hampers compliance teams, rendering them less effective and efficient. What this approach lacks is context. Activities are delivered into the archive sometimes as they occur – most commonly with a delay – and are siloed by channel, forcing supervision to piece together conversations that are taking place across days, networks, and channels. This approach conjures up images of old police TV mysteries with cork boards and pinned pieces of yarn to connect suspects – it doesn’t reflect the technological progress we’ve made in other areas of financial services.

However, that is beginning to change. As more efficient, modern methods of data transfer have been introduced, some firms are re-examining how this data is being transferred to them. Archiving via API provides full context of digital communications and real time access. They have a thread based on a full view of the interactions between two contacts instead of the legacy structure imposed by an email-based configuration.

With API-led approaches, firms are gaining real-time access to communications in order to bring speed and efficiency to the archiving and review process.  We’ve made investments in Hearsay’s Compliance API to offer real-time access to a stream of activities that unlocks integrations with API-led platforms simplifying and modernizing recordkeeping, supervision, and discovery. Critically this offers Supervision teams a unified view of activities across channels to see a full, clear picture, so that the right activities are flagged and remediated.

All this to say that now is the time for firms to consider evaluating whether their archiving processes are as effective as they could be. An API archiving process doesn’t require a massive transformation of the existing setup – for example Hearsay’s open APIs allow our platform to integrate seamlessly with existing infrastructure bringing more value to your existing compliance foundation. And as you evaluate options, our team stands ready to lend our expertise.

Sometimes, change is a good thing.