About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Are You Ready for the Tide to Change for Compliant Communications?

Subscribe to our newsletter

By Jennie Clarke, Senior Manager at Global Relay, the electronic communications compliance specialists.

Regulatory obligation and guidance surrounding the capture, monitoring and surveillance of digital communication channels is far-reaching and increasingly robust. The Financial Conduct Authority’s (FCA) Handbook SYSC 10A, for example, requires firms to “take all reasonable steps to record telephone conversations, and keep a copy of electronic communications” that relate to financial activities. Moreover, it asks that firms take all reasonable steps to prevent an employee from “making, sending or receiving relevant telephone conversations and electronic communications on privately owned equipment” if the firm is not able to record or copy that information.

Obligations around compliant communications are not limited to the UK. In the U.S., for example, FINRA Rule 3110 requires firms to “establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations”. As compliance teams will be well aware, firms are under increasingly strict instruction to manage their business communications to ensure compliance.

Staying in the US, few will have missed the mammoth $125 million fine issued by the Securities and Exchange Commission (SEC) to JP Morgan in 2021 for its failure to “maintain and preserve written communications”. What UK-based folk may have missed, however, is the near-constant publication of similar regulatory messaging surrounding business communications.

In the past few months alone, FINRA issued fines to two senior managers who continued to use text messages for business, which had been prohibited by the compliance team. Then, the U.S. Department of Justice alluded to new rules in the pipeline surrounding the use of personal communication devices, listing senior manager involvement in non-compliance as an “aggravating factor”. As well as this, the SEC has made significant amendments to recordkeeping Rule 17a-4, aimed at modernizing the 25-year old framework, as well as announcing that nearly 20% of fines issued in 2022 concerned recordkeeping failures.

Again, this has all taken place over the course of three months. One thing is clear in the U.S., communication is top of mind for the regulators.

As with all financial regulation, this wave of regulatory scrutiny will not be limited to the U.S. for long. The tide is slowly shifting, with regulatory focus slowly crossing the Atlantic and making its way to the UK.

Despite this, many firms across the globe still do not have a compliant, watertight strategy to enable compliant communications. In light of increased regulatory scrutiny, most firms have moved to banning certain channels for communication – whether it’s SMS or WhatsApp. However, if continued enforcement tells us anything, it is that the banning of channels is not an effective solution. In many instances, employees continue to use banned channels to communicate, the problem then being that none of this information is captured. These illicit communications are not compliant.

As was recently reported, Morgan Stanley has taken to fining individual employees for their use of illicit communications, with fines apparently ranging from the thousands to millions. What is interesting is that none of this would be necessary if the firm had an effective, compliant solution in the first place. Instead of using ineffective channel bans – and then fining employees who do not comply – firms could enable WhatsApp, SMS, or any other communication channel for business and employ effective compliance technology to capture those messages and store them in a way that would stand up to regulatory scrutiny. Solutions are undoubtedly more effective than restrictions.

Many are expecting that the waves of enforcement for non-compliant communication will soon be lapping at the feet of UK firms. Most are standing at the water’s edge, waiting with bated breath for a big-bang enforcement before they take action, and crossing their fingers that they won’t be the test case.

Instead of looking out to sea, these firms should be looking for effective solutions while the UK regulatory focus is still in its nascent stages. Compliance teams should be bolstering their defences and battening down the hatches to ensure their communication policies, procedures and controls are watertight. Only then, when the waves finally come crashing down, can the compliance team sit back knowing that they’re home and dry.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Detecting and preventing market abuse

Market abuse – unlawful disclosure of inside information, insider trading, circular trading, “pump and dump” schemes, etc. – poses significant threats to the integrity of capital markets. In 2024, global trading house Trafigura agreed to pay a $55 million fine to the U.S. Commodity Futures Trading Commission (CFTC) for trading with non-public information, manipulating a...

BLOG

From Pilot to Production: Navigating GenAI’s Transition in Financial Markets

The financial markets sector is accelerating its engagement with generative AI (GenAI), yet moving from proof of concept (POC) to production remains a complex challenge. Key questions continue to dominate industry conversations: What use cases are mature enough for deployment? How can firms embed the necessary controls to manage reputational and regulatory risk? What organisational...

EVENT

Buy AND Build: The Future of Capital Markets Technology

Buy AND Build: The Future of Capital Markets Technology London examines the latest changes and innovations in trading technology and explores how technology is being deployed to create an edge in sell side and buy side capital markets financial institutions.

GUIDE

The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline

The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting...