By Oliver Blower, CEO, VoxSmart
Most people have at some stage encountered the old soldier’s adage that ‘war is 90% boredom, 10% terror’. The more dramatic regulatory compliance professionals among us might argue the opposite more accurately describes their role – that staying abreast of new and evolving regulations is most of the time nightmarish, seldom easy. In their defense, the ever-increasing raft of regulatory requirements imposed on firms places immense pressure on staff, with widespread burnout a concerning challenge across the industry.
But when it comes to enforcement actions over off-channel record-keeping failures, it has been eerily quiet on the watchdog front of late. Despite the SEC, CFTC and FCA dolling out record numbers of fines to firms over their failure to adequately monitor applications like WhatsApp and Signal over recent years, there appears to be a brief hiatus in the crackdown. Relatively few fines have been issued this year, with the last major sweep occurring as far back as February.
Optimistic compliance professionals may interpret this as evidence market authorities are easing their oversight of this particular market threat. But their wiser, more prudent colleagues might remind them of another well-known adage: that if something seems too good to be true, it probably is. With structural trends including the rise of remote working and fast-evolving workplace communications preferences showing no signs of abating, it seems unlikely watchdogs will lessen their grip on this issue moving forward. Indeed, there are even signs many firms anticipate a much stronger watchdog offensive.
According to a recent survey published by the Investment Adviser Association (IAA), ACA Group, and Yuter Compliance Consulting, almost three-quarters of compliance professionals at investment firms have made testing for off-channel and electronic communications surveillance a top priority in regulatory mock exams, with over half questioned citing it as the ‘hottest’ topic of discussion. It is fair to say that a good majority of senior compliance executives – many of which keep their ears closely to the ground with regards to goings on within regulatory authorities – sense more trouble is on the way.
And there are other indicators, too. It is widely accepted across the industry that market regulators tend to issue and settle more enforcement actions in the second half of the year. For instance, the SEC’s investigation into eleven of Wall Street’s most prominent banks and brokers concluded in September of 2022, to the eye-watering tune of $1.8bn – the largest collective penalty to date. If this trend holds true, it wouldn’t be surprising to see several large penalties land before year-end.
Regulatory rumblings are also emerging in regions where WhatsApp use is prevalent, such as Asia-Pacific, the Middle East, and Latin America. Watchdogs in these markets are reportedly considering taking a much firmer stance on instant messaging monitoring. One expert was recently quoted saying: ‘We gather from our engagement with policymakers that regulators around the world are closely watching the action the SEC has taken so far to ensure off-channel communication and record-keeping compliance. It’s a matter of time before regulators outside the US take some form of action on the matter.’
This will make for alarming reading for firms with limited oversight of their employees’ use of instant messaging apps. But there is still ample time to act. To revisit our war-based metaphor, many conflicts over the centuries have been decided by how swiftly competing nations can develop and deploy the most advanced warfare technology. This is also the case when it comes to financial institutions’ ongoing battle with regulators over messaging record-keeping and reporting violations. Should authorities double down on their investigations over the coming months, it will be the firms with the most sophisticated communications surveillance technology that emerge unscathed.