Recordkeeping Takeaways from FINRA Regulatory Oversight Report

By Harriet Christie, COO, MirrorWeb

The Financial Industry Regulatory Authority (FINRA) recently released its annual regulatory oversight report for 2024. This has been shared to provide firms with key insights and observations from the regulator’s recent operations, with the aim of improving transparency and strengthening compliance programs for businesses in the finance sector. 

Alongside topical focuses around the use of artificial intelligence and the shifting state of cybersecurity, recordkeeping requirements also continue to evolve alongside modern technology. Below, we’ll look at the key recordkeeping takeaways.

Off-channel communications

The report indicates that FINRA uses a risk-based approach to review how firms manage business-related communications. It acknowledges that with off-channel platforms and devices, there is clearly far greater risk that records won’t be maintained. Reference is made to the SEC fines administered across the industry from 2021 to 2023, where they indeed were not.

While off-channel communications can occur on any tool that hasn’t been approved for business use (email and instant messaging platforms for example), mobile correspondence undoubtedly accounts for a significant proportion, largely due to its convenience of use, immediacy, and availability outside working hours.

 In the report, firms are asked if their electronic communication policy includes …

  • Procedures to maintain, preserve and monitor all business-related correspondence by staff, including those via off-channel methods.
  • Processes to monitor for new channels available to customers.

Rather than simply expecting employees to follow protocol, the surveillance element is now more pronounced, and compliance teams are expected to do the detective work to understand the landscape and make sure employee conduct is above board. FINRA directly recommends that firms surveil…

  • Whether approved channels are underutilized, signifying that alternatives are being used.
  • Their approved channels, for ‘indicia of communications occurring off-channel’, ie references to other conversations on unsanctioned domains

The last point could come in the form of email chains that copy an email address from an off-channel domain, or suggestions that recipients should interact elsewhere, away from scrutiny.

Firms are also asked to consider what corrective/disciplinary measures are in place for advisers that do go rogue and breach policy. Traditionally, companies have paid the price for employee misconduct, and so FINRA is encouraging deterrents to be established for individuals.

Public-facing Communications

Like the SEC’s Marketing Rule, FINRA Rule 2210 (Communications with the Public) encompasses electronic communications, and so websites and social media channels are held to the same standard as written brochures, TV advertisements and indeed emails.

FINRA reminds firms of their obligation to present information that is accurate, balanced, and not misleading; by sharing the associated risks of a product/service alongside its benefits, for example. This ties in significantly with developments around the use of AI for content creation purposes.

Artificial Intelligence

FINRA explicitly classifies AI as an ‘emerging risk’, recommending that firms consider its pervasive impact and the regulatory consequences of its deployment.

When you break down the ways in which marketers can leverage ChatGPT, for example, it becomes clear how effective the tool has become. Not only can it draft social media posts and website copy, it can also optimize them based on SEO, trending keywords, or other relevant metrics. This saves marketers an incredible amount of work, and will tempt stretched workforces in need of a lifeline.

Unfortunately, those teams might not be equipped to check the generated output thoroughly, which is especially problematic in the context of chatbot ‘hallucinations’. Without the correct checks and amendments, a brand’s tone of voice and clarity of messaging can be compromised. More worryingly, so can its factual legitimacy.

The SEC has already clarified that advisers themselves are responsible when issues arise after AI tools are used for investment recommendations. FINRA shares many of the same uncertainties. On a podcast dissecting the 2024 report, Ornella Bergeron, FINRA senior vice president of member supervision, said that despite the operational efficiencies afforded by developments in AI, there are worries.

“While these tools can present really promising opportunities, their development has raised concerns about things like accuracy, privacy, bias and intellectual property.

“So far, firms are being very cautious and thoughtful when considering the use of AI tools, and before deploying new technologies,” Bergeron said. “So while for this year’s report there was not a lot in the AI section by way of specific roles or observations, this is likely a topic we’ll be seeing a lot more about in the future.”

In Summary: A Shift to Surveillance

Off-channel and public-facing communications have been on the regulatory agenda for some time now, and FINRA’s 2024 report reiterates these concerns. 

By providing probing questions for firms to ask themselves, it will help highlight the inadequacies and blind spots that led to industry-wide recordkeeping shortcomings in the first place. And by prescribing procedures to uncover and root out the use of unauthorized channels, the regulator has shown a genuine desire to put a stop to it, or for firms to find new ways to handle the situation compliantly.

Communications archiving providers can now capture and record data across the traditional ‘off-channel’ platforms (WhatsApp, WeChat, Telegram). They are also increasingly developed to tackle the surveillance piece of the puzzle; by applying lexicon policies to flag specific wording, for example. This would negate the need for unrealistic platform bans, and ensure that illicit activity is quickly uncovered.

While a lot of the report’s content feels familiar, FINRA has also shown that they’re alive to new developments, and particularly the latent carnage that artificial intelligence could bring to proceedings. In a world where algorithms can follow a prompt but might state a few fictions in the process, digital accountability is of paramount importance. FINRA, like most regulators, is treading carefully.