After two years of sustained enforcement action for firms that failed to ensure compliant communication, one would be forgiven for suggesting that global regulators might change tack in 2024. However, activity over the month of June shows that the focus on non-compliant communication and recordkeeping failures lives on – for regulators and financial institutions alike.
Fines for social media communications
As with every month, the Financial Industry Regulatory Authority (FINRA) has published its Disciplinary Actions for June. Within these actions, we see two communication-specific failures. The first, a fine for a firm’s use of influencers to promote financial products and services. The second, a fine for off-channel communications through text messages.
Turning first to the influencers, FINRA has fined a trading firm $200,000 for paying influencers for promotional communications on social media. The firm sought out influencers with high numbers of followers and asked them to promote certain financial products and services. The influencers were given a unique link and were paid a flat fee if a new account was opened and funded by a customer using that link. There was no limit to how much compensation each influencer could receive through these promotions.
However, contrary to regulatory requirements, FINRA found the influencers’ communications were not fair, balanced, or made misleading claims. FINRA also found that:
- In some instances, the influencers failed to state that the promotional communication was an advertisement
- The firm failed to approve the influencers’ videos using an appropriately qualified registered principal before they were used
- The firm did not preserve records of the videos, contrary to recordkeeping requirements
- The firm did not have a supervisory system reasonably designed to supervise its influencers’ retail communications
While the $200,000 penalty wanes in comparison to billion-dollar fines seen for recordkeeping failures, the enforcement action is further proof of the regulator’s increasing focus on social media and marketing communication as a compliance risk.
Even more noteworthy is the clear crossover between marketing expectations and recordkeeping requirements. FINRA clearly highlights here the importance of capturing, preserving, and surveilling videos – social media or otherwise – where they contain business communications.
Global Relay’s recent Industry Insight Report: Compliant Communication 2024 found that 55% of financial institutions consider social media to be an emerging compliance risk. This enforcement action goes to show those concerns are justified.
Fines for prohibited text messages
Moving then to June’s second communication compliance continuum, FINRA censured and fined a securities firm $500,000 for its failure to “preserve, and reasonably supervise, business-related text messages”.
In this latest instance of recordkeeping rupture, employees at the securities firm used text messages for business communication, despite rigid policies prohibiting the use of such channels for work-related messaging. Individuals at the firm had frequently communicated about the firm’s capital, customer complaints, and contacted customers about holding and selling positions via text message – flying flagrantly in the face of both company policy and industry regulation. FINRA said that the securities firm did not take “reasonable steps to enforce its prohibition against using text messaging for business purposes”.
To make matters worse, FINRA found that the firm’s management were aware that employees were continuing to use text messages for business, but did not have a solution in place to capture and retain these communications to comply with recordkeeping obligations. FINRA acknowledged that it issued the relatively moderate fine of $500,000 in consideration of the firm’s revenue and financial resources.
What is notable in this case is not necessarily the recordkeeping failure, but the fact that – in the knowledge that employees were continuing to communicate via text message – the firm’s management had failed to take steps to put a stop to the communication, or to find a solution to enable compliant texting when such solutions are readily accessible.
Bans where WhatsApp policies failed
The final communication chronicle for June exists more as an example of how firms may act when employees continually fail to comply.
On June 21, it was announced that Banco Santander has asked employees to delete a number of communication apps, including WhatsApp, from corporate issued phones after they failed to stick to policies.
In an act of seeming exasperation, it is reported that the firm told investment banking staff in Madrid to delete any messaging channels that had not been pre-authorized by compliance. Santander had strict policies and protocols in place to determine the way in which employees were permitted to communicate. However, these protocols were not adhered to, and apps have consequently been deleted from phones altogether.
The news that the bank has opted for ultimate deletion is perhaps unsurprising given that 65% of compliance teams have said that getting employees to comply with rules around electronic communication is their biggest challenge in 2024. As the above FINRA enforcements show, it is not uncommon for employees to flout communication rules where those are not convenient.
There is a question to be asked here however: If employees did not comply with communication policies, why would they comply with a request to delete apps? And how will the firm monitor and verify that such apps have been deleted? Especially given that most phones now offer the ability to hide apps from plain view.
As above, with technological solutions that allow firms to capture communication data from text, WhatsApp, or other channels – it begs the question why firms aren’t investing in such solutions, rather than exposing themselves to human behavior-based risk. And, if those solutions are available, will regulators consider app deletions to be a defensible strategy in any event?