What Are Off-Channel Communications? [What Firms Need to Know]
What Are Off-channel Communications?
In the financial services sector, off-channel communications refer to any business-related messages exchanged through platforms that aren’t approved or monitored by a firm. By comparison, “on-channel” communications take place over platforms a firm has vetted and implemented compliance policies to support. These compliance policies typically include protocols for capturing, archiving, and maintaining records of all communications.
Off-channel communications come in a variety of formats, though the most common are text messages, social media messages and communications that take place over third-party messaging applications such as WhatsApp and Discord. It’s important to note that what constitutes an off-channel communication can vary from one firm to the next, depending on the scope of their compliance policies and infrastructure. In a world where convenience is a top priority for clients, many firms choose to diversify communication channels to optimize the customer experience and maintain client relationships.
Regardless of which channels your firm uses for either internal or client-facing communications, all financial institutions are obligated by law to not only monitor these communications, but also to record and preserve them for future reference.
7 Key Regulations Financial Services Firms Need to Know
Here are just a few of the financial services industry regulations that include specific recordkeeping requirements for both traditional and electronic communications. Be sure to use these and other industry laws and regulations as a baseline when building out compliance policies for off-channel communications:
- SEC Rule 17a-4: SEC Rule 17a-4 establishes recordkeeping requirements for broker-dealers under the Securities Exchange Act of 1934. It mandates that broker-dealers preserve records of all transactions, correspondence and other business-related documents for a period of no less than six years, with the first two years in an easily accessible location. This rule applies to both on-channel and off-channel communications and specifies that firms must keep electronic records exclusively in a non-rewritable, non-erasable format. Failure to comply with Rule 17a-4 could lead to SEC enforcement actions, such as fines, censures or cease-and-desist orders.
- Adviser Act Rule 204-2: Also part of the Securities Exchange Act of 1934, Rule 204-2 imposes recordkeeping requirements on investment advisers. More specifically, Rule 204-2(a)(7) specifies that firms must maintain originals of all written communications sent or received by advisers, including those relating to client recommendations, transactions, written agreements and vested accounts. Rule 204-2 ensures that all communications, including off-channel communications, are properly captured and archived.Violations of this rule can trigger SEC enforcement actions similar to those under Rule 17a-4, including fines and cease-and-desist orders. Investment advisers may also be subject to additional oversight and could be required to engage in remedial actions.
- FINRA Rule 3110: Enforced by the Financial Industry Regulatory Authority (FINRA), FINRA Rule 3110 “requires a firm to establish and maintain a system to supervise the activities of its associated persons that is reasonably designed to achieve compliance with the applicable securities laws and regulations and FINRA rules.” The rule also requires firms to review emails, text messages and other forms of digital communications adherence to regulatory standards; this extends to off-channel communications.Violations of FINRA Rule 3110 can result in disciplinary actions by FINRA, including fines, suspension of business activities or membership revocation. FINRA often publishes details of violations and sanctions, which could result in reputational damage in addition to financial penalties.
- FINRA Rule 4511: Rule 4511 establishes FINRA’s general requirements for broker-dealers, including maintaining precise records of all transactions and communications for a period of no less than six years. These records can be kept in either paper or electronic format, so long as they align with the requirements outlined under the SEC’s Exchange Act. Similar to Rule 3110, non-compliance may lead to disciplinary actions from FINRA, including fines or suspension.
- FINRA Regulatory Notice 17-18: Though not a regulation in-and-of itself, Regulatory Notice 17-18 provides guidance on how firms should manage digital communications to ensure compliance with FINRA’s rules. The notice specifically addresses the challenges of off-channel communications, highlighting the need for firms to adapt their policies and supervisory practices to include non-traditional forms of communication.
- CFTC Rule 1.31: Supervised by the Commodity Futures Trading Commission (CFTC), CFTC Rule 1.31 outlines recordkeeping standards for commodities and futures firms, specifying that all records be kept in a format that is identifiable and searchable for a period of no less than 5 years. This rule encompasses both traditional and electronic communications, thereby requiring these firms to manage and archive off-channel communications in a compliant format.Non-compliance can result in enforcement actions from the CFTC, including civil monetary penalties, trading and registration bans and restitution orders. The CFTC may also seek injunctive relief to prevent future violations. The CFTC calculates penalties based on the gravity of the violation and its impact on customers or the market.
- MiFID II: A European Union (EU) legislative framework, Markets in Financial Instruments Directive II (MiFID II) aims to improve the transparency of financial markets and protect investors. Under this rule, firms are obligated to record all communications related to client orders and keep these records for a minimum of five years. Firms are also required to inform clients about their recording policies, ensure the integrity of recorded information and provide information to authorities or clients upon request.Violations of MiFID II can result in regulatory sanctions, hefty fines and reputational damage. Regulatory bodies within EU member states have the authority to enforce compliance, ensuring firms adhere to these stringent recordkeeping and transparency standards.
Understanding the Risk in Off-channel Communications
We’ve discussed the potential consequences of violating the recordkeeping requirements of various financial services industry regulations, but there’s nothing quite as sobering as looking at real-world implications of non-compliance.
For an example of this, look no further than JPMorgan Chase & Co. In 2021, the multinational institution was fined $200 million by U.S. regulators, including the SEC and CFTC, for failing to maintain records of employee communications. In this case, employees used WhatsApp and other third-party messaging platforms to discuss business matters — conversations which were not archived in accordance with the institution’s recordkeeping requirements.
September 2022 saw another high-profile case when the SEC announced charges against 15 broker-dealers and one investment adviser for “widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.” An SEC staff investigation found “pervasive off-channel communications” at these 16 firms between 2018 and 2021. The firms faced penalties amounting to over $1.1 billion as a result — a clear warning to take recordkeeping requirements and off-channel communications seriously.
8 Tips to Prevent Off-channel Communication Violations
Want to protect your firm against potential off-channel communication violations? Here are some best practices to help you stay in the clear:
- Establish an off-channel communication policy. By establishing clear rules that explain which forms of communication are permitted (and under what circumstances), you can ensure that your employees understand what’s expected of them regarding both internal and client-facing communications and promote compliance from the start.
- Develop a supervisory process. Clearly defined procedures for supervising off-channel communications are vital to a successful compliance program. These procedures should include real-time monitoring of employee communications, firm-wide audits and the use of software tools to flag unapproved communications.
- Establish consequences for violators. Accountability is essential to compliance, so it’s imperative you implement a system of penalties for policy violations, ranging from warnings to termination. Though it may seem extreme, enforcing real consequences underscores the seriousness of your firm’s off-channel communication policy and can deter violations.
- Bring employees up to speed. Once you’ve completed items one through three on this list, the next step is to conduct comprehensive employee training to educate them on their responsibilities, expectations, the importance of compliance and the consequences of non-compliance. As part of your training, make it clear to employees that violations can apply to both the organization and to individuals, which means they could personally face penalties from regulatory authorities should they fail to comply.
- Designate a communications supervisor. Assign a dedicated individual or team to oversee your firm’s communication practices and help maintain compliance. This supervisor’s — or supervisory team’s — role will be to monitor employees’ communications, run training sessions, answer clarifying questions and enforce consequences for violations to ensure ongoing adherence to compliance standards.
- When violations occur, self-report and remediate. If you know that your firm is in violation of any of the regulations listed above, you should immediately disclose the violation and work with regulatory authorities to address the violation. Taking a proactive approach to addressing violations not only speaks to your firm’s commitment to compliance, but can also mitigate regulatory penalties.
- Simplify compliance with the right archiving solution. One of the easiest ways to maintain compliance is to invest in a full-service archiving solution capable of supporting a wide range of communication channels, including text messaging, social media and third-party platforms. By automatically capturing and storing all business communications in a secure, searchable archive, you can easily comply with recordkeeping requirements and ease the burden of managing diverse data formats.
- Routinely update your policy and training program. New communication channels are constantly emerging, and regulations are often amended to reflect these changes. Keep a close eye on evolving industry trends and regulations and revise your off-channel communication policy and training program on a regular basis to ensure your firm’s compliance efforts are always up to date.
Don’t Let Compliance Requirements Catch You Off Guard
Our compliance checklist — designed with financial services firms in mind — makes it easy to meet FINRA and SEC requirements.