Glossary

Off-Channel Communication

What is Off-Channel Communication?

Because financial companies and others in heavily-regulated industries are required to keep records of all business-related communications, they need to be sure that employees are only using authorized communication platforms. The use of non-authorized platforms is known as off-channel or off-platform communication.

Off-channel communications typically take place via text messaging or other messaging apps like WhatsApp, WeChat, Facebook Messenger, etc. Any business-related communications that take place on off-channel apps are still bound by law to be appropriately captured and archived. 

The Risks of Off-Channel Communication

FINRA and SEC rules require financial companies to capture and store all business-related communications and make them accessible to regulators upon request. These regulations apply to all communications, regardless of the platform on which they take place.

Over the last couple of years, the SEC has begun cracking down harder than ever on firms that are in breach of the laws, levying huge fines to those that do not adhere to recordkeeping requirements. When employees are using off-channel communication platforms, the company is at risk and must consider the following:

  • Even if the messages themselves are not nefarious, the mere fact of using unauthorized means of communication is, by definition, a punishable offense.
  • It is not enough for a company to establish guidelines about which communication platforms are allowed and which are not. They also must have a process in place that proves they are enforcing such policies.
  • While the company may be monitoring company-owned devices, if an employee uses a personal device for business-related communication, the company is still liable and responsible for capturing those messages. 
  • Once a company receives a fine, they still need to prove that they are taking steps to fix their errors. Receiving a fine once does not preclude a company from being caught a second time!

Prevention of Off-Channel Communication Compliance Breaches

There are a number of best practices that companies can follow to ensure that they remain in full compliance and are not caught out by the SEC or other regulators for off-channel communication infractions. Such practices include:

  • Establish and Enforce an Off-Channel Communication Policy – An unenforced policy is useless. Companies must be very clear as to which platforms are allowed to be used for client communication and which are not. There has to be strict monitoring and enforcement to be sure that employees are not using unauthorized apps and that any authorized app is being appropriately monitored and messages are captured and archived. 
  • Appoint a Compliance Leader – Keeping track of updates to SEC, FINRA and other rules can be a full time job in itself. It is important to have one person (or a small team) who has overall responsibility for the off-channel communication policy. This person is the go-to source who must be up to speed on the latest rules and regulations and who is accountable for making sure that employees know the rules and are following them. 
  • Create an Escalation/Review Process – Whether real or perceived, there will certainly be signs of potential breaches that will need to be investigated. Having a clear process in place of what to do in such cases will make each situation run more smoothly. 
  • Institute Consequences – If an employee is caught violating the off-channel communication policy, there should be swift and severe consequences.
  • Train Employees – Periodic mandatory training sessions will make sure that all employees are well-versed in the off-channel communication policy and will know exactly which apps are allowed and which are forbidden. 
  • Use Technology – The only way to reliably and accurately monitor employee communication is with technological tools. LeapXpert, for example, allows for the collection of data from all of the major off-channel apps without compromising on employees’ privacy rights. The information is stored in an easily searchable format that can be made accessible to regulators if and when required.  

Schedule a demo today to learn how LeapXpert can help ensure your business is always in full compliance, regardless of the communication platforms being used.