The financial industry is one of the most closely supervised sectors in the world today. After decades of malpractice and upheavals in national and global economies, regulatory bodies are becoming more vigilant and tougher on violators of the strict rules that govern financial firms and professionals.
Perhaps one of the most well-known, and feared, authorities is the U.S. Securities and Exchange Commission (SEC). After the stock market crash of 1929 that devastated the US, Congress passed the Securities Act of 1933 and the Securities Exchange Act of 1934 to try and restore confidence in the economy. These laws established that financial companies must be honest and transparent about the nature of their business and the risks involved in investing, and they must treat all investors fairly and honestly.
The SEC was established to enforce these laws and in doing so promote stability in the markets and protect investors. They are a formidable force with a wide range of powers to enforce compliance. Aside from bringing civil actions that can result in fines, suspensions, and even permanent prohibitions, they can also work with the justice department in bringing criminal cases against individuals who behave fraudulently.
The SEC’s role is becoming increasingly complex as new technologies are changing the economic landscape. One area that has required considerable rethinking is that of the digital assets market which emerged after the introduction of Bitcoin in 2009. A digital asset is any form of electronic content that holds value and can be owned by someone. They include things like photos, data, cryptocurrencies, and much more, and they are forming an increasingly larger part of many companies’ overall assets and offerings.
The SEC and the Regulation of Digital Assets
The SEC doesn’t have a ratified definition of a digital asset – at least for now. While it has proposed a definition – “an asset that is issued and/or transferred using distributed ledger or blockchain technology”- it has not yet been formally adopted. They have, however, made it clear that they are concerned about the risks these assets pose to firms and investors, and they have been actively involved in addressing their regulatory implications.
As a current working rule, if a digital asset meets the definition of a security, it must comply with the securities laws – meaning it needs to be registered with the SEC and comply with all other requirements, including those related to recordkeeping.
When it comes to digital assets, recordkeeping plays a crucial role in several areas:
- Regulatory Reporting: Companies that have digital assets have to register them with the SEC, and provide information such as details about transactions, investor information, and communications with customers and co-workers.
- Investor Protection: Companies have to retain all communications with customers in order to demonstrate they have acted transparently, been honest about risks, and made other necessary disclosures. This also helps verify ownership and track transactions, and if disputes arise, they are an important source of evidence.
- Anti-Money Laundering (AML) and Know Your Customer (KYC) Requirements: Financial institutions have to keep records of, among other things, customer identities and transactions in order to prevent illegal activities such as money laundering and terrorist financing – activities to which digital assets are particularly susceptible.
- Auditing and Internal Controls: Robust recordkeeping allows firms to review their internal processes and detect errors or irregularities. This is critical in proving compliance and cooperation with regulatory bodies like the SEC.
- Enforcement and Investigations: Should something go wrong or there is an investigation, thorough records become critical in putting together a body of evidence about what happened. Being unable to provide these records prevents the SEC from doing its regulatory work, and becomes a violation in and of itself.
SEC Investigations and Press Releases
Given the proliferation of communication platforms and the number of ways in which information can be sent, received, and stored, companies in the finance sector are facing an increasingly difficult job of complying with SEC record-keeping regulations. Just because it is challenging to do, doesn’t mean that the SEC will go lightly on investigations and enforcement – just the opposite.
In May 2023, Gary Gensler, Chairman of the U.S. Securities and Exchange Commission, said “Now we’ve got…text messages and off-channel communications and the like. And so it’s just really important that firms always stay up-to-date, that they’re capturing those communications related to their operation and the order flows, the customer messages, and the like. That’s what’s critical.”
The SEC filed 760 total enforcement actions in 2022, a 9 percent increase from 2021. Penalties and fines during this period totaled $6.439 billion, the most on record in SEC history and almost double that issued in 2021. Not only was supervision more vigilant and penalties harsher in 2022, but the SEC has also started introducing specific undertakings to deter future violations.
This is illustrated by the SEC actions against JP Morgan, 15 other broker-dealers, and 1 investment adviser for “…widespread and longstanding failures to maintain and preserve work-related text message communications conducted on employees’ personal devices.” Not only did these entities have to pay a total of over $1 billion in penalties, but JP Morgan, for example, agreed to hire a compliance consultant to review its policies and procedures related to electronic communication recordkeeping and put a framework in place to address non-compliance by employees.
SEC action related to digital assets also grew considerably in 2022. Thirty enforcement actions were brought against digital-asset market participants last year, almost double that of 2022, and the highest number since 2013 when the first of this type of action took place. For example, the SEC charged Nexo Capital Inc. with failing to register the offer and sale of its retail crypto asset lending product. Nexo was fined $22.5 million and had to stop the sale of this asset to investors.
The compliant offering of digital assets is closely tied in with efficient and thorough record keeping, particularly in relation to communication with customers.
Ensuring Compliance with SEC Regulations
Making digital assets available to customers for investment requires more than just registering the product with the SEC. To properly comply with all their regulations, firms have to ensure that they are capturing and storing all communications with their clients and colleagues, regardless of what device or platform the communication takes place on. The SEC and other regulatory bodies such as FINRA have made it clear that electronic messages such as SMS’s, WhatsApp texts, or Zoom chat groups have to be captured and stored by member firms, even if they take place on an employee’s personal device.
This seems like a daunting task given how many different platforms, channels, and devices people use, and the likelihood that brokers will want to accommodate customers on their preferred communication app. Companies can attempt to prohibit the use of these devices and channels by employees, but history has shown this does not always work. There are many examples of firms and brokers who were penalized for using WhatsApp despite there being a ban on doing so. Given that there are electronic communication storage solutions available for companies in the finance sector, it seems that it would be in everyone’s best interests if their use was acknowledged and properly managed.
Whether a firm chooses to prohibit the use of off-channel communications or incorporate it into their record-keeping systems, they still have to ensure they follow recordkeeping best practices, including:
- Establishing rules, policies, and procedures regulating recordkeeping and particularly the use of electronic messaging in the company.
- Ensuring that all business communications regardless of platform or device are captured and retained.
- Putting systems in place to monitor and review recordkeeping practices in the company so gaps in compliance can be identified and fixed.
- Centralizing storage of all records in one secure location, preferably in a digital format, and ensuring that appropriate access controls, backup mechanisms, and disaster recovery measures are in place.
- Ensuring that records can be quickly and easily accessed when needed.
- Staying updated with SEC news and guidance.
SEC Compliance in Today’s Complex World – Automation is Your Friend
Given the sheer number of rules and regulations required to govern today’s complex global economy, it is critical that if financial companies want to safely offer the full range of assets and securities to their customers that they ensure they have the proper record-keeping systems in place. It is highly unlikely that any manual system would be able to keep up with the volume and variety of communications that need to be stored, and in fact, would generate more work and be less cost-effective than an automated software solution.
LeapXpert’s communications platform offers full integration of the full range of messaging channels and maintains a complete record of all conversations between employees and customers. Our user-friendly dashboard allows for easy auditing and reporting and displays the real-time status of all messages, conversations, and data sent, as well as flagging when conditions and rules have been breached. Integrated with leading third-party archiving, surveillance, and analytics platforms, all messaging records are securely stored and available alongside all the existing business data.
Book a demo now.
SUBSCRIBE TO OUR NEWSLETTER
Useful tips and helpful information.
You can unsubscribe at any time - obviously!