Skip to content
AltsWire
Click Here to Subscribe to Our Free Daily News Updates

Staying Compliant: Keeping Up With Off-Channel Communications

By Byline Author

Staying Compliant Keeping Up With Off Channel Communications

By Tiffany Duncan-Magri, regulatory adviser, Smarsh

This January, the U.S. Securities and Exchange Commission charged 12 firms a total of $63 million in penalties for recordkeeping failures in violation of federal securities laws. This was one of the last significant waves of fines before the change in U.S. administration. However, its impact is likely to linger for many years to come.

Traditionally, firms set policies that dictate which communications channels employees are allowed to use to conduct business. Approved channels or communications outlined in a firm’s policies that capture, archive, and supervise are considered “on-channel.” Off-channel communications – any business-related communication sent or received on a communications tool not approved for business use – have been in focus with the SEC since the pandemic and subsequent boom in remote work. In fact, the SEC’s off-channel communications sweep, which began in 2021, has now resulted in over $2 billion in penalties against more than 100 firms.

Navigating the Risks of Off-Channel Communications

Although there are no SEC or FINRA rules that cite “off-channel communications,” there are several financial regulations that clearly state a firm’s recordkeeping obligation. For example, the Exchange Act Rule 17a-4(b)(4) requires FINRA-regulated broker-dealers to retain business-related communications, including internal communications. The rule was then modified to emphasize the importance of maintaining complete and accurate records.

Real-world scenarios have highlighted the compliance risks firms face daily. For instance, portfolio managers increasingly find themselves navigating complex communication channels when discussing performance metrics. In one notable case, a portfolio management team used WhatsApp to share quick updates about portfolio performance and rate of return calculations with their sales team before client meetings. While seemingly efficient, these casual exchanges contained critical performance data that should have been properly archived. The team was also sharing performance presentations through personal devices, creating significant recordkeeping gaps.

The major challenge firms face is that almost every application has a messaging or communications feature. Some enter the workplace unintentionally, while others are introduced due to client demand. These applications range from Zoom to WhatsApp to LinkedIn. However, the fundamental rule for financial services firms remains unchanged: employees must only use tools that the firm can supervise. With that, firms must proactively assess their ability to detect and prevent misconduct before it escalates into a problem.

Staying Ahead

As a compliance officer, I’ve witnessed firsthand how the landscape of communication platforms evolves at a dizzying pace. What starts as a single new messaging app can quickly multiply into numerous channels that employees adopt for client communications, often before compliance teams can properly evaluate and implement supervision protocols.

The reality of modern compliance is that we’re constantly balancing immediate communication needs against regulatory requirements. Employees across all levels, from junior analysts to senior managers, are discovering and adopting new platforms with genuine intentions – whether for client relationship building, market research, or improved team collaboration. While they see efficiency and convenience, compliance teams must quickly assess regulatory implications, archiving capabilities and supervision requirements, all while maintaining existing compliance programs. Failure to adapt can expose firms to serious compliance risks and fines.

Modern archiving technology, a big piece of this compliance puzzle, plays a vital role in this process, allowing firms to meet recordkeeping obligations while managing the complexity of multi-channel communication. However, technology alone is insufficient. Policies and training programs must be regularly updated to instill a strong culture of compliance across the organization. This culture begins with leadership, setting the tone through clear expectations and proactive measures like self-reporting violations and implementing timely remediation efforts. Organizations should be spending the time to equip employees with the knowledge and tools to understand their responsibilities; this fosters accountability at every level.

Additionally, agility is crucial in a regulatory landscape that is continually evolving. Firms must remain vigilant and fluid, responding quickly to new rules or guidance. Establishing a flexible infrastructure that blends the latest technological tools with comprehensive training, clear policies, and a commitment to compliance will help firms navigate these complexities effectively, minimizing risk while building trust with regulators, clients, and stakeholders.

What’s Next for Communications Compliance?

 In 2025, the industry is looking to move away from regulation through enforcement – like with sweeping initiatives – and toward a more principles-based enforcement approach that uses targeted interventions. There will be a pause on new rules and off-channel enforcement is likely to soften – aside from those that are tied to financial crimes. Additionally, the industry is likely to see greater AI regulatory complexity at the federal, state, and international levels which has added a new dimension to recordkeeping obligations.

Looking ahead, the SEC is anticipated to focus on fundamentals, like insider trading, market manipulation, and anti-money laundering – and view off-channel communications as a symptom of a larger, systemic issue at a firm that warrants investigation. Regulators may view failures in fundamental compliance obligations like recordkeeping and supervision as potential red flags of deeper organizational issues. These foundational compliance gaps frequently reveal more significant problems with a firm’s overall control environment and risk management practices. Therefore, while the SEC may be shifting focus to areas like insider trading and market manipulation, firms with weak communications compliance programs should expect heightened regulatory attention across all aspects of their operations.

Regardless of how enforcement priorities shift, maintaining complete and accurate records remains a cornerstone of compliance. Recent cases demonstrate that inadequate communications compliance often signals broader control weaknesses, triggering intensified regulatory scrutiny across all operations. While self-reporting can mitigate regulatory impact, firms must focus on building adaptive compliance frameworks that evolve with technology. In today’s dynamic environment, strong communications compliance isn’t just about meeting regulatory requirements – it’s about protecting client trust and maintaining market integrity.

As a regulatory adviser at Smarsh, Tiffany Duncan-Magri monitors, evaluates, and consults on the financial services regulatory landscape. She has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Duncan-Magri was a senior associate at Benefit Street Partners and a compliance analyst at Broadstone and Manning & Napier Advisors.

The views and opinions expressed in the preceding article are those of the author and do not necessarily reflect the views of Alts Wire.

Click here to visit Alts Wire directory page.