The Securities and Exchange Commission’s assessment of $1.8 billion in fines against 11 Wall Street banks and their affiliates last week sent a message to all banks, even those on Main Street: You need to understand and monitor the communications platforms your employees are using for work.
While the SEC only fined broker-dealers and their affiliates, the magnitude of the fines and the findings of systemic violations indicate that more regulators may start asking the same questions the SEC asked, according to multiple experts in banking regulations and compliance.
Historically, violations of the SEC’s recordkeeping requirements tended to be more technical in nature and not as systemic or widespread — nothing that warranted the $1.8 billion fines levied last week, according to Conway Dodge, managing director and deputy leader of the Americas for the IBM-owned consulting firm Promontory.
….
Devin Redmond, the CEO and a co-founder of Theta Lake, a communication security and compliance company, said that a compliance approach that seeks simply to check boxes is “insufficient” to deal with changes in communication technology and that the expectation of the SEC’s enforcement division is about “proactive compliance.”
“The usage of WhatsApp is often a more general symptom of employee end users seeking easier, more feature rich communication channels.”
– Devin Redmond, CEO and co-founder of Theta Lake
In some instances, employees may be drawn toward channels that the bank currently leaves unmonitored for practical reasons beyond the fact that its clients are on those channels, according to Redmond.
“Aside from small groups of employees that may be specifically evading monitoring, the usage of WhatsApp is often a more general symptom of employee end users seeking easier, more feature-rich communication channels than what their organization allows,” Redmond said.