

Off-Channel Communications Risks
Off-Channel Communications Background
In the financial industry, off-channel communications have become a significant regulatory concern due to the lack of records and supervisory oversight, which are violations of recordkeeping requirements and supervision rules. This blog explores major violations associated with recent enforcement actions, and strategies for financial firms to mitigate associated risks.
What Are Off-Channel Communications?
Off-channel communications refer to business-related communications sent and received through platforms or devices that are not approved per the compliance policies of a firm. These include written ‘e-comms’, voice, and visual (meetings, whiteboards, GIFs and reactions) communications. Depending on the policies of a financial institution, these could include personal devices, text messages, social media and chat applications like WhatsApp. Off-channel communications are distinct from approved channels, which are captured, retained and supervised by the company to ensure compliance with regulatory requirements.
Recent Major Cases
Significant monetary penalties have been levied by global regulators including the SEC, FINRA, CFTC, PRA, FCA and Ofgem since 2021 for recordkeeping and supervision rule breaches bringing the total to a record high of over $4 billion.
Several high-profile cases highlight the financial industry’s struggle with off-channel communications:
- 26 broker-dealers and investment advisers fined $390 Million (August 2024)
- Six Credit Rating Agencies fined $49 million (September 2024)
- 12 municipal advisors fined more than $1.3 million (September 2024)
- Charges against 12 firms, comprising broker-dealers and investment advisers, including an $88 Million fine (September 2024)
- Nine investment advisers and three broker-dealers fined more than $63 Million (January 2025)
The failures by the firms and their personnel to maintain and preserve electronic communications were widespread, involving employees of all seniority levels. These cases underscore the financial and reputational risks associated with off-channel communications.
Increased Regulatory Focus
The SEC and FINRA in particular have intensified their focus on off-channel communications The agencies have pursued numerous cases, imposing significant fines for the use of unmonitored messaging apps, including communications with customers and market participants on deals, advice and trades in violation of federal securities laws. Preserved records are the primary means by which regulators monitor compliance with applicable laws. Not maintaining or preserving off-channel communications has a direct impact on their ability to carry out investigations.
The SEC Division of Enforcement’s approach is aggressive, focusing on both firms and individuals. While the agency has levied substantial fines to date, its approach continues to evolve, with an emphasis on credit for firms’ co-operation in the form of reduced fines and extensive remedial action including the appointment of independent compliance consultants.
Key Risks
The primary risks associated with off-channel communications include:
- Lack of Records: Inadequate recordkeeping hinders compliance oversight and regulatory supervision.
- Risks of Misconduct: Off-channel communications can lead to collusion and other misconduct.
- Confidential Disclosure: Potential sharing of private, sensitive or material nonpublic information.
Individual Liability
Investment advisors, broker-dealers, and bankers face personal risks, including civil penalties and bans, underscoring the importance of adhering to compliance policies and regulations at all levels.
Handling Violations
When violations occur, firms should:
- Self-Report: Quickly disclose issues to the SEC or relevant regulator.
- Cooperate: Fully engage with investigations.
- Corrective Measures: Implement changes to prevent future violations.
Advice for Compliance
- Policy Review: Regularly update communications policies.
- Training: Educate employees of expectations, especially those in high-risk roles.
- Oversight: Ensure proper channels used for all business discussions. Open up approved platforms so employees aren’t driven to off-channel alternatives.
- Complete Records: Ensure all communications types can be captured and supervised including the context like emojis, GIFs and reactions.