As we approach the end of the second month of 2024, the direction of regulatory developments is beginning to take shape. What can we expect to see in the first half of 2024?
In the view of Stacey English, director of regulatory intelligence at Theta Lake, despite the relative youth of the year the sector has already seen both the SEC and FINRA update their expectations on communications compliance.
She remarked, “This sets the stage for the first half of the year. Firms need to be under no illusions – recordkeeping is, and will remain, a key regulatory focus.”
English also emphasised that despite penalties already exceeding $2.6bn for unmonitored channels, it’s clear that fines for recordkeeping failures are not over. Theta Lake’s independent survey of over 600 firms revealed that 74% believe staff are still using unmonitored communications.
Relating to this, regulators have said the penalties will even be higher because they’ve given warnings so firms should be on notice. “Despite the enforcement headlines focusing on WhatsApp and a small percentage of staff trying to evade oversight, it’s actually a much wider problem where staff are using unmonitored methods just to do their job efficiently,” said English.
Theta Lake recently found that 68% of firms disable core features across their approved platforms like Zoom, Microsoft Teams and Cisco Webex, because existing compliance tools can’t effectively capture them and/or make them searchable for detecting and reporting risks.
According to English, this is driving staff to alternative unapproved methods to communicate. “We’re helping firms make sure they can capture all the different tools and channels like email, chat, whiteboards, video, alongside all the contextual information like emojis and reactions, and then be able to search and retrieve those records, so they able to turn features on and staff aren’t driven to alternative unmonitored methods.”
In the view of the regulatory intelligence director, this unrelenting regulatory focus is why the industry sees communications compliance take centre stage in boardrooms.
“We know the vast majority of firms are revisiting their communications compliance and we’ve seen firms themselves starting to take action against individual staff with clawbacks in bonuses, demotions and even dismissals. It’s only a matter of time before regulators take action too if their warnings aren’t heeded. So the whole issue of communications compliance needs to be assessed urgently at the highest level before the regulators come in and mandate a review.”
There will also be a widening focus from regulators in the first half of 2024. English said the billions of dollars in fines imposed in the last couple of years were mostly for a failure to capture communications.
However, the issue to watch out for in her view is whether those records are complete and whether those records can be retrieved. “There are already signs that some regulators are widening the supervisory net and imposing penalties for wrongly deleted data, an inability to find data.
“We know firms are struggling with this. 74% of firms told us that they are facing challenges in searching and retrieving communications. So proof that all communication records from all the different platforms and modalities have been captured is something firms are asking for because regulators want to see it, otherwise oversight is ineffective. Thankfully solutions like Theta Lake that are built for modern unified communications provide that reconciliation of records, giving both firms and regulators assurance that records are complete,” said English.
Looking towards the horizon, Generative AI is continuing to grow in stature and reach and 2024 will be no different for the technology. English belives GenAI will grow considerably as it starts to deliver substantial cost savings and productivity gains – whether that’s summarizing conversations or creating content.
She added, “FINRA has highlighted artificial intelligence as an emerging risk, warning firms to be mindful of how these technologies may impact compliance with their regulatory obligations, including books and records, customer information protection and supervision. What we do know is that the wider use of generative AI will create more content and communications with requirements for retention, search and supervision.”