Asset managers: Avoid the WhatsApp trap

 

Regulators are cracking down on impermissible communications

 

Regulators have increased their emphasis on punishing asset management firms when employees engage in business communications with clients through means that aren’t monitored by the firm.

Patanella Micheal

“Firms need to make a concerted effort to prevent communication through unmonitored channels from happening within their organization.”

Michael C. Patanella

National Managing Principal, Asset Management Industry
Grant Thornton Advisors LLC
Partner, Audit Services, Grant Thornton LLP

 

In a rapidly changing communication landscape, employees must understand that their firms could be hit with huge fines if they provide investment advice through mobile phone text messages, WhatsApp, WeChat, Slack or other apps — if they’re not monitored by the firm. And firms need to be vigilant about the modes of communication their employees are using.

 

“Firm leadership may not have a complete understanding of how their employees are communicating with clients,” said Michael Patanella, National Managing Principal for Asset Management, Grant Thornton. “Firms need to make a concerted effort to prevent communication through unmonitored channels from happening within their organization.”  

 

To manage risks in this area, firms need to implement robust compliance policies, maintain effective controls and conduct mandatory training that helps employees understand their responsibilities and the potential for significant penalties if they break these rules.

 

Failing to address these risks can be costly. In August and September, the SEC announced a total of more than $480 million in penalties that were levied against 37 broker-dealers, investment advisers, and dually registered broker-dealers and investment advisers for failing to maintain and preserve electronic communications.

 

“Over the last several years, we've seen an increase in enforcement actions, putting this more on the regulators’ dashboard,” said Andrew Surgan, Managing Director for Regulatory Compliance and Controls in Risk Advisory Services, Grant Thornton. “They're looking at firms to see if they are in compliance with their policy procedures around communications.”

 

It remains to be seen whether the intensity of this regulatory scrutiny will be maintained after a new administration takes office in January. SEC Commissioners Hester Peirce and Mark Uyeda have dissented from some of the off-channel communication penalties issued by the SEC, citing the difficulty firms face in achieving compliance.

 

But unless a new policy is implemented, this remains an area of high risk for asset management firms. Regardless of the regulatory environment, firm leadership should want to make sure employees are conducting client business totally within the vision of the firm.   

 

During a Grant Thornton webcast on this topic, Surgan provided compliance tips for asset management firms. He said that, although off-channel communications rules are not new, the issue has gained prominence due to the surge in new communication sources. Early social channels such as Facebook, LinkedIn and Twitter/X have given rise to a seemingly endless array of apps, increasing the risk that employees’ communication with clients will occur outside a firm’s compliance structure and violate regulatory requirements.

 

These risks were exacerbated by the remote and hybrid working arrangements that became popular during the COVID-19 pandemic, which contributed to employees’ urge to communicate with their mobile phones. On mobile devices, personal conversations that turn into business communications can lead employees toward noncompliance.

 

“It’s really up to the firms to step up now, using those sophisticated tools to see whether or not communications are being brought off channel.”

Andrew Surgan

Managing Director, Regulatory Compliance & Controls, Risk Advisory Services
Grant Thornton Advisors LLC

Meanwhile, the regulatory environment is a tangled web of requirements that can be difficult to navigate. Key regulations include:

  • SEC Rule 17(a)-4: Requires SEC-registered broker-dealers to implement robust recordkeeping practices.
  • SEC Rule 204-2: Mandates that SEC-registered investment advisers maintain accurate and comprehensive financial records as well as records of client information with client holdings.
  • FINRA Rule 4511: Applies to broker-dealers, securities firms, and financial institutions involved in capital acquisitions. This rule requires recordkeeping to have official electronic storage media representation and be retained for at least six years.
  • CEA § 4s(f)(1)(C) / 7 U.S.C. 6s(f)(1)(C): Requires swap dealers to monitor swap trading activities, implement procedures to prevent violations, and maintain comprehensive business records.
  • CEA § 4g 7 U.S.C. § 6g. Regulation 1.35 (a)(1)(2021): States that CFTC registrants, including futures commission merchants, must keep identifiable “full, complete and systematic records” of transactions and all oral and written communications.

Fortunately for firm leaders navigating these complex rules, technological monitoring tools for off-channel communications have improved dramatically. When deployed as part of a comprehensive compliance framework, these tools can assist in recordkeeping while warning leadership of potential violations.

 

“It’s really up to the firms to step up now, using those sophisticated tools to see whether or not communications are being brought off channel,” Surgan said.

 

 

 

Proactive and reactive risk management practices

 

Much like a firm’s cybersecurity practices, off-channel communication protections should include proactive prevention and detection capabilities, as well as standards for reacting to violations.

 
Proactive Reactive
Clear, comprehensive, and easily accessible compliance policies/procedures Swift responses
Effective controlsIdentify root causes
Regular mandatory trainings/awareness programs Prioritize remediation
Surveillance toolsRemain transparent with regulators
Regular compliance reviews on communication practicesSeek external guidance/services

 

Proactive activities

 

Compliance starts with an appropriate tone at the top, established by the highest levels of management, stating that off-channel communications with clients will not be tolerated. Some of the most serious recent fines occurred when regulators found senior executives participating in off-channel communications, setting a bad precedent for the entire organization.

 

Periodic attestations on this issue by employees throughout a firm can lead to better behavior. As part of their compliance policies, some firms require employees to attest and confirm during their periodic compliance certifications that they are not using unapproved communication channels. Surgan recommends these certifications be done quarterly.

 

It’s also a leading practice to make it crystal clear for employees which channels are permissible. Firms can provide employees with a list of all on-channel communication modes, clearly stating that any mode of communication not on the list is considered off-channel and prohibited for client interactions.  In addition, leadership might wish to encourage employees to notify the firm’s compliance department when new communication methods become popular and are off-channel. If possible, the firm might choose to permit the use of a new communication platform if it can act to fully capture those communications.

 

Another best practice is to make off-channel communication policies as easily accessible to employees as possible. Firms should carefully consider whether these policies should be standalone or grouped with other policies. Leaders should also try to minimize the number of clicks it takes on the website to get to these policies.

 

“They need to be accessible because many people aren’t intentionally going offline to an app and trying to run the risk of communicating off-channel — or worse, losing their job,” Surgan said. “Some of it is just innocently moving on [to a different platform] and not being aware of the consequences.”

 

Some financial firms are addressing off-channel communications by reverting to company-provided devices, moving away from the bring-your-own-device (BYOD) practices that have been popular for many years. A generation ago, some firms issued office-provided cell phones or Blackberry devices for employees to use for company business. That practice faded as smartphones became popular and firms implemented BYOD practices to enable employees to conduct business on their personal devices.

 

Now, partly to avoid off-channel communication temptations, some banks are returning to company-provided devices and requiring employees to keep their personal phones in a locker or drawer when they come into the office or work at the trading desk.

 

Meanwhile, firms are using increasingly sophisticated technology to spot red flags in the on-channel communications they can monitor. Tools can be implemented to search the entirety of on-channel communications for keywords such as “WhatsApp,” “WeChat,” and numerous other indicators of off-channel interaction. This technology would alert leadership if it identifies these keywords in phrases such as:

  • “Let’s move it to WhatsApp,” or
  • “As I told you last night on WeChat.”

These tools work best when the keywords are updated regularly to enable searches for the newest social apps employees might be using.

 

“You definitely need to update your lexicon to include those terms,” Surgan said.

 

Some firms also perform spot checks on the communications of people in high-risk groups such as those that are customer-facing, those with very active accounts and those whose on-channel communications suddenly decrease dramatically, indicating they might be interacting with clients outside the firm’s channels. 

 

 

 

Reactive activities

 

Time is of the essence when potential violations of off-channel communications are discovered. First, firm leadership should act immediately to stop the communication from continuing.

 

Next, relevant compliance, legal and operations personnel need to be gathered to identify the root cause and develop a remediation plan. Often, third-party providers can bring perspective to remediation efforts and can be helpful to the firm. An entire project plan might be needed, and considering how to handle messaging with regulators is critical.

 

The question of whether to self-report a violation should be part of that messaging conversation. Three of the 26 firms penalized by the SEC in August self-reported their violations, and the SEC noted they paid significantly lower penalties due to their cooperation. One firm that self-reported, self-policed and demonstrated substantial efforts at compliance according to the SEC paid no penalty despite being charged in September.

 

Proactive and reactive controls combine to minimize the risks that off-channel communications pose to an asset management firm. The intense regulatory enforcement of these rules heightens the urgency for strengthening these controls and for attention from firm leadership.  

 

“The tone from the top has to be there, so that people realize all of us are in this together, and we have to be very alert about the communication methods we use for a myriad of reasons,” Surgan said.

 
 

Contacts:

 
 
 
Content disclaimer

This content provides information and comments on current issues and developments from Grant Thornton Advisors LLC and Grant Thornton LLP. It is not a comprehensive analysis of the subject matter covered. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC and Grant Thornton LLP. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this content.

For additional information on topics covered in this content, contact a Grant Thornton professional.

Grant Thornton LLP and Grant Thornton Advisors LLC (and their respective subsidiary entities) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Grant Thornton LLP is a licensed independent CPA firm that provides attest services to its clients, and Grant Thornton Advisors LLC and its subsidiary entities provide tax and business consulting services to their clients. Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms.

 

 

Tax professional standards statement

This content supports Grant Thornton Advisors LLC’s marketing of professional services and is not written tax advice directed at the particular facts and circumstances of any person. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC. If you are interested in the topics presented herein, we encourage you to contact a Grant Thornton Advisors LLC tax professional. Nothing herein shall be construed as imposing a limitation on any person from disclosing the tax treatment or tax structure of any matter addressed herein.

The information contained herein is general in nature and is based on authorities that are subject to change. It is not, and should not be construed as, accounting, legal, tax, or professional advice provided by Grant Thornton Advisors LLC. This material may not be applicable to, or suitable for, the reader’s specific circumstances or needs and may require consideration of tax and nontax factors not described herein. Contact a Grant Thornton Advisors LLC tax professional prior to taking any action based upon this information. Changes in tax laws or other factors could affect, on a prospective or retroactive basis, the information contained herein; Grant Thornton Advisors LLC assumes no obligation to inform the reader of any such changes. All references to “Section,” “Sec.,” or “§” refer to the Internal Revenue Code of 1986, as amended.

Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms.

 

Our fresh thinking