Tag: SEC

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 17: Self-Improvement Edition

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on various topics, including the self-improvement of Florida Man gone astray.

Challenges are constant in the ever-evolving regulatory compliance and risk management world, and strategies must be dynamic. Tom highlights the technological shortcomings of many compliance programs and the critical role of compliance officers in mitigating reputational damage. He emphasizes continuous improvement and vigilance, ensuring due diligence and monitoring compliance strategies. Kristy acknowledges the progress made in the field over the past two decades but also points out the technology gap in integrating governance, risk, and compliance data. She underscores the need for better handling of integrated reporting in the future. Join Tom Fox and Kristy Grant-Hart as they delve deeper into these issues in this 2 Gurus Talk Compliance podcast episode.

Highlights Include:

  1. What does the lull in FCPA enforcement mean for chief compliance officers? (FCPA Blog)
  2. CA enacts climate change disclosures. (HLS Forum on Corp Governance)
  3. CFTC and monitors. (Compliance and Enforcement)
  4. U.S. Warns Businesses to Guard Against Iran Missile Push (WSJ)
  5. Combining COI and Risk Assessments. (COI Blog)
  6. U.S. Lifts Broad Sanctions Against Venezuela for Six Months (WSJ)
  7. The Gap In SEC Individual FCPA Enforcement Actions Is Over Three Years (FCPA Professor)
  8. Report: Insourcing Up, Confidence Too (Radical Compliance):
  9. Prosecutors in Sam Bankman-Fried trial compare defense argument to ‘Dumb and Dumber’ (CNBC)
  10. Florida man’s quest to fulfill ‘daily theft quota’ lands him in jail across county lines, deputies say (Fox Orlando)

 Resources: 

Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Threads

Categories
Daily Compliance News

Daily Compliance News: October 26, 2023 – The Don’t Play Games Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Forced labor in yet another Chinese industry?  (WSJ)
  • Data privacy and Trump. (The Guardian)
  • Suspicious death shadows Austrian corruption probe. (FT)
  • Don’t play games with the SEC. (Reuters)
Categories
Blog

Pre-Taliation Continues to Rear It’s Ugly Head

DE Shaw, a prominent financial services firm, recently settled a retaliation case with the Securities and Exchange Commission (SEC) for a staggering $10 million. It was paid via an Administrative Order. This settlement marks the largest of its kind, highlighting the severity of the violations committed by the company. The case revolved around employment agreements that prohibited employees from speaking to governmental agencies without prior authorization from the company. Such agreements have been illegal since 2011 under the Dodd-Frank Act. Despite updating internal policies to encourage employees to speak to regulators, DE Shaw failed to amend these agreements until 2019.

According to the Order, this enforcement concerned violations of the whistleblower protection rule by the adviser. From at least August 12, 20111, through April 2019, the Company required new employees to sign employment agreements (“Employment Agreements”) that prohibited them from disclosing “Confidential Information” to anyone outside of the Company unless authorized by the Company or required by law or an order of a court or other regulatory or governmental body, without any exception for voluntary communications with the Commission concerning possible securities laws violations.

Additionally, from at least August 2011 through June 2023, the Company required approximately 400 of its departing employees to sign General Releases and Agreements (“Releases”) “affirming, among other things, that they had not filed any complaints with any governmental agency, department, or official, to receive deferred compensation and other benefits that were sometimes worth millions of dollars.”

Finally, in 2017, the Company notified employees that nothing in any policy or agreement prohibited employees from communicating directly with or providing information to regulators, agencies, and commissions regarding possible violations of law or regulations without notice to the Company. The Company updated its internal policies with similar language and required employees to acknowledge receipt and review those policies annually. However, the Company did not revise its Employment Agreements until April 2019. It did not revise the form of its Release until July 2023—after this investigation commenced—to include similar whistleblower protection language.

The case raises important questions about the need for companies to ensure that policy changes are reflected in all relevant documents and agreements. It serves as a reminder that even well-intentioned internal policies are ineffective if not properly implemented and enforced. In the case of DE Shaw, the failure to update employment agreements and separation agreements until years after the Dodd-Frank Act was enacted, demonstrates a lack of attention to detail and a breakdown in the company’s compliance processes.

One key issue this case highlighted is the broad definition of confidential information in employment agreements. These overbroad confidentiality clauses can potentially discourage whistleblowers from coming forward, as they may fear violating their agreements and facing retaliation. Companies must balance protecting their confidential information and ensuring that employees feel empowered to report any wrongdoing to regulatory bodies; by defining the instances under which confidential information should not be shared, and explicitly including carve-outs for reporting concerns to law enforcement, companies can avoid creating an environment that stifles whistleblowing.

The $10 million penalty that the SEC imposed in this case is sizable and portends a trend toward higher fines for retaliation settlements. This clearly conveys that the SEC is willing to impose substantial penalties on companies that violate whistleblower protection laws. Organizations must consider this when making decisions about their retaliation policies and practices.

The DE Shaw settlement also raises concerns about the potential impact on future pre-taliation settlements. In this case, the size of the penalty suggests that the SEC is becoming increasingly vigilant in enforcing whistleblower protection laws. Companies should be aware of this trend and take proactive measures to ensure compliance with these laws to avoid costly settlements and reputational damage.

Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in the SEC Press Release, “Entities employing confidentiality, separation, employment, and other related agreements should take careful notice of today’s enforcement action. The Commission takes the enforcement of whistleblower protections seriously, and those drafting or using these agreements should take their obligations equally seriously to ensure that they don’t impede whistleblowers from contacting the Commission.”

In conclusion, the DE Shaw $10 million settlement over a retaliation case and whistleblower policies is a stark reminder of the importance of companies ensuring that policy changes are reflected in all relevant documents and agreements. It highlights the need for organizations to balance protecting confidential information and creating an environment that encourages whistleblowing.

Both the $10 million settlement and the words of Gubir Grewal underscore the growing SEC trend towards larger fines for retaliation settlements, emphasizing the importance of compliance with whistleblower protection laws. Companies must carefully consider the impact of their decisions on retaliation policies and practices to avoid legal and financial consequences.

Categories
FCPA Compliance Report

FCPA Compliance Report – Chip Jones on Record Keeping Requirements for Messaging Compliance

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Chip Jones to discuss the recent spate of enforcement actions in the messaging compliance arena.

Chip Jones, the Executive Vice President of Compliance at Global Relay, is an expert in e-communications archiving and compliance solutions for the financial services industry, focusing on instant messaging compliance and enforcement actions related to off-channel communications. Chip believes technology plays a vital role in regulating off-channel communications in financial services, emphasizing the importance of capturing and supervising all communications, including those on personal devices, to ensure compliance with SEC record-keeping requirements. He acknowledges that using personal devices for communication has been prevalent for years, but the pandemic has accelerated this trend. Chip suggests that technological solutions, such as the Global Relay app, can help financial professionals communicate compliantly, and he emphasizes the importance of education and tone from the top in promoting compliance. Join Tom Fox and Chip Jones on this FCPA Compliance Report podcast episode to delve deeper into this topic.

Key Highlights:

  • Compliant Communication Solutions for Financial Firms
  • Regulatory Enforcement of Off-Channel Communications
  • Failure Factors: Violation of Record-Keeping Requirements
  • Proactive Compliance and Cooperative Remediation in Financial Firms

Resources:

Chip Jones on LinkedIn

Global Relay

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Data Driven Compliance: Current Trends and Innovations

Data-driven compliance strategies have become a game-changer in risk management and fraud prevention. I recently had the opportunity to participate in a KonaAi-sponsored webinar entitled “Data Driven Compliance: Current Trends and Innovations.” The event was hosted by Vince Walden and featured Rayne Towns, the Global Head of Risk and Monitoring at Nokia.

I view data-driven compliance strategies in risk management and fraud prevention as an evolution of the compliance profession. It can be seen in the importance of data analytics in improving the effectiveness of compliance programs. There is and will always be the need for human interpretation and utilization of the data. Towns see data-driven compliance strategies as a way to strengthen and improve the compliance program’s effectiveness, using data analytics to identify and address gaps in the compliance program. She also emphasizes the importance of prioritizing and starting with solving specific problems when implementing data analytics. Vince Walden joined in with his perspective on data-driven compliance strategies in risk management and fraud prevention.

Data driven compliance is one more in the evolution of the compliance profession, one more step. Fortunately, we have evolved from when compliance was very much legal driven by lawyers. And over time, most compliance professionals (and equally importantly, the DOJ and SEC) began to view compliance as a business process. As a business process, it can be measured, it can be studied, it can be monitored, and it can be approved based on that information.

We began with the importance of data analytics in compliance programs. The shift towards data-driven compliance has transformed the profession from solely legal-driven to a measurable and improvable business process. This shift has been recognized by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). The SEC first called out the use of data analytics, as it did in the Order concluding the Key Energy FCPA enforcement action. Most recently, the Albemarle FCPA resolution specifically called out the company’s use of data analytics in its remediation program, which occurred during the pendency of its FCPA resolution process.

In 2016, the Securities and Exchange Commission called out data analytics in an enforcement action for the first time. It was the Key Energy FCPA enforcement action, where they suggested data analytics would have shown or demonstrated a range of values outside the norm for certain gifts, travel, and entertainment for the company. This demonstrated that regulatory thinking evolved as well. Now, data analytics has become a critical element to improve the business process of compliance. Data driven compliance allows you to measure it, monitor it, and improve it all in a documented fashion so that if a regulator ever comes knocking, you can demonstrate to them not only the effectiveness of your compliance program but also how you are moving your compliance regime forward based on solid data and analysis.

AB InBev was one of the first companies to successfully implement data-driven compliance strategies, moving from detection to prevention of issues. This shift has resulted in cost savings and improved risk management for the company. Equally significant was the company’s public discussion of the BrewRight program and how it evolved into a broader business process tool.

The DOJ always telegraphs what is important to them. Starting 2020 with the 2020 Update to the Evaluation of Corporate Compliance Programs, they said the CCO must have access to all data across an organization. You may have data silos, but a CCO must be able to punch through all of those data silos. It is a natural progression from 2020 to this Albemarle FCPA enforcement action, where the DOJ clearly stated that the company’s data analytics program allowed them to move forward with the remediation.

Moreover, the critical part was that Albemarle was not required to have a monitor. To avoid having a monitor required under the resolution required two things. One, an effective compliance program, but two, testing of it. And the DOJ has made very clear those requirements. Albemarle had an effective compliance program, but more importantly, they have monitored it and tested it through their data analytics program. Their compliance function’s actions saved the company millions. And it tells the rest of us what the DOJ will look for in a compliance program going forward.

Data analytics plays a crucial role in various aspects of compliance, including M&A due diligence and risk assessment. By leveraging external data sources, compliance professionals can gain valuable insights into potential risks associated with vendors, customers, and employees. This information allows them to make informed decisions and mitigate risks effectively.

Compliance professionals must be aware of the importance of data-driven compliance strategies’ impact on decision-making. Using data analytics, compliance professionals can measure, monitor, and improve compliance programs in a documented fashion. This demonstrates the compliance program’s effectiveness and enables organizations to adjust and adapt more quickly to changing regulatory requirements.

However, implementing data-driven compliance strategies comes with its own challenges. Balancing the tradeoffs between automation and manual processes is one such challenge. While automation can streamline compliance processes and identify gaps, manual touches are sometimes necessary. Data analytics can help identify these gaps and drive accountability and training efforts.

There is great potential for new technologies like generative AI and machine learning to enhance compliance programs. These technologies can make compliance processes more efficient and enable better decision-making. For example, generative AI can guide users through dashboards and provide valuable insights, making compliance tasks easier and more effective.

Budget approvals are another crucial consideration for organizations when implementing data-driven compliance strategies. CFOs prioritize keeping the business out of legal risks and fines, fraud prevention and recoveries, and improved internal controls. Data analytics is not just a “nice-to-have” but a “must-have” for organizations. Those that do not embrace data analytics or fail to move towards it are at risk.

In conclusion, data-driven compliance strategies have revolutionized the compliance profession. Organizations can measure, monitor, and improve compliance programs by leveraging data analytics, resulting in cost savings, improved risk management, and better decision-making. While there are challenges associated with implementing data-driven compliance strategies, the benefits far outweigh the tradeoffs. Compliance professionals must embrace data analytics as a critical element of their compliance programs to stay ahead in an ever-evolving regulatory landscape.

Categories
Blog

The Importance of Tailored Policies for Compliance and Risk Management

In compliance and risk management, one size does not fit all. Generic policies and procedures may seem convenient but can lead to compliance risks and potential harm. This is why the Securities and Exchange Commission (SEC) stresses the need for well-designed, tailored policies and procedures in areas such as anti-money laundering (AML) and cybersecurity.

In a recent “Compliance into the Weeds episode,” Tom Fox and Matt Kelly highlighted the importance of tailored policies for compliance, and risk management was discussed in detail. They discussed the case of Deutsche Bank, where the SEC imposed sanctions due to faulty policies. The bank had taken generic policies not specific to their mutual fund obligations and declared them their AML program. This cut-and-paste approach led to compliance risks and inconsistencies that caught the attention of regulators.

The case also serves as a reminder of the potential consequences of misleading marketing practices without proper procedures. The SEC sanctioned DWS $25 million for failures around ESG disclosures and a poor AML program. In both instances, faulty policies and procedures were identified as the root cause of the compliance failures.

The key takeaway from this case is that companies should conduct risk assessments and gap analyses to identify their specific needs and design appropriate policies. A good risk assessment is the foundation for crafting effective policies and procedures. It helps organizations understand their risks, evaluate their controls, and determine the necessary steps to mitigate them.

The impact on employees when designing policies and procedures should be considered. Simply copying and pasting language from regulations without considering the organization’s unique structure, technology, and transactions can lead to confusion and compliance risks. Employees need clear guidance on their duties and responsibilities; generic policies do not provide that clarity.

Compliance officers should create policies and procedures tailored to their organization’s needs and risks to avoid compliance risks and potential harm. Considering the organization’s specific circumstances, resources, and capabilities requires a thoughtful approach. It also requires regular risk assessments, gap analyses, and monitoring of policy effectiveness.

How to do so? The 2020 FCPA Resource Guide, 2nd edition, provided guidance. It stated, “When assessing a compliance program, DOJ and SEC will review whether the company Guiding Principles of Enforcement has taken steps to ensure that the Code of Conduct remains current and effective and whether a company has periodically reviewed and updated its Code.” [emphasis supplied] Some of the questions you should consider are:

  • When was the last time your policies and procedures were released or revised?
  • Have there been changes to your company’s internal controls since the last revision?
  • Have there been changes to relevant laws relating to a topic covered in your company’s policies and procedures?
  • Are any of the policies and procedures outdated?
  • What is the budget to create/revise your policies and procedures?

After considering these issues, you should benchmark your current policies and procedures against other companies in your industry. If you decide to move forward, I suggest a process that can be fully documented to include revisions to your compliance policies and procedures.

Get buy-in from the senior leadership of your company. Your company’s highest level must mandate revising compliance policies and procedures. The CEO, GC, CCO, or all three should demand this effort. Whoever gives the order should be consulted at every step of the revision process of the policies and procedures if it involves a change in the direction of key policies.

Establish a core policies and procedures revision committee. It would be best if you had a cross-functional working group that would be ideal to advance your effort to revise your compliance policies and procedures. This group should include representatives from the following departments: legal, compliance, communications, and HR; there should also be other functions that represent the company’s domestic and international business units. Finally, there should be functions within the company described, such as finance and accounting, IT, marketing, and sales.

From this large group, the topics can be assigned for initial drafting to functions based on their relevance or necessity. These functions would also solicit feedback from their functional peers and deliver a final, proposed draft to the Drafting Committee. You must establish a timetable for the revision process and hold representatives accountable for meeting their revisions.

Conduct a thorough technology assessment. The cornerstone of the revision process is how your company captures, collaborates, and preserves all the comments, notes, edits, and decisions during the entire project. In addition to using technology to revise your compliance policies and procedures, you should determine if they will be available in hard copy, online, or both. There must be a distribution plan, mainly if the Code and compliance policies and procedures are only available in hard copy.

Determine translations and localizations. The 2020 FCPA Resource Guide clarified that your compliance policies and procedures must be translated into the local language for your non-English speaking workforce. The key is that your employees have the same understanding of the compliance policies and procedures regardless of the language.

Develop a plan to communicate the revised policies and procedures. A rollout is always critical because the revised policies and procedures must be communicated to encourage employees to review and use the policies and procedures on an ongoing basis. Your company should use the whole armor of available tools to publicize the revised compliance policies and procedures. This can include a multi-media approach or handing out a copy to all employees at a designated time. You might consider having a company-wide compliance policies and procedures meeting where the new or revised documents are rolled out across the company all in one day. But remember, with all things compliance, the three most important aspects are “Document, Document, and Document.” However, when you deliver the new or revised policies and procedures, you must document that each employee received them.

Stay on target and budget. It would be best if you worked to set realistic expectations to stay on deadline and within your budget. This is equally applicable to your policies and procedures revision. Also, remember to keep a close watch on your budget so you do not exceed it.

These points are a valuable guide to not only thinking through how to determine if your policies and procedures need updating but also practical steps on how to tackle the problem. You should begin the process now if it has been more than five years since the last updates. It is far better to review and update if appropriate than wait for a massive FCPA investigation to go through the process.

There are tradeoffs involved in balancing different factors when designing policies and procedures. Compliance officers need to consider the organization’s staffing, technology, review processes, and the need for human intervention in automated systems. Insufficient resources and inconsistent procedures can lead to compliance gaps and backlogs, increasing the organization’s exposure to compliance risks.

In conclusion, the importance of tailored policies for compliance and risk management cannot be overstated. Generic policies may seem like a quick fix, but they can lead to significant compliance risks and harm. Compliance officers should conduct risk assessments, identify specific needs, and design policies and procedures that address those needs. Employee understanding and guidance are crucial, and policies should be regularly assessed, monitored, and updated as necessary. By taking a tailored approach to compliance and risk management, organizations can minimize their exposure to compliance risks and protect themselves from potential harm.

Categories
Compliance Into the Weeds

Compliance into the Weeds: A Deep Dive into Policies and Procedures

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt deeply dive into the recent enforcement action against Deutsche Bank for AML violations and greenwashing to consider best practices for policies and procedures.

In the complex business world, the importance of tailored policies for compliance and risk management cannot be overstated. Tom Fox and Matt Kelly bring their unique perspectives to this topic, emphasizing the need for well-designed, specific policies and procedures to mitigate compliance risks and potential harm.

Drawing from his experience, Fox believes that generic policies are insufficient and stresses the need for policies specific to a company’s needs, risks, and operations. On the other hand, Kelly criticizes copying and pasting policies from regulations without considering the organization’s unique characteristics and needs. He underscores the importance of conducting risk assessments and gap analyses to design effective policies. Join Tom Fox and Matt Kelly as they delve deeper into this topic on this episode of the Compliance into the Weeds podcast.

 Key Highlights:

  • The Importance of Tailored Policies and Procedures
  • Risks and Consequences of Generic Policies
  • Tailoring Policies and Procedures for Compliance
  • Ongoing Monitoring of Policies and Procedures

Resources:

Matt in Radical Compliance

Tom 

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Internal Controls

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we have Karen Moore on the internal controls failures and other areas identified in the SEC enforcement action.

The recent FCPA enforcement action against Albemarle has sparked a lively debate in the compliance community, particularly regarding the company’s internal controls, imposed penalties, and the lack of monitorship. While Karen is surprised at this development, Tom believes it is consistent with the new DOJ FCPA policy.

One of the key takeaways from the episode is the importance of thorough due diligence and stronger measures to prevent corruption. The case highlights the need for compliance officers to operate beyond their comfort zones and ensure that the right people receive the right training to spot issues. It also raises questions about the credibility of messages about risk tolerance from senior leadership and the effectiveness of deal reviews. Join us as we dive deeply into these issues in this FCPA Compliance Report podcast episode.

 Key Highlights:

  • Albemarle’s Penalties
  • Identifying Red Flags in Due Diligence
  • Including Monitors in Plea Deals for Compliance

Resources:

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Albemarle FCPA Enforcement Action – Overview

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. Today, we begin a short podcast series on the Albemarle FCPA enforcement action. Today, we open with Matt Kelly, providing an overview.

The intriguing case of Albemarle, a chemicals company embroiled in a bribery scheme, is a stark reminder of the importance of compliance and timely remediation measures. Albemarle faced hefty fines and penalties, totaling over $218 million, for using intermediaries to sell chemicals to state-owned oil companies and funnel bribes to government officials. However, the company’s swift action in withholding bonuses during their internal investigation and implementing remedial measures, such as eliminating sales agents and adopting a direct sales approach, was recognized and credited.

We underscore the significance of Albemarle’s transformation of its business model as a positive remediation measure that effectively reduces corruption risk. We also emphasize the importance of timely self-disclosure and the benefits of initiating remediation measures before an investigation is complete. The fines and penalties imposed on Albemarle are among the largest FCPA settlements in 2023. Join us in this FCPA Compliance Report podcast episode as we dive deeply into the regulatory outcome, remediation efforts, and compliance lessons from Albemarle’s case.

Key Highlights:

  • Bribery Scheme with “Friend” Emails
  • Identifying and Addressing Control Gaps for Ethical Business Practices
  • FCPA Settlement and Corruption Risk Reduction

Resources:

Tom Fox blog post series on the Albemarle FCPA Enforcement Action.

Tom Fox

Threads

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Messaging App Compliance in Regulated Industries: Lessons from Recent Enforcement Actions

In recent years, regulated industries, particularly broker-dealer firms like Wells Fargo and Morgan Stanley, have faced increased scrutiny from regulatory bodies due to their lack of compliance in policing messaging apps. The Securities and Exchange Commission (SEC) recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts outlined in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the Commodity Futures Trading Commission (CFTC) ordered four financial institutions to pay $260 million for recordkeeping and supervision failures due to the widespread use of unapproved communication methods.

Even more troubling is the involvement of senior managers in these misconducts, leading the SEC to require an independent compliance consultant in multiple settlements. This highlights the significance of overall corporate culture and the need for stricter compliance measures. Matt Kelly and I recently explored these enforcement actions, the reforms that companies must implement, the role of consultants in reviewing these reforms, and the potential risks and consequences of using messaging apps for business purposes in a Compliance into the Weeds podcast.

Reforms in regulated industries focus on policies and procedures, messaging policies, and employee training. Companies must establish clear messaging policies that outline the acceptable use of communication channels and the importance of recordkeeping obligations. Training employees on these policies and ensuring their understanding is equally vital. Additionally, companies must track training records and allegations of policy violations, making them readily available for review. Next, both ongoing monitoring and continuous improvement must be utilized. Finally, do not forget the need for disciplinary frameworks, with repeat offenders and senior employees potentially facing more severe discipline.

The enforcement crackdown by the SEC and CFTC has already resulted in significant penalties, with fines totaling a staggering $550 million. J.P. Morgan was the first bank to face such a settlement decree, setting a precedent for other banks. This raises speculation about whether the misconduct will continue and if there will be additional enforcement actions. While some large securities firms have yet to be targeted, all regulated industries must take note and proactively address compliance issues.

As noted above, using improper messaging apps for business communication is a significant concern for regulators. Moreover, these violations of securities laws occurred due to employees using ephemeral messaging apps like WhatsApp and Snapchat, which turn off record preservation. Once again, the involvement of supervisory employees and managers in using these apps is even more alarming, further angering the regulators. The SEC’s requirement for an independent compliance consultant in multiple settlements indicates a focus on corporate culture and the need to address senior managers’ involvement.

While these enforcement actions focused on regulated industries, it raises an important question about whether non-regulated industries could also face similar exposure to the SEC. The Justice Department has emphasized taking messaging and communication app risks seriously for all companies. Therefore, even if a company operates outside the purview of specific regulations, it is crucial to consider the potential risks and consequences of using improper messaging apps for business purposes. In a Radical Compliance blog post, Kelly noted, “That is a terrible look for a company. It paints the picture of a management team not interested in good ethical conduct, and we all know how that goes over with the Justice Department when evaluating the state of your compliance program.”

We desired to shed some light on the recent enforcement actions against regulated industries for their lack of compliance in policing messaging apps. The fines and penalties imposed by the SEC and CFTC highlight the seriousness of these violations. Companies must implement reforms, establish robust policies and procedures, and prioritize employee training to ensure compliance. The conversation also underscores the potential risks and consequences of using improper messaging apps for business communication. All companies must prioritize compliance and take proactive measures to address these concerns regardless of industry. By doing so, companies can foster a culture of integrity and avoid the hefty fines and reputational damage associated with non-compliance.