So far in 2024: changes to record keeping and regulatory rigor

Author: Harriet Christie, COO of MirrorWeb

The typical narrative is that digital regulations become more stringent as time goes on. Accountability is becoming an increasing requirement as technology advances and takes up more and more of our working lives. There is nothing new here, and yet recent regulatory activity across various global organizations has been even more intense than expected.

In the United States, the Securities Exchange Commission (SEC) and the Financial Regulatory Authority (FINRA) continue to demonstrate their characteristic aggression while increasing requirements for companies under their jurisdiction. Meanwhile, in the UK, the Financial Conduct Authority (FCA) appears to have woken up from a period of relative indifference.

FINRA

FINRA’s 2024 Regulatory Oversight Report outlines new steps companies can implement as they seek to ensure compliance. Companies are now being asked what they are doing to capture off-channel business communications and whether they are actively monitoring new communications platforms that may be available to advisors.

FINRA directly recommends that firms review whether approved channels are underutilized, meaning alternatives are being utilized. They are also asked to be aware of “off-channel communication guidelines,” i.e. references to other conversations in unsanctioned domains.

These updates are important because of what they represent. Trusting employees to follow protocol is no longer enough – the oversight element is now more explicit, and compliance teams are expected to do the detective work to understand the regulatory environment and ensure employee conduct is appropriate. This places a greater burden of responsibility on each organization and makes it very difficult for leaders to look away and feign ignorance.

KNOT

Applying standards across the industry

We are all aware of the ongoing industry investigation into ‘off-channel’ communications, i.e. financial penalties for WhatsApp, which have been dominating the headlines for several years. On April 3, 2024, the SEC announced its first enforcement actions against a registered investment adviser (RIA) not affiliated with a broker-dealer.

This action is a statement of intent – an example of Enforcement Director Gurbir Grewal’s desire to apply fundamental standards to the entire industry, not just to the eye-catching JP Morgans of the world. This is not a task of ticking all the boxes, but of moving towards the “proactive compliance culture” it strives for.

Self-reporting

Following criticism of arbitrary enforcement, the SEC denied that it was “randomly picking numbers” when setting penalties for off-channel communications. Rather than the size of the company or the extent of its misconduct, the factor with the greatest impact is whether the company self-reported its violations.

By providing companies with the ability to self-report past misconduct and proactively establish sound compliance procedures in exchange for leniency, the SEC is clearly trying to accelerate the process of culture shock.

The principle of marketing

The Marketing Rule signaled a regulatory evolution when it emerged in late 2022. Consumer protection was at the forefront of the agenda, but it took some time for the regulator to bare its teeth on enforcement. We are now seeing some progress – companies are being held accountable for passing on outlandish speculation as legitimate advice.

In April, the SEC imposed a $200,000 fine for marketing violations. Five EIAs were prosecuted, and all five admitted that they had misled consumers by advertising the performance of a model they could not substantiate. GeaSphere LLC received the most severe penalty of $100,000.

Around this time, another risk alert was issued and the regulator addressed common marketing policy pitfalls such as those listed above.

“The results show numerous instances of non-compliance, ranging from unsubstantiated claims to misleading advertising tactics, raising concerns about the transparency and accuracy of information available to investors.”

FCA

Historically, the FCA has developed a reputation for poor enforcement, particularly compared to its US counterparts. A December 2023 report by the National Audit Office (NAO) recognized that to meet the UK Government’s ambitions for the sector, the Government would need to correct existing ‘regulatory failures’. In recent months, they have made a commitment.

In November 2023, they issued a call to action highlighting failures to comply with consumer obligations, including the promotion of high-risk or complex products, opacity of fees and insufficient consideration for consumer understanding. The regulator has also started directly contacting non-compliant companies, carrying out site visits and sending Section 165 information requests.

In March 2024, following a review of advice on retirement income, the FCA wrote to chief executives of financial firms and told them to review their processes. They also warned that the “honeymoon period is over” for consumer tariff enforcement and revealed plans to publicly release details of any companies under investigation.

The name-and-shame policy has sparked widespread backlash across the industry, including from British Chancellor of the Exchequer Jeremy Hunt. Although unpopular, it signifies how unprecedented and potentially impactful the change in FCA strategy could be.

How can companies keep pace?

As you can see from the three organizations highlighted above, the beginning of 2024 has been a particularly busy year for regulatory compliance. It’s easy to wonder when this will all end – if the laws are constantly changing, is there any point in shooting at an ever-moving target?

The answer is yes. Enforcement of regulations is increasing in terms of compliance, so failure to comply can result in very real and costly consequences. Most importantly, transparency also increases. Regulators in global finance are incredibly honest and detailed about their expectations, and while these requirements may be new and frustrating for many, at least companies know exactly where they stand.

There is no ambiguity here. It would be foolish to ignore such precise instructions, and if this happens, companies will only have themselves to blame.