close
close

Mitigating Off-Channel Communications: A Guide for In-House Counsel and Compliance Officers

Posted on by darion

The rise of digital communication tools has transformed the way employees interact within organizations. However, with the convenience of third-party apps like WhatsApp, WeChat, and personal text messages comes significant compliance risks. Off-channel communications—those that occur outside of approved corporate systems—can pose significant challenges to regulatory compliance, data security, and overall business integrity. In this article, we delve into the complexities of off-channel communications, examining employee behavior, message retention, and strategies that in-house counsel and compliance/risk professionals should consider when addressing this common problem.

Problem: Employees use third-party communication channels to conduct business

Off-channel communication refers to the use of unauthorized or unmonitored platforms for business communication. Despite policies mandating the use of corporate communication tools, employees often resort to personal messaging apps for a variety of reasons, including convenience, speed, and familiarity. This can expose organizations to significant risks, including:

  • Non-Compliance: Regulatory agencies including the SEC, CFTC, HHS, FDA, FCC, FTC, FERC, NERC and others require companies to maintain comprehensive records of business communications. Failure to do so can result in significant fines and legal penalties. (See, e.g., Press Release, U.S. Securities and Exchange Commission, Sixteen Firms to Pay More over $81 Million Combined to Settle Charges for Widespread Recordkeeping Failures (February 9, 2024), https://www.sec.gov/newsroom/press-releases/2024-18; Release No. 8599-22, Commodity Futures Trading Commission, CFTC Orders 11 Financial Institutions to Pay Over $710 Million for Record keeping and Supervision Failures for Widespread Use of Unapproved Communication Methods (September 27, 2022), https://www.cftc.gov/PressRoom/PressReleases/8599-22).
  • Data Security Threats: Using unmonitored platforms increases the risk of data breaches. Sensitive business information can be exposed to unauthorized access, leading to potential data loss or theft.
  • Reputational damage: Non-compliance and data breaches can seriously damage an organization’s reputation, undermining the trust of customers, partners and stakeholders.
  • Operational Inefficiencies: Managing multiple communication channels without a centralized system can lead to inefficiencies and hinder effective communication within the organization. It can also impact the completeness and timeliness of responses to document requests or subpoenas.

Understanding employee communication behavior