Regulated institutions are under pressure to capture and monitor text messaging. Rather than react by incurring the cost of new technologies, firms should first analyze their specific requirements, review existing communication channels, and institute annual text messaging use policies and employee attestations.
Due to recent SEC fines, text messaging compliance has become a topical and critical concern for many financial institutions. However, because of the type of device, apps and personal use, effective compliance is difficult to implement. Working with clients, we have developed a series of steps which, for most institutions, will determine if they need to incur the costs of additional technology.
- We strongly advise financial clients to develop detailed messaging and text policies. These policies may differ for departments depending upon employee roles and if they interact with clients who may prefer to text. These policies should be updated annually, approved during the Annual Compliance Review with the firm’s CEO (FINRA 3130). These policies should be reviewed and digitally signed by every employee. Employees should be aware of the consequences for not following the policies and the administration of the policies enforced at every level of management.
- The initial and subsequent policy revisions should be based upon a questionnaire issued to employees which include the following questions: What cell device and text platforms do you use? Do you use encrypted apps such as WhatsApp or Signal? Would you use a dedicated line for business?
- The policy should address procedures to follow in the event text messaging is not automatically collected. For instance, if an employee is not having their text messaging captured but a client texts, then it should be clear that the employee should forward that text to their email account and respond to the text with an email message. This procedure allows for both the original text and the reply to be archived and supervised. The same procedure should be followed if a client texts to the employee’s personal text line rather than the institutional number.
- Employees should understand that any text content involving business activities is required to be captured.
“We have found that with the proper policies, annual attestations and monitoring of new texting platforms, our clients can address the compliance challenges of texting without needless expenditure. In our Designated 3rd Party annual reviews (SEC Rule 17a-4(f)(3)(vii)) we address text messaging compliance and offer the above guidelines so that a financial institution can determine how best to address this compliance challenge.”
– Charles Weeden, Managing Partner of 17a-4, LLC