The Securities Exchange Commission (SEC) is trying to instigate deep cultural change around compliance following a high-profile crackdown on ‘off-channel’ communications. Many firms find themselves in a difficult scenario. It's a
kind of regulatory purgatory where they know they need to make significant
changes to their record-keeping infrastructure.
However, these firms are tentative
about dealing with the reality facing so many. They haven’t been capturing
employees' mobile messages, and many firms have been fined a lot of money for this. Nevertheless, all is not lost. One avenue these businesses can pursue is that of self-reporting, and here we’ll analyze what it looks like, the benefits to this course of action, and why the term is a little misleading.
Self-Reporting Precedent
In October 2001’s Seaboard Report, the SEC shared a framework for evaluating cooperation by companies. The report detailed the many factors the Commission considers in determining whether, and to what extent, it grants leniency based on cooperation. The report identifies four specific measures of a company’s cooperation:
- Self-Policing: Having effective compliance procedures in place before the misconduct occurred.
- Self-Reporting: Reporting misconduct when it is discovered, including a thorough review and prompt disclosure of the misconduct to regulators and the public.
- Remediation: Including disciplinary action, modifying procedures to prevent recurrence, and compensating those adversely affected.
- Cooperation: Assisting law enforcement authorities.
Self-reporting is the practice most highlighted and encouraged in recent SEC press releases, but all four measures can be broadly defined as cooperation, or engaging with the regulator on their own terms. This is what firms should strive to accomplish to minimize enforcement penalties against them.
Why ‘Self-Reporting’ Is Misleading
It’s rational that firms may be put off by the notion of self-reporting due to the term’s connotations. It immediately conjures a feeling of wrongdoing, and feels like an admission of guilt.
Regulatory compliance is a rapidly evolving landscape, which businesses struggle to keep up with. Firms that self-report are not confessing to their advisors indulging in illicit conduct, they’re admitting that they hadn’t implemented the appropriate systems and procedures to prove that they did not. This is of course still problematic, as anything could have been said in those unrecorded messages.
Regulators’ modus operandi is quite rightly "guilty until proven innocent." The rules still apply and noncompliance will be punished, but there's an acceptance that lapses have taken place. It’s still an oversight, but a very common one, and so proactivity is viewed positively.
SEC Perspective
Before the off-channel crackdown began with JP Morgan in December 2021, the capture of mobile platforms like WhatsApp, WeChat and Telegram was uncommon. In fact, it was not even a service that was readily available from the leading technology vendors handling communications surveillance.
Necessity is the mother of invention, and so that capability now exists. However, it’s fair to say that the SEC will not expect many companies to have had a formalized mobile procedure in place before they set a new precedent with Wall Street’s largest players. What are the benefits to self-reporting?
The SEC has repeatedly publicized incidents in which multiple firms have been charged with the same offence, and in which one firm that has self-reported has been treated with relative leniency.
It happened to Perella Weinberg in September 2023, who self-reported their recordkeeping failures and agreed to pay a civil penalty of $2.5 million to settle the charges. Other firms that were charged as part of the initiative but had not self-reported ended up paying between $8 million and $35million. The SEC's Enforcement Division Director, Gurbir Grewal, explained: “One of the orders included in today’s announced actions is not like the others. There are real benefits to self-reporting, remediating and cooperating.”
This case was again publicized in November when the SEC shared their enforcement results for the fiscal year 2023; a shining example that they were keen to spotlight in their pursuit of a proactive compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term culture. The narrative continued into February 2024 when 19 firms were fined over $81 million for similar recordkeeping failures.
The firms’ penalties ranged from $8 to 16 million, with one notable exception, one firm received a significantly lower penalty of $1.25 million, which Grewal again explained. “Once again, one of these orders is not like the others: Huntington’s penalty reflects its voluntary self-report and cooperation.”
#SEC : Self-Reporting Is Biggest Factor in Assessing Recordkeeping Fines
Cooperation with investigation and efforts to comply with obligations also considered, agency official says
🍿🍿🍿👇👇👇🍿🍿🍿
Federal regulators continue to signal their desire that finserv companies… pic.twitter.com/q3ja2LqnIX
— Frank's Zone (@Franks_Zone) April 11, 2024
Biting the Bullet
Since the SEC surprised JP Morgan with a $125 million penalty in Christmas 2021, the probe into off-channel communications has dominated the headlines. Leading institutions were targeted early, but the regulator has steadily applied the same principles across the industry since, and been very vocal about doing so.
This issue is not going to go away. If firms are not yet capturing the information that they should be, it’s a matter of time until they’re held accountable by regulators and forced to do so. The process of gathering all pertinent communications will become more difficult as a company’s digital backlog expands and new platforms emerge.
Self-reporting, remediation and cooperation is an appealing pathway for businesses looking to make that fundamental step. It’s not an admission of guilt but an acknowledgement of oversight, and, based on the cases so far, acts as a gesture of good faith to regulators, who are more likely to react with leniency.
It’s not just about checking a box to reduce penalties, but getting the correct procedures in place for the sake of future-proofing businesses, by applying fundamental principles to modern technology.
The WhatsApp probe has demonstrated that effective compliance is not about being prescriptive, but proactive. We don’t know what the next WhatsApp will be, and so the self-reporting ‘clean slate’ should trigger firms to capture everything they can, and add new communications channels as they emerge.
The Securities Exchange Commission (SEC) is trying to instigate deep cultural change around compliance following a high-profile crackdown on ‘off-channel’ communications. Many firms find themselves in a difficult scenario. It's a
kind of regulatory purgatory where they know they need to make significant
changes to their record-keeping infrastructure.
However, these firms are tentative
about dealing with the reality facing so many. They haven’t been capturing
employees' mobile messages, and many firms have been fined a lot of money for this. Nevertheless, all is not lost. One avenue these businesses can pursue is that of self-reporting, and here we’ll analyze what it looks like, the benefits to this course of action, and why the term is a little misleading.
Self-Reporting Precedent
In October 2001’s Seaboard Report, the SEC shared a framework for evaluating cooperation by companies. The report detailed the many factors the Commission considers in determining whether, and to what extent, it grants leniency based on cooperation. The report identifies four specific measures of a company’s cooperation:
- Self-Policing: Having effective compliance procedures in place before the misconduct occurred.
- Self-Reporting: Reporting misconduct when it is discovered, including a thorough review and prompt disclosure of the misconduct to regulators and the public.
- Remediation: Including disciplinary action, modifying procedures to prevent recurrence, and compensating those adversely affected.
- Cooperation: Assisting law enforcement authorities.
Self-reporting is the practice most highlighted and encouraged in recent SEC press releases, but all four measures can be broadly defined as cooperation, or engaging with the regulator on their own terms. This is what firms should strive to accomplish to minimize enforcement penalties against them.
Why ‘Self-Reporting’ Is Misleading
It’s rational that firms may be put off by the notion of self-reporting due to the term’s connotations. It immediately conjures a feeling of wrongdoing, and feels like an admission of guilt.
Regulatory compliance is a rapidly evolving landscape, which businesses struggle to keep up with. Firms that self-report are not confessing to their advisors indulging in illicit conduct, they’re admitting that they hadn’t implemented the appropriate systems and procedures to prove that they did not. This is of course still problematic, as anything could have been said in those unrecorded messages.
Regulators’ modus operandi is quite rightly "guilty until proven innocent." The rules still apply and noncompliance will be punished, but there's an acceptance that lapses have taken place. It’s still an oversight, but a very common one, and so proactivity is viewed positively.
SEC Perspective
Before the off-channel crackdown began with JP Morgan in December 2021, the capture of mobile platforms like WhatsApp, WeChat and Telegram was uncommon. In fact, it was not even a service that was readily available from the leading technology vendors handling communications surveillance.
Necessity is the mother of invention, and so that capability now exists. However, it’s fair to say that the SEC will not expect many companies to have had a formalized mobile procedure in place before they set a new precedent with Wall Street’s largest players. What are the benefits to self-reporting?
The SEC has repeatedly publicized incidents in which multiple firms have been charged with the same offence, and in which one firm that has self-reported has been treated with relative leniency.
It happened to Perella Weinberg in September 2023, who self-reported their recordkeeping failures and agreed to pay a civil penalty of $2.5 million to settle the charges. Other firms that were charged as part of the initiative but had not self-reported ended up paying between $8 million and $35million. The SEC's Enforcement Division Director, Gurbir Grewal, explained: “One of the orders included in today’s announced actions is not like the others. There are real benefits to self-reporting, remediating and cooperating.”
This case was again publicized in November when the SEC shared their enforcement results for the fiscal year 2023; a shining example that they were keen to spotlight in their pursuit of a proactive compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term culture. The narrative continued into February 2024 when 19 firms were fined over $81 million for similar recordkeeping failures.
The firms’ penalties ranged from $8 to 16 million, with one notable exception, one firm received a significantly lower penalty of $1.25 million, which Grewal again explained. “Once again, one of these orders is not like the others: Huntington’s penalty reflects its voluntary self-report and cooperation.”
#SEC : Self-Reporting Is Biggest Factor in Assessing Recordkeeping Fines
Cooperation with investigation and efforts to comply with obligations also considered, agency official says
🍿🍿🍿👇👇👇🍿🍿🍿
Federal regulators continue to signal their desire that finserv companies… pic.twitter.com/q3ja2LqnIX
— Frank's Zone (@Franks_Zone) April 11, 2024
Biting the Bullet
Since the SEC surprised JP Morgan with a $125 million penalty in Christmas 2021, the probe into off-channel communications has dominated the headlines. Leading institutions were targeted early, but the regulator has steadily applied the same principles across the industry since, and been very vocal about doing so.
This issue is not going to go away. If firms are not yet capturing the information that they should be, it’s a matter of time until they’re held accountable by regulators and forced to do so. The process of gathering all pertinent communications will become more difficult as a company’s digital backlog expands and new platforms emerge.
Self-reporting, remediation and cooperation is an appealing pathway for businesses looking to make that fundamental step. It’s not an admission of guilt but an acknowledgement of oversight, and, based on the cases so far, acts as a gesture of good faith to regulators, who are more likely to react with leniency.
It’s not just about checking a box to reduce penalties, but getting the correct procedures in place for the sake of future-proofing businesses, by applying fundamental principles to modern technology.
The WhatsApp probe has demonstrated that effective compliance is not about being prescriptive, but proactive. We don’t know what the next WhatsApp will be, and so the self-reporting ‘clean slate’ should trigger firms to capture everything they can, and add new communications channels as they emerge.
