Beyond Tin Cans and String: Compliant Communications for Financial Services

Share with your network!

Among his many inventions, British physicist Robert Hooke is noted for his acoustic string telephone in 1667. The device resembled more of a tin can than a modern telephone. And fortunately for Hooke, he didn’t have to worry about any compliance regulations when using it.

When the modern telephone hit critical mass in the business world several centuries later, a lot had changed. Compliance mandates for communications were introduced. And that gave many businesses a lot to worry about. One industry in particular was hit especially hard. The financial sector already had a number of compliance mandates to manage, and these new regulations were just one more headache.

Fast forward to today, and the financial services sector faces more regulations than ever before. This is largely due to the enterprise’s vast array of digital communication channels, which include mobile phones, text and chat, video, social media and many more.

Financial services businesses must comply with regulatory requirements issued by bodies such as the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA). In this post, we’ll look at some SEC and FINRA guidelines that impact electronic communications, primarily for broker-dealers.

Regulations for financial services firms

The most common compliance laws fall into two camps: 

  1. Surveillance and supervision. These laws govern internal policies, review, audit trail, retention and internal monitoring.
  2. Digital communications. These deal with content, audiences and communication channels.

Now, let’s break down the laws that matter to financial services.


  • Securities & Exchange Act, Rule 17a-4(b)(4). This law requires broker-dealers to keep the originals of all the communications they receive. They must also keep copies of all communications they send that are related to “business as such” for at least three years. The first two years of these records must be kept easily accessible. Updated Rule 17a-4 requires firms to retain and preserve all transactions and official business records, which includes all communications. These electronic records must be stored in a secure, non-erasable place.
  • Commodities Future Trading Commission (CFTC) CFTC SEA 15 F (g) (1). Administered under SEC rules, this law applies to the trading of commodity futures. Broker-dealers must keep all daily trading communications related to security-based swaps, including email, instant messages, phone calls and social media. All regulated records must be kept for the period required by the commission.


  • FINRA Notice 10-06. This law requires firms to adopt policies and procedures to ensure that people who communicate for business via social channels are properly supervised. Anyone communicating through these channels must also be provided with training. And they must not put investors at risk.
  • FINRA Notice 07-59. Similar to 10-06, this notice provides additional guidance on reviewing and supervising electronic communications.

SEC and FINRA are taking action

Noncompliance can lead to negative headlines, fines, sanctions and brand damage. A look back at 2022 proves both the SEC and FINRA are serious about enforcement. Several financial services companies faced actions from these agencies for using prohibited communications tools. 

Most SEC actions were caused by broker-dealers and investment advisers who kept poor records and used unapproved tools. As a result, firms were unable to record and preserve their messages.

Meanwhile, FINRA actions came in response to how firms supervised messages and whether they could recover phone records. Many brokers and compliance officers faced fines and were subject to FINRA’s disciplinary action

Notable headlines in 2022

The SEC’s enforcement actions in 2022 were substantial. The commission targeted high-profile defendants and imposed significant penalties. The SEC instituted several actions last year. Sixteen firms or brokers faced $1.235 billion in penalties for pervasive and long-term failures to retain work-related texts. One of the issues was that employees were using personal devices and off-channel communications apps, like WhatsApp. Additionally, the SEC highlighted within their news feed several high-profile corporate offences.

FINRA also brought 14 cases related to off-channel communications in 2022. These cases resulted in $2.1 million in fines. One firm was fined a whopping $1.5 million. Another firm faced FINRA disciplinary actions, including censures, a 40-day ban, almost $2 million in fines, about $50,000 in restitution and extensive corrective measures.

A news report of fines and sanctions will badly damage a firm’s brand and reputation—not to mention expose it to financial losses. Consumer trust and adherence to the law are paramount in any free market. 

What’s ahead? 

Industry experts expect the SEC’s regulatory stance to remain aggressive in 2023. And it will likely keep investigating many of the same issues, such as off-channel communications, unapproved devices, improper training, and the lack of oversight and record-keeping. 

I agree with the experts that both the SEC and FINRA will prioritise these same areas this year—as well as expand their focus to include Regulation Best Interest (Reg BI), sales practice rules and cybersecurity.

It’s also likely that we’ll see regulators like FINRA focus on both global financial services and smaller companies. Look for FINRA to speed up its audit efforts, increase fines for repeat violators and cite more instances of “failure to supervise” as well.

Best practices for financial firms

  • Compliance laws for digital communications are complex and constantly changing. To stay compliant, consider adopting these best practices: 
  • Determine which laws are relevant to your organisation
  • Have a clear understanding of how those laws are evolving
  • Hire compliance officers or consultants to help you understand how those laws impact your management of digital communications
  • Evaluate your enterprise compliance solution with all stakeholders to see if it meets compliance requirements for all your communications channels
  • Review corporate policies and procedures for the use of communication devices and platforms, including “bring your own device” (BYOD)
  • Implement and review employee compliance training programs

Proofpoint Intelligent Compliance

Proofpoint Intelligent Compliance is an award-winning platform that helps you meet regulatory, legal and corporate requirements quickly and accurately. Powered by artificial intelligence (AI), Intelligent Compliance helps you investigate, monitor and supervise a vast array of digital communications for corporate and regulatory compliance protection.

Download this useful guide from Proofpoint

Our Guide to Global Digital Compliance for Regulated and Highly Litigious Industries is an invaluable reference document which breaks down rules by vertical markets and geography. When viewed against the backdrop of 2022, these regulations paint a picture of how compliance is applied and enforced—and how sanctions and fines levied can amount to billions of dollars across firms worldwide.

Download the guide here.