1. CONTENTS

  1. CONTENTS
  2. PURPOSE
  3. EXECUTIVE SUMMARY
  4. REGULATORY UPDATES
  5. ITEMS TO CONSIDER
  6. RELEVANT LINKS

 

2. PURPOSE

The aim is to flag changes in regulatory guidance, relevant enforcement actions and industry news that should be considered by the ExCo team because it represents an opportunity, a new insight or market development. This report will also highlight relevant enforcement cases or developments impacting Behavox’s existing clients.

 

3. EXECUTIVE SUMMARY

Current Regulatory Perspective on AI

Firms and regulators generally have a positive outlook on the impact of artificial intelligence in the financial sector. Regulators have expressed their support for firms to embrace the use of AI. The FCA noted that developments in AI are resulting in additional opportunities for the way communications can be proactively monitored.

According to a report by Mckinsey, generative AI could fundamentally change the risk management of financial institutions. By shifting from task-oriented activities to strategic risk prevention and partnering with business lines, gen AI could streamline operations and free up risk professionals to advise on new product development and strategic decisions. However, firms are advised to put guardrails around gen AI’s use in an organisation. Firms must prioritise use cases, understand associated risks, address data and tech demands, and adapt talent and operating models to effectively harness gen AI’s potential while managing its risks.

On the other hand, FINRA has classified artificial intelligence as an “emerging risk”, wherein AI could affect virtually all aspects of a broker-dealer’s operations. Member firms are found to be taking a more careful approach with AI.  Three main concerns with the use of AI were identified: accuracy, privacy and bias. Firms are further advised to consider the regulatory implications of deploying AI, specifically on anti-money laundering, public communication and cybersecurity.

The regulatory requirements and considerations outlined in the FINRA Regulatory Oversight 2024 report focuses on compliance with recordkeeping and supervision mandates for member firms, specifically on Exchange Act Rules and FINRA rules. 

Recordkeeping requirements 

  • Broker-dealers are mandated to create, maintain, and preserve records in an easily accessible manner. This includes all forms of communications related to their business such as emails, texts, and other electronic communications. 
  • The SEC has amended Rule 17a-4 to include modifications to the maintenance and preservation of electronic records, and they must be furnished in a “reasonably usable electronic format”. This format must be compatible with the commonly used systems for accessing and reading electronic records, ensuring that data is easily retrievable.
  • Further amendments on Rule 17a-4 require third parties who handle broker-dealer records to submit a formal undertaking to the SEC. This ensures that they allow SEC representatives to examine these records and mandate that they provide complete and current hard copies when requested. 
  • In terms of the retention format, firms utilising electronic recordkeeping systems to preserve required records can either comply with the WORM Requirement or adhere to the alternative, the Audit-Trail Requirement. 
    • The Audit-Trail Requirement entails maintaining a detailed, time-stamped audit trail that logs modifications and deletions of records, times these actions were taken, the identities of the individuals involved, and other necessary information to ensure the security and authenticity of records. 
    • The amended rule allows firms the flexibility to implement the Audit-Trail Requirement for some records while still using the WORM Requirements for others. 
  • The amendments for Rule 17a-4 have the following effective/compliance dates (January 3, 2023 / May 2023). 

Off-channel Communications 

FINRA has expressed its growing concern about communications that occur on unofficial platforms which may not be preserved as part of the firm’s records. Firms are therefore encouraged to establish robust policies that cover all business-related communications. These policies should also include procedures for monitoring and preserving communications on approved channels and for detecting and preventing the use of unapproved channels. 

Common failures concerning the Books and Records Rules highlight the significant compliance gaps in managing and preserving essential business communications as required by regulatory standards. 

 

  • Misinterpreted Obligations: Firms lacked due diligence in verifying vendor compliance with recordkeeping requirements, due to misunderstanding of the rules. 
  • Failure to maintain Email Correspondence: Firms did not capture electronic communications of registered representatives using third-party or non-firm email addresses for business. This issue arose because vendors did not automatically archive correspondence and staff neglected to copy their firm email addresses on all business-related emails. 
  • Failure to Maintain Converted Records: Firms did not maintain adequate policies to ensure the integrity and readability of converted electronic records throughout the required retention period. 

Meanwhile, contract review, testing and verification were found to be effective practices for compliance with recordkeeping requirements. 

  • Contract ReviewFirms are advised to review their  vendors’ contracts and agreements to assess whether they will be able to comply with the recordkeeping requirements.
  • Testing and Verification – Vendors’ recordkeeping capabilities should be evaluated by simulating regulators examinations by requesting records and engaging compliance consultants to confirm compliance with record keeping

AI and communications monitoring
     Firms are also expected to take a more proactive approach to guarantee compliance with the developing regulatory landscape. “Recently, considerable investment into this area has prompted suggestions that regulators’ expectations of how firms are using AI to monitor communications will shift.” The FCA also expects firms to “assess policies and controls for the use of privately owned devices” to “ensure that these provide sufficient scope for effective recording”

In the US, regulators such as the SEC and FINRA have  continued to increase their efforts in cracking down on the use of off-channel messaging applications like WhatsApp and iMessage for business purposes. While enforcement action in the UK has been less severe. 

In Q1 2024, The SEC imposed over $81 million in fines to sixteen firms whose employees communicated through unauthorised communication channels for business purposes. Enforcement has also expanded beyond sell side banks to investment advisers and credit-rating firms. For example, Senvest Management was charged by the SEC for widespread and longstanding failures to maintain and preserve certain electronic communications and agreed to pay a $6.5 million penalty and to implement improvements to its compliance policies and procedures.

Several factors come into play in determining the penalties imposed to firms over recordkeeping violations. According to a SEC official, fines can be significantly reduced if self-reported to the SEC. Additionally, firms that don’t self report can still receive credit based on its cooperation during the investigation. The SEC considers the size of the firm to ensure that the penalties serve as an adequate deterrent against future violations and that it uses previous settlement orders as a guide. The regulator also weighs the firm’s compliance efforts to prevent off-channel communications. 

Justifications made by companies for not promptly detecting misconduct within their systems are becoming less acceptable. Firms should continuously update and evaluate their monitoring strategies to ensure they align with the changing requirements set by regulators. 

 

4. REGULATORY UPDATES

 

REGULATOR/ ORGANIZATION DATE SUMMARY RELEVANCE FOR BEHAVOX LINKS
DOJ 23 February 2024 Ex-vitol oil trader paid nearly $1 million in bribes to senior Petroecuador manager and an Energy Ministry official to help a state-owned Middle eastern company win the South American country’s fuel oil in December 2016

Vitol had a deal to buy the fuel oil from the Middle Eastern company and then market it, prosecutors said. Vitol has also previously admitted to bribing officials in Brazil. Mexico and Ecuador and agreed to pay $164 million to resolve US and Brazilian probes.

Bribery and corruption cases in energy and commodity firms continue to be rampant in the industry with Vitol having repeated offences. Behavox can capitalise on this target other energy and commodity companies as potential clients. DOJ link
SEC 12 January 2024 The $249 million settlement with the Department of Justice and Securities and Exchange Commission resolves the bank’s charges of deception, fraud and compliance failures over block trades.

Two traders in Morgan Stanley shared information about impending block trades to various investors. This resulted in reduced risks for MS when purchasing the trades and generated more than $100 million in illegal profit.

This case highlights the high fines firms face in relation to sharing material nonpublic information (MNPI). SEC link
SEC 16 January 2024 The SEC settled charges against JP Morgan for violating the whistleblower protection rule. JPM agreed to pay $18 M. JPM made clients sign confidential release agreements which did not permit them to voluntarily contact the SEC. The relevant communications from this case can be reviewed to improve the Whistleblowing AIRP. SEC link
FCA 5 March 2024 FCA intends to improve reporting by collecting data on instances of sexual misconduct from banks and insurers and share the best practices found. This comes as the Worker Protection Act 2023 comes into force this year. In October 2024, the new duty for employers to take ‘reasonable steps’ to prevent sexual harassment of their employees will come into force. According to the FCA, improper conduct can act as an indicator of other regulatory issues such as market abuse. This shows increasing regulatory scrutiny over non financial misconduct. The risk policy that covers sexual harassment and discrimination can be revisited to ensure that it includes language pertaining to the proper handling of complaints related to harassment. FCA link
SEC 9 February 2024 Sixteen firms agreed to pay more than $81 Million combined to settle the charges. The SEC uncovered use of off-channel communications across all 16 firms. These broker-dealer firms and investment adviser firms and their employees communicated through personal text messages and other unauthorised communication channels for business purposes.

Further, the firms did not maintain or preserve the majority of these off-channel communications, which deprived the SEC of these off-channel communications in various SEC investigations.

This case shows that regulators continue to fine firms that allow its firms to use unauthorised communication channels and failure to maintain and preserve electronic communications. These firms can be targeted as potential clients for Behavox, highlighting its ability to capture different channels and market its upcoming Archiving product. SEC link
FCA 30 January 2024 “Flying and printing”

Flying – involves a firm communicating to its clients, or other market participants, via screen, instant message, voice or other method, that it has bids or offers when they are not supported by, or has bids or offers when they are not supported by, or sometimes not even derived from, an order or a trader’s actual instruction.

Printing – involves communicating by one of the above methods, that a trade has been executed at a specified price and/.or size when no such trade has taken place.

These activities create a false impression of financial instruments liquidity and/or price. As a result, investment decisions of clients and other market participants may be based on misleading information. This might cause financial harm to those participants.

Behavox is ahead on this as both “flying” and “printing” are risks already addressed in the Dissemination of False or Misleading Information AIRP. FCA link

 

5. ITEMS TO CONSIDER

 

  • Compliance teams and regulators have also become subject to oversight (i.e. BMO and Bank of England). Persistent issues with compliance teams themselves can affect the industry’s trust and confidence in the integrity of these institutions. 
  • Behavox’s upcoming Intelligent Archive solution for recordkeeping is WORM compliant and in line with the recent amendments to SEC Rule 17a-4
  • The new EU’s Artificial Intelligence Act holds significant implications for Behavox and a thorough assessment is necessary to ensure the company’s full compliance. Francois Suanez put together a report to comprehensively explain the impact of this landmark legislation on Behavox and its clients. 

 

6. RELEVANT LINKS

January 2024 

 

February 2024

 

March 2024