It’s crucial that financial services organizations adhere to official communications and recordkeeping rules. More than ever, the SEC (and other regulators) are scrutinizing how firms communicate with external stakeholders—and how they keep records of these communications.
It’s also not just about emails and phone calls. As headlines involving the SEC and companies like Tesla, Robinhood, and JPMorgan illustrate, existing rules and regulations extend to modern online platforms as well.
Using WhatsApp for business communications? All messages have to be preserved. Sharing company information on Twitter or Facebook? It's critical that investors know they should look there for important disclosures. Marketing investment products and services on a company website? All claims have to be accurate—and correctly preserved for audit.
With the above in mind, Pagefreezer offers a suite of solutions to help FinServ companies streamline compliance workflows and proactively prepare for audits and investigations.
Here are four doomsday scenarios we help financial services companies prevent:
1. Paying Huge Fines Because of Inadequate Recordkeeping
At the end of 2021, JPMorgan admitted to widespread recordkeeping failures and agreed to pay a $125 million penalty to resolve SEC charges.
The SEC order related to the matter said: “JPMS admitted that from at least January 2018 through November 2020, its employees often communicated about securities business matters on their personal devices, using text messages, WhatsApp, and personal email accounts. None of these records were preserved by the firm as required by the federal securities laws.”
Not only do emails, text messages, and WhatsApp communications need to be archived for compliance, but other wider forms of communication also need to be preserved for possible inspection by the SEC.
Regulators like the SEC and CFTC can (and do) request historical website, social media, and team collaboration (Slack, MS Teams, Workplace, etc.) data from firms. If this information is not available—or it has not been correctly preserved—substantial fines can be imposed.
As one example, companies are expected to retain website content for a period of six years. This data has to be preserved in a specific format, WORM, and easily accessible for audit. This means that content management system (CMS) backups aren’t good enough. What is needed is a dedicated solution that complies with all SEC requirements.
2. Spending Countless Hours (and Boatloads of Money) on Audits
An audit request from a regulator might seem simple at first glance, but once you examine the detailed requirements and implications, fulfilling the request can be daunting. The fact is, an audit can demand a lot of time and resources from your firm—and there’s often a tight deadline involved, resulting in late nights and high stress levels.
Looking again at the website example, the SEC might request three months’ worth of website records. This means the organization would have to provide every version of every relevant page (those concerning products and services) for the entire three-month period. If pages are regularly updated, this could mean a lot of records.
The firm would also be required to provide data in a format that is easily accessible and understandable. An auditor needs to be able to quickly look at records and see how webpages evolved over time—every piece of added, deleted, and edited content should be easy to identify. Doing this for modern websites that are dynamic and complex isn’t easy.
And, of course, the above requirements are also true for official social media accounts and team collaboration platforms. An audit can involve thousands of posts, comments, and direct conversations on Twitter or Slack—pulling all of it together ahead of an auditor’s arrival can seem overwhelming, if not impossible.
Pagefreezer helps by offering SEC-compliant automated archiving and a user-friendly dashboard with a sophisticated search function. Through the dashboard, it’s easy to find relevant records and then export them in formats like PDF and WARC. Or to make things even easier, the organization can provide auditors with a link to access archives on their own.
3. Sharing Inappropriate Content on Social Platforms
What happens if a company social media manager, or some other employee responsible for social media content, shares something online they shouldn’t? They might use the word “guarantee” in a tweet or imply certain returns on an investment. Or they might engage in a direct conversation with a customer on Facebook, during which account details are discussed.
The sharing of incorrect and inappropriate information on social media can have serious consequences—and, unfortunately, it’s all too easy for a mistake to go unnoticed (and unaddressed) until it evolves into a serious issue. It might only be when an audit takes place or a legal matter arises that the error is discovered.
The same is true of internal social platforms (messaging and collaboration apps) like MS Teams, Slack, and Workplace from Meta. Organizations typically have policies regarding how and when sensitive information can be shared between employees—and these policies must be applied to collaboration platforms as well.
The best way to manage the sharing of sensitive and inappropriate content is to implement a monitoring solution that flags the posting of inappropriate content. For example, Pagefreezer can monitor these platforms in real time. If inappropriate content is found (which can be anything from credit card and social security numbers, to profanity and problematic words like “guarantee”), it is immediately flagged and an email is sent to the designated administrator.
Pagefreezer simplifies monitoring through keyword libraries. Instead of entering multiple flagged words/numbers, users can select pre-canned text patterns that instantly add large sets of words/characters.
4. Trawling Through Thousands of Messages to Find Relevant Content
Speaking of Teams, Slack, and Workplace—these platforms are now as relevant to legal matters and regulatory audits as email. Courts have made it clear that this data is discoverable, which means legal teams and compliance teams need a solution that allows them to easily collect, review, and export this content.
Searching through tens of thousands of messages for a relevant conversation is time-consuming and frustrating work, especially if you’re dealing with confusing JSON exports. A far better option is a dedicated solution that streamlines legal and compliance workflows. Pagefreezer has enterprise collaboration solutions for both legal and compliance teams.
Built for legal and eDiscovery teams, our Legal Solution lets teams automate the collection and preservation of enterprise collaboration data. Legal teams can use advanced search to deliver relevant content across all archives, accounts, direct conversations, timelines, and groups. They can then select relevant content, add comments, and export files to local servers. Data can be exported to file formats such as PDF and WARC. Records are time-stamped and signed with a SHA-256 digital signature.
For compliance teams, Pagefreezer offers a complete recordkeeping solution that makes it easy to comply with stringent industry regulations. Teams can archive all groups, timelines, and direct conversations and capture all changes (including edits to posts and deletion of comments). As with our Legal Solution, they can once again export data to file formats such as PDF and WARC, or they can create a public-access link and share access to archives directly with regulators and other external parties.
Ready to simplify recordkeeping related to websites, social media, mobile text messaging, and team collaboration tools? Schedule a call with one of our solution advisors.