The Securities Exchange Commission (SEC) is working to bring about significant cultural change in compliance, following a major push against ‘off-channel’ communications. Many companies find themselves in a difficult spot, knowing they need to upgrade their record-keeping infrastructure but unsure how to address the issue of unmonitored mobile messages. Consequently, numerous firms have faced hefty fines for this.
However, there is hope. Companies can consider self-reporting, which we’ll explore here: what it involves, its benefits, and why the term might be misleading.
Back in October 2001, the SEC introduced the Seaboard Report, outlining how they assess corporate cooperation. The report lays out four key measures:
- Self-policing: Having strong compliance measures in place before any misconduct occurs.
- Self-reporting: Reporting misconduct when it’s found, including a detailed review and quick disclosure to regulators and the public.
- Remediation: Taking corrective steps, such as disciplinary action, procedure modifications, and compensating those harmed.
- Cooperation: Helping law enforcement with their investigations.
While self-reporting is particularly emphasized in recent SEC announcements, all these steps fall under cooperation or engaging positively with the regulator, which firms should aim for to reduce penalties.
The term ‘self-reporting’ might scare off some companies because it sounds like admitting guilt. But in the fast-changing world of regulatory compliance, firms that self-report aren’t confessing to doing something wrong; rather, they’re saying they haven’t been able to prove that they didn’t do anything wrong. This is risky, as unrecorded messages could potentially hide anything.
The SEC’s stance is essentially ‘guilty until proven innocent,’ meaning noncompliance still results in penalties. But there is an understanding that oversights can happen, and taking proactive steps is seen positively.
Before the crackdown on off-channel communication with JP Morgan in December 2021, keeping track of mobile platforms like WhatsApp, WeChat, and Telegram wasn’t common. Major tech vendors didn’t offer these services widely. Now, such capabilities are available, but the SEC doesn’t expect every company to have had robust mobile procedures before the crackdown on the largest Wall Street firms.
The SEC has consistently shown leniency towards companies that self-report. For instance, Perella Weinberg self-reported their recordkeeping mistakes and settled their case for $2.5 million in September 2023, while other firms with similar charges paid between $8 million and $35 million. The SEC’s Enforcement Division Director, Gurbir Grewal, highlighted the benefits of self-reporting, remediation, and cooperation.
The SEC reiterated this example in November when sharing their enforcement actions for the fiscal year 2023, and the point was driven home again in February 2024. Then, 19 firms were penalized over $81 million for similar issues, with fines ranging from $8 million to $16 million, but one company was fined only $1.25 million for voluntarily self-reporting and cooperating.
The investigation into off-channel communications has been a hot topic since JP Morgan’s significant fine in December 2021. At first, major firms were targeted, but the SEC has since applied the same standards industry-wide and been open about it. This problem isn’t going away. If companies aren’t capturing required data, regulators will eventually enforce compliance and make it happen. As digital records grow and new platforms appear, logging communication will only become more challenging.
Self-reporting, remediation, and cooperation offer companies a path forward, acknowledging oversights without admitting guilt. From past cases, it’s evident that this approach is seen as a sign of good faith by regulators, who may be more lenient. It’s not just about reducing penalties but establishing robust procedures that secure a business’s future. Effective compliance, as highlighted by the WhatsApp probe, is about being proactive and prepared for the next communication trend. The self-reporting ‘clean slate’ should inspire firms to thoroughly record all communications and incorporate new channels as they emerge.
