At first glance, sending a quick Whatsapp message is a convenient shortcut for communicating at work. But when on the job — especially in regulated industries like finance — bypassing official channels like email by going “off-channel” to encrypted apps is a serious risk. Since 2021, two regulatory agencies, the Securities and Exchange Commission and the Commodity Futures Trading Commission have levied more than $2.5 billion in fines against Wall Street firms, according to Bloomberg News, all for failing to monitor and retain these off-the-record communications.
The problem? Firms are required by the SEC to demonstrate adherence to regulations and if they don’t, they’re subject to fines — in this case, significant fines. Texts, encrypted messaging apps, and even social media chats often don’t get captured or stored in a way that satisfies legal retention requirements. This opens up firms to regulatory scrutiny, data breaches, and potentially disastrous legal consequences. In short, when employees bypass official communication channels such as email, they create a gap in the compliance net.
Firms are finding out the hard way that off-channel communication at work isn't just a technical violation. It's a compliance nightmare that can cause reputational damage, impact customer trust, and drain millions from company coffers.
This was the case in 2022, when the CFTC ordered 11 financial institutions — including Bank of America, Barclays, and Goldman Sachs — to pay $710 million for widespread use of unofficial communication methods.
In this investigation, communications were exchanged via personal texts, as well as Whatsapp and Signal, two encrypted messaging apps.
“Recordkeeping requirements are key to the Commission’s oversight of registrants and a registrant’s disregard of its obligations threatens the Commission’s ability to effectively and efficiently conduct examinations and investigations,” said Gretchen Lowe, acting director of enforcement for the CFTC, in a news release announcing the fines.
In 2023, Bloomberg News reported that the SEC charged 11 Wall Street firms, including Wells Fargo, with improper recordkeeping.
And even late this summer, in yet another round of enforcement, some 26 broker-dealers and investment advisers agreed to pay $470 million to settle civil charges that they violated recordkeeping rules, according to a recent SEC news release.
Three of the firms self-reported violations and will pay significantly lower penalties, thereby “demonstrating once again the real benefits of proactive cooperation,” Gurbir Grewal, director of the SEC’s Division of Enforcement, said in the release.
Does any business have $50 million to spare for penalties? The $2.5 billion and counting in fines by regulators shows that the stakes are high. Alphy’s Reflect AI offers a way to stay ahead of compliance issues — by flagging language that suggests employees are moving off of approved electronic communication channels, preventing costly mistakes.
Here’s how Reflect AI flags covert communication:
Let's move this to Whatsapp.
Want to meet up later to avoid a digital trail?
How about we text over Signal since it's more private?
While not all business communications must be written, maintaining transparency and ensuring conversations are properly recorded is essential. Deliberately avoiding records or using unapproved messaging platforms can breach compliance standards and expose your company to risk. Prioritize open, traceable communication to protect your business and your team.
Amanda Nurse is the editorial and operations coordinator at Alphy.
Reflect AI by Alphy is an AI communication compliance solution that detects and flags language that is harmful, unlawful, and unethical in digital communication. Alphy was founded to reduce the risk of litigation from harmful and discriminatory communication while helping employees communicate more effectively.
Contact us for a demo at sales@alphyco.com.