Special Contribution by Tres Comma Compliance (TCC)
Since 2021, the SEC and FINRA have collectively issued over $2 billion in fines, targeting firms that fail to archive communications on platforms like iMessage, WhatsApp, and LinkedIn. There are three significant reasons why these fines have surged:
The SEC has ramped up enforcement by leveraging data analytics and surprise audits.
The January 2023 amendment to SEC 17a-4 introduced an audit-trail alternative to Write Once Read Many (WORM) storage, leading to confusion about compliance requirements.
A surge in the SEC Whistleblower Program—in 2023 alone, the SEC issued nearly $600 million in whistleblower awards, receiving 18,000 tips—50% more than the previous year.
The SEC's crackdown initially targeted large tier-one banks but has since expanded to include smaller and mid-size firms. Compliance teams are pressured to enforce strict policies to ensure they comply with SEC and FINRA laws regarding capturing and archiving client communications. However, employees continue to use common, easy-to-use messaging apps because, well, they’re convenient.
A combination of factors often drive non-compliance—employees resisting rigid policies in favor of convenience, firms relying on outdated compliance tools (ones that force employees to use specific apps to text with clients or tools that only archive email), and a general lack of clarity around evolving SEC and FINRA regulations.
Recent SEC enforcement cases reveal consistent patterns in compliance failures, highlighting key risks firms must address:
Non-compliant communications weren’t just an issue for frontline employees. Supervisors and senior management were also implicated.
Some employees took active steps to evade compliance, such as using personal devices, automatically deleting messages, or switching between platforms to avoid detection.
Off-channel communications were not limited to text messages and WhatsApp. Employees also used LinkedIn Messaging, WeChat, personal email accounts, and other social platforms.
Regulators found that off-channel discussions frequently involved investment decision-making, client advice, and interactions with market participants, proving that unmonitored communications create serious regulatory risks.
For example, Morgan Stanley Smith Barney was fined $15 million for failing to supervise financial advisors who misused client funds—partly due to outdated processes that did not properly monitor off-channel communications, leaving undetected compliance gaps.
Let’s face it: Nobody wants to open a new app just for security reasons when they’re already using iMessage. Outdated compliance solutions either force firms to ban these platforms—slowing down workflows—or indiscriminately capture everything, including personal messages, leading to serious privacy concerns. If an employee texts their mom to ask if they should bring wine to dinner, it’s suddenly archived at their place of work. That’s rough.
A Smarter Solution for Messaging Compliance
Tres Comma Compliance (TCC) is an AI-powered messaging compliance solution designed to help financial firms meet SEC 17a-4 and FINRA 4511 record-keeping requirements without disrupting daily workflows. It’s a next-generation compliance platform that ensures secure, cost-effective, and regulatory-compliant message archiving for financial firms.
AI-Powered Personal vs. Business Filtering – Unlike traditional tools that capture everything, TCC intelligently distinguishes between personal and business contacts, ensuring only relevant communications are archived. Whew. Privacy concerns abated!
Seamless iMessage & WhatsApp Compliance – With new macOS advancements, TCC reduces iMessage archiving costs by over 3x, making compliance more affordable and scalable for firms of all sizes.
Self-Onboarding in Minutes – No long sales cycles or complex installations. TCC enables firms to deploy a compliance solution in under five minutes, allowing teams to start archiving immediately.
Regulator-Ready Audit Dashboard – Compliance officers gain access to an intuitive dashboard to view archived messages, manage user accounts, and review flagged communications for potential risks.
And what’s even more awesome it’ll cut compliance officers' workload in half.
Why Firms Need to Act Now
Regulators aren’t slowing down, and compliance failures aren’t just about fines—they threaten firm reputation and client trust. While the number of SEC enforcement actions has decreased, penalties are growing larger.
Regulators are no longer waiting for violations to surface—they are actively auditing firms to uncover off-channel communications that are not properly archived. You’re already at risk if your firm lacks a robust compliance solution for modern messaging platforms.
TCC provides financial firms with an effortless way to stay compliant without disrupting business communications. With record fines becoming the new norm, now is the time to ensure your compliance strategy is future proof.
Author Info: Jeremiah Church is the founder of TCC, and a self-described compliance nerd who believes "complex problems should have simple fixes" — and builds tech to make that happen.
Visit Tres Comma Compliance for more information about TCC captures, archives and governs modern messaging for SEC/FINRA compliance.
Comments