In Review: 2014 Regulatory Updates

There were many regulatory developments, guidance updates, and trends this year that had companies busy figuring out how to keep their business running smoothly, while incorporating new digital communications channels and industry rules.

Here’s a snapshot of just a few significant developments in 2014:

Digital communications trends:

• New digital messaging platforms are everywhere, and gaining acceptance even in regulated industries. For instance, the Smarsh 2014 Electronic Communications Compliance Survey Report showed the number of electronic communications channels that financial firms allow employees to use for business purposes has nearly doubled in the past three years, from an average of 3.6 channels in 2011 to 6.7 in 2014. Firms are expanding their communications from email to instant messaging, social media, enterprise social media, and more.

• There’s no turning back in a mobile world. Employees and customers are going mobile, in more ways than one. With the increasing use of smartphones, tablets and other media devices, business models and marketing strategies continued to change businesses in 2014. It’s now more critical for companies to assess their mobile strategies and policies, and archive and supervise communications in highly regulated industries.

New and updated guidance:

• The Federal Financial Institutions Examination Council finalized guidance for its member banks, savings associations, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau (CFPB). The guidance shows financial institutions how to use social media while minimizing compliance, legal and business risks. It’s clear that consumer lenders must have a risk management program to identify, measure, monitor and control risks related to business social media use.

• The Securities and Exchange Commission (SEC) Issued Updated Social Media Guidance for Advisors that provides information on the testimonial rule and social media, and details how advisors can feature public commentary about themselves on independent, third-party websites without violating the Investment Advisers Act’s testimonial prohibition. The guidance seeks to help advisors develop compliance policies and procedures that are reasonably designed to address social media participation.

• The UK’s Financial Conduct Authority (FCA) outlined its social media approach. Across the pond, the FCA recognizes social media has become an important communication channel for financial services, and released a social media guidance consultation paper to help firms understand its perspective regarding promotions in social media. Key tenets of the paper include fair use of social media platforms, risk management, records maintenance, and the requirement to properly capture, retain and protect social media content. The guidance applies to a wide range of content types, including websites and applications that allow users to create and share content or participate in social networking, blogs, forums, and video and image sharing.

• Pharmaceutical companies started getting ready for U.S. Food and Drug Administration (FDA) Social Media Rules. Many pharmaceutical companies are now starting to use social media in their general marketing, and to communicate directly to with customers. Like the financial services industry a few years ago, the industry as a whole approached social media with caution while waiting for guidance from the FDA. The regulator finally issued draft social media guidance documents in 2014. A core theme throughout the guidance is that pharma companies must capture and preserve full and proper records of their social media communications. These need to be retained, preferably in context, in a format that preserves interactive links and full metadata.

• The Financial Industry Regulatory Authority (FINRA) released new consolidated rules, which cover required supervision systems and responsibilities, written supervisory procedures and supervision of supervisory personnel for broker-dealer firms. The new rules codify and consolidate guidance already in place, with some important updates to requirements for digital communications supervisory procedures and systems.

Increased regulatory enforcement actions:

• SEC enforcement actions went up in 2014. In 2014, the SEC hit an all-time high in the number of enforcement actions and fines levied. With a fiscal year that ended in September, the SEC filed a record 755 enforcement actions, and obtained orders totaling $4.16 billion in penalties and fines, according to preliminary figures. This marked a significant increase in fines compared to 686 actions and $3.4 billion in 2013. The enforcement actions covered a wide range of wrongdoings, including more than 135 parties charged with reporting and disclosure violations.

• Mortgage lenders are now under closer regulatory watch. The CFPB stepped up its enforcement of regulatory sanctions and fines for mortgage lenders that don’t comply with industry and federal government rules. For instance, the regulator fined Amerisave for allegations of deceptive advertising. If a mortgage lender uses website advertising, social media, and other digital communications to seek out customers, there are compliance and regulatory issues for lenders to address now, including the development of compliance policies, training, and policy enforcements that are suited to the business.

• When digital messages went missing, government agencies were in the spotlight. The massive number of different email, social media, instant messaging, text and other digital communications technologies can make it challenging for government agencies to keep up with records management requirements, stay compliant with state and federal open-records laws, and quickly fulfill requests under the Freedom of Information Act and the Federal Rules of Civil Procedure. This year, the Environmental Protection Agency was admonished by a federal judge when it didn’t retain text messages of its top administrator, Gina McCarthy. Earlier in 2014, the Internal Revenue Service also came under scrutiny when official IRS emails required for an investigation were lost to hard drive failures, and then later retrieved from recycled backup tapes. The recent incidents highlight the fact that government agencies often need better records retention policies and systems to handle investigative requests, e-discovery processes, and legal proceedings.

• The UK’s FCA fines rocketed to over $1billion in 2014, as it stepped up enforcement actions and increased vigilance since its inception, levying more fines in 2013 than its predecessor, the FSA, did in its entire history. The FCA focused its efforts on big-ticket cases, with sanctions against 24 corporations and 14 against individuals.