Despite the broad sweep of the requests, the SEC appears to be taking a lighter touch in the course of its investigation for now. And it is unclear to what extent financial institutions will be able to corral their employees’ use of personal phones or recover information from ephemeral messaging apps. But failure to have robust procedures in place to prevent the circumvention of record-keeping rules opens the institutions up to an enforcement action themselves. Merely having policies and rules in place is not enough; we know that management’s awareness that ephemeral messaging applications are being used leaves institutions vulnerable to an enforcement action for lack of sufficient internal controls. That presents all the more reason for financial institutions to take a close look at existing policies and procedures about telecommunications and record keeping and make thoughtful decisions now—before the regulators come calling.
Source: The SEC and Messaging Apps