Close-up: Mobile Communication Compliance, Books and Records and the 2025 FINRA Annual Regulatory Oversight Report
Each year, FINRA issues its Annual Regulatory Oversight Report to provide FINRA member firms with additional insight into their regulatory observations and activities since the report from the previous year.
The 2025 FINRA Annual Regulatory Oversight Report, published in January, comprises 74 pages across eight sections. The report covers a broad range of operational recommendations from a regulatory perspective, and this year introduced a new topic on Third-Party Risk Landscape. Stay tuned, as CellTrust will soon be discussing this topic within a follow-up post on cybersecurity best practices and due diligence when choosing a third-party technology provider.
“Today’s mobile communication compliance technology should be designed to seamlessly support enterprises working in regulated industries meet their books and records recordkeeping obligations,” highlights Sean Moshir, Co-founder and CEO CellTrust.
Today, we are looking closely at FINRA’s findings and effective practices for Books and Records on pages 25-27 of the report as they relate to mobile communication compliance.
FINRA’s findings as they relate to mobile communication:
Not maintaining and preserving non-email electronic communications conducted through firm-approved channels is still occurring and problematic, specifically, not preserving and reviewing business-related text messages.
Not reviewing electronic communications for indications of potential use of off-channel communications for business-related activities continues to be a problem, compounded by inadequate Written Supervisory Procedures (WSPs) – relying on policies and procedures that are overly general and do not adequately specify: 1) Permitted and prohibited communication platforms, 2) Methods to determine if registered representatives are engaging in business communications on unapproved platforms, and 3) Corrective actions for registered representatives if they violate firm policy and engage in business communication using unapproved platforms.
Contacting customers on firm business through off-channel platforms and the inadequate review of electronic communications without selecting adequate samples or using targeted keyword searches and failure to review non-English language electronic communications continues to occur.
Finally, FINRA found inadequate due diligence of third-party vendors combined with inadequate third-party vendor supervision: Not properly supervising third-party vendors that support firms’ monitoring of their associated persons’ electronic communications, resulting in firms not supervising or retaining communications.
FINRA made several “effective practice” recommendations as they relate to mobile communication:
Supervisory Procedures
Monitoring for indications that associated persons are using off-channel communications (e.g., a decrease or cease in activity on certain previously used firm-approved communication channels or tools).
Frequently revising keywords used to surveil for associated persons’ potential use of off-channel communications, and tailoring keyword searches to the business models.
Providing Appropriate Access to Books and Records
If your firm uses a part-time Financial and Operations Principal (FINOP), contracted chief compliance officer (CCO), or a part-time employee or contractor for other roles, ensure there is a process in place to set up appropriate access to the firm’s books and records to allow for the individuals to fulfill their regulatory obligations.
Testing and Verification
Testing recordkeeping third-party vendors’ capabilities to fulfill regulatory obligations by, for example, simulating a regulator’s examinations by requesting records to confirm compliance with the recordkeeping requirements.
Helpful links:
FINRA Books and Records checklist
https://www.celltrust.com/products/celltrust-sl2/
#FINRA #SEC #CFTC #BooksandRecords #Texting #Compliance #Recordkeeping #CyberSecurity #DataPrivacy #Security #FinServ #FinTech #RegTech #InfoSec