Off-Channel Communications: Preserving Text Messages

When regulators demand proof of text message preservation, having the right system in place means the difference between seamless compliance and costly enforcement actions. Discover how one major broker-dealer transformed its off-channel communications practices and why mobile data collection is now non-negotiable for financial services firms.

The financial services industry faces exceptional pressure regarding off-channel communications. U.S. broker-dealers must create, preserve, and supervise all business-related communications regardless of whether they occur on firm-approved systems or personal mobile devices. Text messages and chat applications now fall squarely within the same recordkeeping requirements as traditional email communications demanding comprehensive audit trails, retention policies, and immediate supervisory review capabilities to ensure regulatory compliance standards.

The Regulatory Landscape for Financial Services

This shift reflects a broader regulatory consensus. The SEC's Rule 17a-4 requires broker-dealers to preserve records relating to their business in a non-rewritable, non-erasable (WORM) format. Meanwhile, FINRA Rule 4511 mandates that firms make and preserve records in accordance with SEC rules, and FINRA Rule 3110 requires supervisory systems reasonably designed to ensure compliance, including oversight of communications.

The enforcement environment became critical following SEC and CFTC enforcement actions beginning in 2021. Multiple global banks and broker-dealers faced combined fines exceeding billions of dollars for widespread use of text messages and chat apps without adequate preservation, supervision, or controls. Regulators explicitly stated that informal communications constitute business records and that policies alone are insufficient without concrete evidence of capture and preservation.

The Challenge: Translating Policy into Practice

A large financial services firm recognized that its existing approach to off-channel communications was inadequate. The firm's registered representatives were communicating with clients via SMS on personal devices (BYOD environments), yet there was no centralized, real-time archiving mechanism in place. Compliance teams relied primarily on attestations and policies without actual preserved records to demonstrate compliance.

The firm's specific operational challenges included:

• Distributed advisor population using personal devices for business communications

• Manual collection methods that were slow, inconsistent, and difficult to defend

• Screenshots and self-reported exports that regulators deemed insufficient for compliance purposes

• Privacy concerns related to the risk of over-collecting personal data unrelated to business activities

• Pressure to demonstrate meaningful remediation steps during regulatory examinations

The firm understood that traditional approaches would not satisfy regulator expectations. Screenshots and informal collection methods could actually increase regulatory risk by suggesting careless handling of business records. A more defensible, documented approach to off-channel communications was essential.

The Solution: Implementing Mobile Data Collection Software

The firm selected PME's mobile data collection software to support its off-channel communications remediation program. The solution addressed three critical requirements: defensible collection, scalable deployment, and regulatory alignment.

Targeted Identification and Risk-Based Scoping

Rather than attempting to capture all mobile communications firm-wide, the compliance team implemented a risk-based approach. PME enabled the firm to identify specific in-scope advisors and supervisors, relevant timeframes tied to regulatory exposure, and business-related communications only. This targeted approach balanced regulatory expectations with legitimate privacy considerations, reducing unnecessary data exposure while maintaining defensible evidence preservation.

Remote Collection Without Operational Disruption

The firm conducted remote, custodian-guided collections from personal devices using PME's platform. Unlike traditional forensic approaches requiring device seizure or onsite technicians, this method minimized disruption to registered representatives while enabling scalable deployment across a distributed advisor population. Custodians could participate securely from their own locations, eliminating logistical barriers that often plague compliance initiatives.

Defensible Preservation and Recordkeeping

Collected communications were encrypted and securely stored with immutable storage options aligned with SEC Rule 17a-4 requirements. The firm preserved complete audit logs and chain-of-custody documentation, creating a clear record of how off-channel communications were captured, handled, and maintained. This documented approach proved critical when regulators requested information during examinations.

Key Results and Business Impact

The firm's implementation of mobile data collection software delivered measurable compliance and operational outcomes:

• Defensible capture and preservation of off-channel communications with documented methodology

• Alignment with SEC and FINRA recordkeeping expectations

• Reduced reliance on informal or manual collection methods

• Improved readiness for regulatory examinations

• Greater confidence in demonstrating actionable compliance, not just policy intent

When regulators subsequently requested information, the firm was able to produce preserved text messages with supporting documentation demonstrating remediation steps and collection methodology. This proactive approach reduced follow-up inquiries and enforcement risk.

Lessons for Financial Services Firms

This case study illustrates several important principles for managing off-channel communications:

• Regulators expect actual preservation of text messages, not just policies prohibiting their use

• Off-channel communications represent a books-and-records compliance issue requiring concrete solutions

• Manual or ad hoc collection methods increase enforcement risk rather than mitigating it

• Targeted, documented mobile data collection is critical for demonstrating defensibility

The firm's experience shows that financial services organizations cannot rely solely on communication policies to satisfy regulatory obligations. Regulators have repeatedly emphasized that firms must demonstrate actual capture and preservation of off-channel communications through defensible processes.

Why Financial Services Firms Choose PME for Off-Channel Communications

PME is purpose-built for defensible mobile data collection and review workflows that support eDiscovery and compliance. In off-channel communications remediation programs, financial institutions use PME to execute targeted mobile data collection with remote, scalable workflows, while supporting audit-ready documentation and privacy-aware scoping.

PME Collect enables remote, custodian-guided acquisition scoped by custodian, application, and date range, while PME Review provides browser-based review capabilities such as search, tagging, redaction, comments, and export. For organizations that need additional support, PME also offers Managed Collections and full iOS Backup and Archiving options to fit governance needs.

Prepare for Off-Channel Communications Scrutiny Before Regulators Ask

Enforcement actions have made it clear that failure to capture and preserve business texting can create significant exposure. Broker-dealers should be prepared to demonstrate defensible, documented remediation, especially when communications occur outside approved channels and outside traditional monitoring.

Contact PME to discuss how targeted mobile collection can support examinations, evidence preservation expectations, and practical supervision workflows when compliance demands it.

FAQ

1) What types of mobile content can PME Collect acquire for a broker-dealer matter?

PME Collect supports remote, custodian-guided collection that can be scoped to relevant mobile data such as SMS and iMessage, messages from supported chat applications, media, call logs, contacts, and app data. The approach is designed to support targeted acquisition rather than broad device seizure.

2) How does PME support defensibility for regulatory exams?

PME supports defensible workflows through controlled collection steps, audit logs, and chain-of-custody documentation. PME also supports preservation approaches aligned with immutable retention needs, which is important when firms must explain how records were captured and safeguarded.

3) How does PME help reduce privacy risk in BYOD texting investigations?

PME supports scoping by custodian, app, and date range to reduce over-collection. PME Review also supports review workflows that include search, tagging, and redaction, which can help teams manage sensitive information while producing responsive records.