Tackling Unauthorized Messaging in the Financial Sector 


By David Chang

With the growing prevalence and rapid evolution of alternative communication channels, the Financial Industry Regulatory Authority (FINRA) is now emphasizing the requirement for broker-dealers to retain business-related messages across all mediums. FINRA’s approach mirrors the Securities and Exchange Commission’s (SEC) actions, as it focuses on enforcing record retention requirements for off-channel communications. 

These electronic communications can range from e-mails, personal texts, WhatsApp, Signal, Telegram, WeChat, or even the direct messages of social media platforms such as TikTok, Facebook, and Instagram. FINRA’s January 2023 ruling levied $200,000 in fines for a broker dealer firm’s self-reported issues with firm-owned Apple iPhones and their native iMessage system. Both FINRA and the SEC have signaled their intention to prioritize the enforcement of record-keeping policies and their proper supervision.  

Financial firms must continue to adhere to FINRA rules and regulations even as they apply to new technology and social norms. As specified in FINRA Rule 4511, FINRA Members shall make and preserve books and records as required under the FINRA rules, the Exchange Act and the applicable Exchange Act rules. The Securities Exchange Act Rule 17a-4(b)(4) states that any messages which relate to a member’s business be kept for at least 3 years. Finally, FINRA Rule 3110 requires each member to establish and maintain a system that supervises the activities of its employees to comply with security laws and regulations, including any applicable FINRA rules. Staying on top of the ever-evolving guidance in the application of these rules will be crucial to a firm’s ability to stay ahead of the competition and out of regulatory hot water.  

As the financial sector continues to evolve and adapt to new technologies, unauthorized messaging app usage remains a pressing concern. Financial institutions must take a proactive approach in addressing this issue by establishing and enforcing clear policies, educating employees, and investing in secure communication tools. By doing so, firms can better ensure compliance with FINRA and SEC requirements, safeguard sensitive data, and protect their reputation in an increasingly regulated landscape. 

For more information, please contact David Chang at or your local FMG attorney.