—ANNUAL DATA REPORT
Global Relay Data Insights: Communication Capture Trends in 2024
What does the data of 12,000 financial institutions reveal about recordkeeping and surveillance priorities in 2024?
Global Relay Data Insights: Communication Capture Trends in 2024 What does the data of 12,000 financial institutions reveal about recordkeeping and surveillance priorities in 2024?
—About Global Relay
The graph shows the most popularly captured communication channels across the sampled 12,000 Global Relay accounts (individual customers).
Conventional business communication channels such as email, Instant Bloomberg, and Microsoft Teams (Teams) remain in the top five most commonly captured channels, showing that firms continue to prioritize the capture and preservation of traditional communication channels.
The number of accounts capturing Microsoft Teams data has increased 13% year-on-year (YoY), suggesting that Teams may be growing in prevalence as a business communication tool within financial services, reflecting a now-established approach to hybrid working.
The Top 10 communication data channels graph shows that Global Relay App is being increasingly captured, increasing by 12% between September 2023 and September 2024. Global Relay App is a compliant messaging application that allows individuals to communicate via SMS, WhatsApp, instant message, and voice calls. This 12% increase suggests that firms are starting to prioritize mobile-first communication solutions, and capturing business communication that takes place on mobile devices.
Notably, the capture of LinkedIn communications features prominently within the top 10 most commonly captured channels. 28% of firms are capturing communications made through the personal LinkedIn accounts of employees, while 12% capture LinkedIn posts made by their corporate page. Historically, we would likely have seen firms retain communications made on conventional channels, such as Lync. The prominence of LinkedIn suggests that firms are cognizant of this platform as a compliance risk, and may point to a shift in the way that individuals are communicating.
Also of note is a decline in the number of firms that are capturing communication made through X (formerly Twitter), falling by 8% YoY. There are a number of possible reasons for this decline.
Users of the social media site have fallen sharply since the site was bought by Elon Musk and rebranded as “X.” A report by Sensor Tower found that daily app users fell by 23% over the course of 2023.
As well as this, a report by Kantar found that the number of businesses that use X as an advertising platform has fallen, with 26% of marketers planning to reduce their use of X further in 2025. If it is to be assumed that firms are capturing X communications with a view to retaining marketing or promotional material, it stands to reason that this number has fallen if firms are no longer using it as a marketing channel.
Moreover, in February 2023, X introduced a three tier API access model so that enterprises must pay up to $42,000 a month to access data from X. It is likely that increased API fees for a service that was previously free have had a knock-on effect regarding the number of firms capturing data from X.
The capture and retention of most business communication channels has stayed broadly level YoY, with generally small increases across the board. Away from the top 10 communication channels, there were a number of channels that saw significant investment from firms.
1
An increase in Instagram and YouTube capture points to marketing messaging as a growing compliance risk and priority.
2
More investment in the capture and retention of Zoom calls shows firms are continuing to modernize their recordkeeping efforts to keep up with post-pandemic communication changes and are reacting to growing pressure to ensure data completeness across all channels.
3
The steep increase in Apple® Message capture suggests Apple Messages are being used for business, despite the majority of regulatory focus being on WhatsApp.
——Capture and store your Apple® communications (SMS and iMessage) with Global Relay for Apple® Messages
Learn more
The graph shows the five most commonly captured communication channels within financial organizations in the U.S. and the U.K. It shows a jurisdictional split in the priorities of communication capture, which can likely be attributed to differing regulatory frameworks in those regions.
The graphs give an alternative view of how financial services are prioritizing communication capture to meet recordkeeping rules. They show the “bundles” of Global Relay Connectors most commonly bought together and implemented, giving a view to how firms may group or prioritize communication capture, depending on their firm type.
It is likely that this figure will continue to increase in line with persistent regulatory action in this field. In the three months prior to publication of the report, U.S. regulators:
Issued $88 million in fines to 12 firms for “widespread and longstanding failures” to preserve business communication records including WhatsApp messages
Issued $1.3 million in fines to 12 municipal advisors for systemic failures related to staff using unapproved communication channels
Issued $26 million in fines to 26 firms for “pervasive and longstanding” use of off-channel communications, perpetuated by senior staff
Issued $49 million in fines to six credit agencies for their failure to preserve WhatsApp messages, among other channels
——While the majority of enforcement action for recordkeeping failures has come from U.S. regulators, the FCA has recently asked firms to provide a list of “unmonitored and/or encrypted applications” to the regulator.
Could this mean that the U.K. regulator plans to follow in U.S. regulators’ footsteps?
The graph shows the percentage of the sampled 12,000 Global Relay accounts that are capturing and retaining business communication made through at least one social media channel.
The data provides more insight when broken down by region, offering a view into how firms are prioritizing communication capture dependent on regulatory focus.
In the U.S., 38% of financial organizations are capturing and preserving business communications from at least one social media channel. The U.K. has a markedly different approach, with only 9% opting for social media capture.
Social media presents three critical risks for financial services:
Market disruption and economic risk through the rapid spread of information – or disinformation – online
Marketing risk and consumer risk through misleading promotions and bad advice made on social media channels, particularly through the use of financial influencers (“finfluencers”)
Recordkeeping risk and the potential for off-channel communication made through social media channels that are not being proactively captured and retained
While the first risk is universal, the second two have been more directly addressed by U.S. regulators. As explored further in this report, the Securities and Exchange Commission (SEC) has published and aggressively enforced rules around financial promotions, including those made on social media, by virtue of its Marketing Rule. The Marketing Rule also introduced adjacent recordkeeping obligations for social media by proxy, meaning that firms must now consider the capture of social media data as a recordkeeping requirement.
——Despite persistent regulatory action and messaging concerning WhatsApp, WeChat, and SMS, the percentage of firms capturing social media is far higher than those capturing WhatsApp.
Are businesses seeing social media emerge as a communication risk and proactively looking to capture this data before regulators move their focus from WhatsApp to social?
In comparison, U.K. regulators have been less direct, issuing “tough new rules” for the marketing of cryptoassets, as well as publishing FG24/1: Finalized guidance on financial promotions on social media with a view to clarifying how financial promotions should be communicated on these channels.
While “tough,” crypto-related marketing rules are limited in application, and the FCA has expressly said that FG24/1 “does not create new obligations for firms.” The FCA has similarly been directly critical of “finfluencers,” issuing enforcement action and – in some instances – pursuing criminal action against them.
It is likely that these differing approaches explain why the capture of social media channels has been more widely prioritized in the U.S.
The graphs below offer a more forensic look into the communication data being captured by financial institutions across LinkedIn, Instagram, and X.
For both LinkedIn and X, firms are clearly prioritizing the capture of communications made from personal accounts, with 61% of firms capturing LinkedIn accounts looking solely to capture personal LinkedIn account communications. Similarly, 78% of firms capturing communications data from X are doing so through personal accounts. Conversely, there are no organizations opting to capture data from personal Instagram accounts yet, with 100% of firms capturing company accounts only.
Social media, particularly LinkedIn, is increasingly being considered as an approved channel for business communication and therefore falls under the recordkeeping remit. Similarly, both U.S. regulators and U.K. regulators alike have taken enforcement action against firms who have used “finfluencers” to share unauthorized financial promotions on social media platforms, which may be inspiring increased communications capture on these channels.
In 2022, the SEC charged eight social media influencers who were involved in a $100 million securities fraud scheme, in which they used social media platforms to manipulate exchange-traded stocks
In 2024, the FCA brought charges against nine individuals who used Instagram accounts to provide financial advice when they were not authorized to do so
Also in 2024, FINRA fined M1 Finance $850,000 for paying social media influencers to post social media posts on the firm’s behalf that “were not fair or balanced, on contained exaggerated, unwarranted, promissory, or misleading claims”
On October 22, 2024, the FCA announced that it was taking potential criminal action against 20 finfluencers for their alleged involvement in “touting financial services products illegally”
The SEC’s Marketing Rule came into effect on November 4, 2022, and requires certain U.S. firms to have oversight of how their employees communicate with customers and prospects through advertising campaigns, social media, and corporate websites.
In connection with the publication of the Marketing Rule, the SEC similarly amended the Advisers Act Rule 204-2 (Books and Records Rule) to “require investment advisers to make and keep certain records, such as records of all advertisements they disseminate.”
The effect of the Marketing Rule on recordkeeping priorities is clear:
At the time of writing Global Relay’s 2023 Data Insight Report, the SEC had issued two Risk Alerts pinning the Marketing Rule as a focus area for 2023/24. The SEC had also issued a $850,000 fine to nine registered investment advisors (RIAs) that advertised hypothetical performance to a mass audience. Two of the firms charged were found to have violated the Marketing Rule because they failed to keep records of their advertisements.
Over the course of 2024, U.S. regulators have affirmed their focus on Marketing Rule violations and marketing communications more generally:
In April 2024, FINRA issued a $250,000 fine to a member firm for its failure to preserve over 1.25 million electronic communications, the “vast majority of which” were marketing communications
Also in April 2024, the SEC charged five investment advisors a combined penalty of $200,000 for Marketing Rule violations for advertising hypothetical performances on corporate websites without implementing the required policies and procedures
In September 2024, the SEC fined nine RIAs a combined $1.24 million for disseminating misleading advertisements either on their own corporate websites or through social media channels
Whether to meet recordkeeping requirements associated with the Marketing Rule, or to preserve marketing communication in the event of investigation or audit, it is clear that increased regulatory focus on marketing material is giving rise to an increased willingness for U.S.-based firms to capture and preserve platforms through which marketing messaging can be disseminated. We anticipate that a similar theme will emerge in the U.K. as the FCA’s Consumer Duty principle beds in.
Another theme that will broaden the scope of communications capture is the regulatory focus on data completeness, especially for surveillance teams.
In March 2024, JPMorgan Chase was fined nearly $350 million for deficiencies in its trade surveillance capture procedures. In a joint action, the Office of the Comptroller of the Currency (OCC) and the Federal Reserve Board found that JPMorgan had been operating with “gaps in trading venue coverage” meaning it failed to surveil billions of instances of trading activity on at least 30 global trading venues.
Similarly, in October 2024, the Commodity Futures Trading Commission (CFTC) charged a futures commission merchant firm for failing to properly retain audio messages. The CFTC found that the firm had used three platforms to make or keep audio recordings of personnel’s conversations with clients but, on several occasions, the platforms underwent issues that led to the inability to retain approximately 3,000 recordings of calls. The failure to record these communications violated CFTC Regulation 1.31 and 1.35 related to recordkeeping obligations to capture oral communications.
Data completeness is arguably the biggest challenge for surveillance as we move into 2025, with firms having to revise policies and strategies to ensure that they are aware of all avenues for trading and communication. Increasingly, trading venues incorporate bilateral means of communication or the opportunity for individuals to leave comments or contextual information alongside trading data.
Upstream data capture is now a prevalent issue, and traditional solutions such as attestations do not guarantee compliance.
Moving into 2025, it is likely that the scope of captured channels will broaden as financial institutions become more aware of missing or incomplete data.
March 2024
$350 million
fine issue to JPMorgan Chase for deficiencies in trade surveillance procedures for monitoring billions of trading activities across at least 30 global trading venues
October 2024
3,000 missing recordings
due to issues with third-party platforms, resulting in a futures commission merchant firm violating CFTC Regulations 1.31 and 1.35 related to recordkeeping obligations for capturing oral communications
——Global Relay Connector for ChatGPT Enterprise
If you’re looking for a compliant way to capture ChatGPT communication within your organization, find out more about Global Relay Connector for ChatGPT Enterprise.
Individuals within financial services and beyond are increasingly using generative AI to streamline workflows, draft communications, and, in some instances, to create or amend algorithms in the name of efficiency. However, generative AI use is not without risk, including data risk, client confidentiality, or the provision of misleading information through AI hallucinations, as shown in a demonstration at the U.K. AI Safety Summit.
In order to harness reward and mitigate risk, we will likely see an increase in organizations seeking to capture the interactions that employees are having with generative AI with a view to maintaining clear audit trails, understanding how it is being used, detecting data leakage or breaches of client confidentiality, and monitoring for misconduct.
In March 2023, the Department of Justice (DOJ) released amendments to its Evaluation of Corporate Compliance Program (ECCP), in which it set out new data retention expectations for personal devices and, specifically, ephemeral messages. In January 2024, the ECCP was amended again so that it “reinforces parties’ preservation obligations for collaboration tools and ephemeral messaging.” A spokesperson added that:
“Companies and individuals have a legal responsibility to preserve documents when involved in government investigations or litigation in order to promote efficient and effective enforcement that protects the American public. Today’s update reinforces that this preservation responsibility applies to new methods of collaboration and information-sharing tools, even including tools that allow for messages to disappear via ephemeral messaging capabilities.”
This latest guidance obliges firms to have robust, clear policies around the use of ephemeral messaging channels, to capture communications made through such channels and – if firms have not been able to capture such communications – to have a good reason why.
All U.S. organizations, even those outside the scope of financial services, will need to assess their communication capture policies to meet the DOJ’s obligations. It is therefore likely we will see firms looking for solutions to capture and retain data contained within ephemeral messaging channels.
Communication channels including WhatsApp, Telegram, and Zoom have introduced features that allow messages to be automatically deleted once opened by the recipient, or after a pre-set period of time.
These ephemeral messages are an as-yet unexplored compliance risk, as they:
May be used by bad actors to conceal misconduct or unauthorized communication
Could cause organizations to fall outside of regulatory recordkeeping requirements
Break consistency in audit trails so, in the event of regulatory or legal investigation, firms are unable to present full evidence
Companies and individuals have a legal responsibility to preserve documents [...] Today’s update reinforces that this preservation responsibility applies to new methods of collaboration and information-sharing tools, even including tools that allow for messages to disappear via ephemeral messaging capabilities.
Spokesperson, DOJ
As noted below, the majority of regulatory enforcement action for recordkeeping failures has centered around firms’ failures to capture messages made through WhatsApp, SMS, or on personal devices.
The percentage of financial institutions capturing social media data is far higher than the number of firms capturing WhatsApp.
Despite this, the percentage of financial institutions capturing social media data is far higher than the number of firms capturing WhatsApp.
It is likely that firms are seeing the risks of social media unfold before them and are proactively looking to capture and monitor this data before regulators move their focus from WhatsApp to social media.
Social media will persist as a trend in communication capture, as both firms and organizations understand more about the myriad industry risks it poses.
The capture and retention of business communication data has historically been driven by recordkeeping obligations. However, as regulators across the globe widen their scope from pure financial misconduct to non-financial misconduct (NFM) too, firms must similarly widen their scope of communication capture.
As well as meeting recordkeeping requirements, regulators are increasingly expecting firms to monitor communications for instances of bullying, sexual harassment, discrimination, and other NFM. As well as this, Principles such as Consumer Duty in the U.K. and the Marketing Rule place increased focus on the capture of non-traditional communication channels.
In particular, the FCA has made clear that “non-financial misconduct […] is misconduct for regulatory purposes” and has asked firms to disclose incidents of NFM in the last 12 months. In the U.S., there has been an increase in regulatory messaging referencing the importance of conduct, culture, and ethics. The former director of the SEC’s Division of Enforcement Gurbir Grewal has similarly set out the three pillars that underpin effective culture, cementing good culture as critical to effective compliance.
With this in mind, we are likely to see an increase in communication capture across any channel that could pose marketing or NFM risks, as well as traditional financial channels.
——Download a PDF of this report
Download
$118 million in SEC and CFTC fines continues off-channel comms crackdownBy Jay Hampshire
Bad finfluence – Is influencer marketing worth the risks?By Jay Hampshire
By the dozen – SEC fines 12 municipal advisors $1.3 million for off-channel communications
By Jay Hampshire
Change the record – SEC charges 26 firms combined $390 million for recordkeeping failuresBy Jay Hampshire
Watch out for WhatsApp: Does the FCA plan to follow in the footsteps of U.S. regulators?By Kathryn FallahLearn more
Another day, another SEC fine: The SEC charges six credit agencies $49 million for recordkeeping failures
By Aarti Agarwal
The Global Relay Data Insights: Communication Capture Trends in 2024 report references the communication capture data collected from Global Relay accounts ranging from bank, broker-dealer, fund management, and other regulated financial services firms.
These organizations are required to comply with regulatory archiving and recordkeeping requirements for electronic communications data. The data referenced within this report looks, in particular, at Global Relay Connectors, which directly capture data from communication channels and deliver that data into a compliant archive.
As such, this report provides a unique view into the evolution of communication in financial services. It reveals exclusive insights into the most commonly captured communication channels within financial service organizations worldwide and establishes which channels of communication are a priority in 2024.
This report and the graphs therein refer to data collected by Global Relay Communications Inc. The information, materials, and opinions contained in this report are for general information purposes only, are not intended to constitute legal or other professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances.
Global Relay Communications Inc. makes no warranties, representations, or undertakings about any of the content of this report (including, without limitation, any as to the quality, accuracy, completeness, or fitness for any particular purpose of such content), or any content of any other website referred to or accessed by hyperlinks through the report. Although we make reasonable efforts to update the information on our reports, we make no representations, warranties or guarantees, whether express or implied, that the content is accurate, complete, or up-to-date.
