Skip to main content
close search
site logo

Big fines might get employees to end off-channel communications

Companies must get a handle on unsupported networks even if they’re not technically illegal outside of some federal rules, enforcement specialists say.

Published May 2, 2024
Robert Freedman's headshot
Lead Editor
off-channel communications compliance
Women's hand typing on mobile smartphone oatawa via Getty Images

There’s nothing illegal about employees using ephemeral messaging apps and other off-channel communications as part of their jobs, unless they’re in financial services, where federal recordkeeping rules apply, but companies must still find a way to manage their use because of regulators’ expectations.  

“The Department of Justice is a big, bad enforcer,” Matt Kelly, CEO of Radical Compliance, says in a Today’s General Counsel webcast.  

Guidance the agency released last year makes clear it expects companies to not only have a policy for managing their employees’ use of off-channel communications but to be able to show they’re enforcing it. That means training employees on what are and aren’t acceptable communication channels, using technology to help track employee use of communication channels and having a disciplinary program that is consequential enough to change behavior. 

“Do you give a slap on the wrist and, if they’re repeat offenders, slap them on the wrist two times?’ said Kelly. “That’s not adequate.”

Companies should be managing these communications even without DOJ expecting them to because knowing what employees are saying outside of formal business channels like email has become integral to litigation holds and internal investigations, among other things. 

“It’s no longer don’t-ask, don’t-tell,” said Brad Harris, vice president at e-discovery software company Exterro. “We know these communications are likely happening.”

But stepped-up scrutiny by regulators has increased the cost to companies that don’t take off-channel communications seriously, Kelly said.

So far, company settlements with regulators over their use of these communications have been concentrated in financial services, where the Securities and Exchange Commission has said they’re violations of federal recordkeeping requirements. 

In about two dozen enforcement actions that have been taken in the last few years, fines have ranged from $7 million to $125 million. 

The big difference in amounts has to do with cooperation; companies that spot a problem and try to address it and work with the SEC get hit with fines on the lower side while those that don’t do any of those things get hit with the big ones. 

But the fines are only a part of the cost; the other part is managing compliance going forward. The settlements that the SEC has entered into have typically required companies to pay to have a consultant help them fix their policy and put in place training, technology and a disciplinary program.

“That could lead to a really expensive overhaul of your compliance program,” Kelly said. 

Nor is it simply a matter of banning ephemeral messaging apps like Signal, Discord and Snapchat; virtually all collaboration and other platforms that employees use, like Asana, Jira, ServiceNow and Zoom, have embedded chat functions. That requires companies to inventory the platforms people use, decide which ones they are prepared to support and which ones they’re not, and build their policy around that. 

It doesn't end there, Kelly said. Companies also must think through how they’re going to handle the unsupported platforms that their employees aren’t supposed to use but will anyway. 

“You must be honest with yourself,” said Kelly. “After we tell employees we’ll only support these six [platforms], how do you respond to the reality that they’re still going to use other channels? They will violate the policy – maybe for bad reasons, maybe for accidental reasons.”

Because the communication channels are evolving, it’s unrealistic to think a technology solution alone can solve companies’ compliance challenges; behavioral changes have to be a part of it, too, said Robert Cruz, vice president of compliance software company Smarsh.  

One way to change behavior is to take a page from what some financial services companies are doing to stay in compliance with SEC rules. They’re penalizing employees financially if they violate company communication policy. In some cases, companies are going after employees’ end-of-year performance bonuses if there’s a violation. For top-performing executives, a penalty can be in the millions of dollars. 

“If you say you’ll dock their bonus if they have a messaging infraction, for senior executives that’s a $1 million mistake,” said Kelly. “That gets the message home. That’s the sort of thing DOJ wants to see.”

Recommended Reading

Filed Under: Compliance

Editors' picks

Company Announcements

View all | Post a press release

Want to share a company announcement with your peers?

Share your announcement

Editors' picks
Latest in Compliance
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.