Avoid the deregulatory trap in a 'relaxed' compliance era

A period of deregulation has been anticipated across U.S. financial services since January's change in administration, with SEC Commissioner Hester Peirce, for instance, calling for a shift in enforcement priorities from exams to smarter compliance tech. 

But for wealth advisory firms, the perceived safety of a deregulatory era can create a false sense of security. Temporary lapses in compliance enforcement can create long-term liabilities and plant the seeds for future crises.

That's the real lesson to be drawn from the sweeping crackdown on off-channel communications a few years ago, one which took place during a time of relative regulatory calm.

Between 2017 and 2020, the broader regulatory environment softened. There was a palpable shift toward deregulation, from rollback proposals to relaxed oversight in finance and climate policies. Many financial services firms interpreted this as a green light to ease up on their compliance infrastructure. 

The off-channel probe of financial services firms, which extended back to this period, shows that was a costly miscalculation. In late 2021, Morgan Stanley agreed to pay $200 million to regulators for failing to monitor employee communications on unauthorized channels, primarily WhatsApp, SMS and iMessage. 

Initially seen as a high-profile, isolated incident meant to set an example for the industry, that turned out to be the opening salvo in a sweeping enforcement campaign. By 2023, that $200 million spark ignited a $1.8 billion wildfire. The SEC and CFTC came down hard on 16 major financial firms for similar violations, all tied to the same issue: the use of off-channel communications that violated federal recordkeeping laws.

READ MORE: Goldman, Morgan Stanley, BofA, UBS among 16 firms to pay more than $1.8 billion over record-keeping failure

Backdated fines: A regulator's time machine

Many firms felt blindsided by the severe, retroactive and unprecedented penalties, but the message was clear: Regulatory priorities may shift, but accountability persists and consequences can surface long after the fact.

Backdated enforcement, in particular, is a strategic move by regulators. It sends a powerful signal that they don't need to catch you in the act. They can — and will — review logs, communications and historical behavior to enforce longstanding rules.

Even under the current administration, the stance didn't soften. In April, those 16 financial firms appealed to reduce their fines, hoping for a reprieve under a more lenient SEC. With Paul Atkins as chairman, they expected a rollback of Biden-era penalties. Instead, the agency upheld them, emphasizing that mobile compliance isn't a political issue, but a permanent regulatory priority.

READ MORE: WhatsApp case raises question if firms can even comply with SEC rules, commissioners say

It's worth noting that despite a generally lighter touch when it comes to crypto and ESG, there's been no formal reduction of compliance expectations around communications compliance and off-channel messaging under Atkins thus far. The recordkeeping requirements are still present and enforceable.

Not a 'fairness contest'

Many critics have questioned the fairness of the penalties. Why did some firms pay more than double than other firms for the same offense? Why weren't all held to the same standard? 

Valid questions, but ultimately they miss the point. 

Regulators aren't running a fairness contest. They're sending a message. Accountability is nonnegotiable, and cooperation counts. Just as guilty pleas lead to reduced sentences in a court of law, the SEC has rewarded firms that held their hands up and acknowledged their shortcomings.

READ MORE: 9 major RIA compliance fails — and how to avoid them

Firms that engaged early, self-disclosed or took meaningful steps to fix compliance gaps saw better outcomes. That's not favoritism, it's the playbook. It reflects the SEC's broader strategy to embed a culture of proactive compliance. This approach favors the carrot over the stick, replacing fear with clarity and reinforcing the principles behind the rules.

The deregulation fallacy

A strong compliance strategy isn't just about surviving current scrutiny, it's about building long-term resilience and avoiding the high cost of shortsighted decisions. 

The regulatory pattern is clear: Accountability doesn't pause when enforcement does. Informal communications, once dismissed as harmless, have become a billion-dollar blind spot. After several years of high-profile penalties, there are no excuses. 

And while a deregulatory climate may relax the tone, that's when regulations are at their most dangerous. A relaxed regulatory era doesn't erase the rules or the consequences of ignoring them. With retroactive penalties now standard, a change in leadership or a shift in regulatory priorities could trigger catastrophic consequences down the line.