Table of Contents
August 2025 delivered a stark reminder that communications compliance isn't optional; it's expensive when you get it wrong.
The Numbers Don't Lie
This past month, FINRA imposed over $2.4 million in fines across multiple financial services firms, with the majority of penalties targeting one critical area: communications compliance failures. The largest single fine, $1.3 million, went to a firm that couldn't monitor business communications happening on messaging platforms and social media.
But here's what makes these cases particularly sobering: individual employees are now facing personal liability. We're seeing personal fines, suspensions, and career-ending consequences for communication compliance failures that were once considered "firm-level" issues.
Real Voices, Real Concerns
Just this week, we met with a compliance officer using a legacy vendor at a growing financial firm who perfectly captured the challenge many organizations face:
"If we had an audit, an SEC exam, what do I need to do? How do I pull the data out? How quickly can I get it and get it up over to them? I want to be able to say, here you go, Merry Christmas, knock yourself out."
Another compliance professional using the same antiquated legacy vendor at a major financial institution expressed similar frustrations: "We've been having some issues, just lots of little issues that are going on with them with our ingestion... The problem is the responses and the help support we're getting in solving those issues."
These aren't theoretical concerns - they're the daily reality for compliance teams who know that when FINRA comes calling, incomplete or delayed access to communications can be catastrophic.
The Velox Clearing Case: A $1.3 Million Lesson
The month's most significant penalty tells a familiar story that we hear echoed in countless compliance conversations. Velox Clearing LLC thought they had communications compliance under control. They had policies prohibiting unapproved communication platforms. They even had compliance staff who instructed employees to stop using unauthorized channels.
It didn't matter.
The reality? Over 10,000 business communications were happening outside their oversight - on text messages and social media platforms. These weren't casual conversations. They included:
- Customer requests to move securities
- Wire transfer instructions
- Trade orders
- Operational discussions between the CEO and clients
When compliance staff discovered the violations and told employees to stop, the unauthorized communications continued anyway. Senior management knew it was happening, but couldn't enforce what they couldn't see.
The result: $1.3 million in fines and a damaged reputation.
Individual Liability: The New Reality
What's particularly striking about August's disciplinary actions is the personal consequences facing individual employees:
- Bingshan Song: $25,000 fine + suspension for participating in unmonitored business communications.
- Mingzhe Du: $7,500 fine + suspension for similar violations.
- Multiple individuals facing bars and long-term suspensions.
These cases signal a clear shift: FINRA isn't just holding firms accountable - they're going after individuals who participate in communications compliance violations.
The Compliance Review Reality
One compliance officer we spoke with recently highlighted the fundamental challenge facing growing firms: "With seven, eight people, 10 people, [manual compliance review is] fine. With 25 people, it needs to be more robust. Every quarter I'll run a couple of email reports and spend 10 minutes on them. I mean, it's very high level."
This quarterly, high-level approach works until FINRA comes knocking. Then suddenly, that compliance officer needs to produce comprehensive communication records across multiple platforms, channels, and time periods - often within days.
August's disciplinary actions show what happens when firms can't deliver that level of responsiveness. The consequences are measured in millions of dollars and damaged reputations.
The Pattern We're Seeing
Across the August disciplinary actions, a consistent pattern emerges:
- Firms have policies prohibiting unauthorized communications
- Employees use them anyway (often with management knowledge)
- No monitoring tools exist to detect or prevent violations
- Business-critical communications happen outside compliance oversight
- FINRA discovers the violations during examinations
- Significant financial and reputational damage follows
If you read the orders, the pattern isn’t new, but the tolerance level is. Regulators no longer care whether you “told” employees to stay off WhatsApp or Slack. They’re looking at whether you could prove it wasn’t being used. In August, firms failed that test. Management knew it was happening, supervisors told staff to stop, but nothing changed because there was no system in place to catch it. That’s what triggered the fines.
The shift is simple: policies and training are table stakes. If you can’t produce records on demand, FINRA treats it as if you never had a policy at all.
What This Means for Your Organization
If you're reading this and thinking, "this could never happen to us," consider that every firm that received these fines likely felt the same thing. The reality is that business communications are happening across more channels than ever before, and legacy email archiving solutions only capture a fraction of the picture.
Questions to ask yourself:
- Do you have visibility into business communications happening on Teams, Slack, WhatsApp, or social media?
- When was your last comprehensive communication compliance audit?
- Could you produce all business communications from the past 12 months if FINRA requested them tomorrow?
- Are your employees aware that using unauthorized channels for business communications could result in personal fines and career consequences?
The Technology Gap
Many of the firms fined in August had robust email compliance systems. What they lacked was comprehensive monitoring across the communication channels where business actually happens today. Modern employees communicate across dozens of platforms, and compliance programs that don't account for this reality are incomplete by design.
This challenge was perfectly articulated by a compliance professional at a major bank who told us, "We definitely do email, Teams, and Hearsay... We don't really allow anybody to use social media except for LinkedIn." Despite having multiple systems in place, they were struggling with "ingestion issues" and responsiveness problems from their current vendor.
The reality? Legacy systems weren't built for today's communication landscape. When a compliance officer says, "I have myself and another colleague on compliance and I can't keep up with that," they're describing the exact scenario that leads to the violations we saw in August's disciplinary actions.
Moving Forward
The lesson from August isn’t subtle. Writing a policy against unapproved apps won’t protect you. Telling employees to “knock it off” won’t protect you. If business is being done on unmonitored channels, regulators will treat it as the firm’s failure and now, increasingly, the individuals'.
That’s why these fines matter. They’re a signal that FINRA expects firms to capture reality, not intentions. And if you can’t hand over a clean record set when asked, you’re already on the wrong side of the line.
