Off-Channel Communication Is a Billion-Dollar Problem. Is Your Firm Next?

Posted by Kevin Flynn

8 min Read

Regulators have been sending a clear message to the wealth management industry for three years running. The question is whether enterprise RIAs are listening or whether they’re assuming the risk belongs to someone else.


The Fines That Changed Everything

In 2022 and 2023, the SEC and CFTC executed the most significant record-keeping enforcement sweep in a generation. Sixteen major financial institutions, including JPMorgan Chase, Goldman Sachs, Morgan Stanley, Bank of America, Citigroup, and Barclays, paid a combined $2.9 billion in penalties for widespread failures to preserve employee communications on personal devices and on unauthorized platforms such as WhatsApp, Signal, and iMessage.

JPMorgan Chase alone paid $200 million. The violations weren’t isolated incidents or rogue actors. They were systemic failures baked into how employees communicated and how firms failed to supervise those communications.

$2.9 billion in fines. The message from regulators: this is a supervision problem, not a technology problem.

The enforcement actions were notable not just for their scale but for their framing. The SEC didn’t characterize these as technology failures. They characterized them as supervision failures, a deliberate signal to compliance officers and C-suite leadership that the obligation to monitor employee communications extends to every channel advisors use to reach clients.

Brokers and wirehouse advisors got the headlines. But the regulatory logic applies with equal force to registered investment advisors. And for enterprise RIAs managing billions across dozens of acquired firms and hundreds of advisors, the exposure isn’t theoretical. It’s operational.


Why Enterprise RIAs Face Compounded Risk

The off-channel communication problem is structurally more complex for enterprise RIAs than for wirehouses, and the reasons are worth understanding clearly.

When a wirehouse advisor sends a client message through an unapproved channel, it’s a compliance violation at one firm. When a PE-backed RIA completes its twelfth acquisition in three years, it inherits the communication practices and the compliance gaps of twelve different organizations, each with different cultures, different technology stacks, and different interpretations of what “appropriate client communication” looks like.

That’s not a compliance problem. That’s a portfolio of compliance problems, and you may not know which ones exist until an SEC examination surfaces them.

Consider the dynamics at play:

  • Advisors at recently acquired firms are accustomed to their previous workflows, including which platforms they use to reach clients.
  • Integration timelines create gaps between acquisition close and technology standardization that can last 12 to 18 months or longer. Integration timelines create gaps between acquisition close and technology standardization that can last 12 to 18 months or longer.
  • Advisors who’ve operated independently for years may not prioritize compliance training on communication policies.
  • Senior advisors with large books of business often push back on workflow changes, and firms hesitate to enforce compliance standards aggressively with high-revenue producers.

The result is a compliance environment that’s porous by design, not because anyone intended it that way, but because growth through acquisition creates complexity faster than compliance infrastructure can absorb it.


What “Off-Channel” Actually Means in Practice

Off-channel communication refers to any client interaction conducted through a medium that isn’t captured, archived, and supervised under the firm’s record-keeping infrastructure. Under SEC Rule 17a-4 for broker-dealers, and the equivalent books-and-records provisions under the Advisers Act for RIAs, firms are required to preserve all client communications related to advice, recommendations, and the conduct of advisory business.

In practice, this means personal text messages, personal email accounts, WhatsApp, and similar platforms used outside firm-approved systems are presumptively non-compliant, unless specific technical solutions are in place to capture and archive them.

The SEC’s position: if it can’t be audited, it shouldn’t be happening. And if it is happening, the firm is responsible.

For enterprise RIAs, the challenge isn’t that advisors are necessarily hiding communications from compliance. The challenge is that when advisor-client communication happens outside supervised channels, in response to a client text, a quick message on a personal phone, or an informal update through a personal email, the firm has no visibility, no audit trail, and no ability to supervise.

From an SEC examination standpoint, that invisibility is itself the violation.


The M&A Due Diligence Gap

Here’s a question worth asking your head of M&A or your deal team: does your current due diligence process include an audit of target firm communication practices before close?

Most enterprise RIA acquisition processes include thorough review of financials, AUM composition, client retention history, and advisor contract terms. Communication compliance audits are less common. When they’re conducted, they’re often high-level assessments rather than technical reviews of what’s actually being archived and supervised.

This creates a specific and under-appreciated risk: firms can close an acquisition, welcome 25 advisors into the organization, and spend the next 12 months unknowingly inheriting communication exposure from the target’s pre-acquisition practices, exposure that becomes the acquirer’s liability the moment the deal closes.

The SEC has been explicit: record-keeping obligations follow the business. When you acquire a firm, you acquire its compliance history, including the gaps.


The Examination Readiness Problem

SEC examinations of registered investment advisors have increased in frequency and scope over the past several years. The SEC’s Division of Examinations has flagged communication practices as a priority examination area, and recent risk alerts have specifically called out failures related to electronic communications and record-keeping.

For enterprise RIAs, examination readiness is a business continuity issue, not just a compliance checkbox. An examination that surfaces widespread communication record-keeping failures across multiple acquired firms can result in:

  • Formal findings and required remediation plans that consume significant management time and resources.
  • Substantial fines assessed against the firm as a registered entity, not individual advisors.
  • Reputational damage with existing clients who learn about compliance failures through regulatory disclosure requirements.
  • M&A valuation risk: Acquirers conducting diligence on your firm will review your examination history, and compliance findings create uncertainty that depresses valuation multiples.

That last point matters particularly in PE-backed environments where exit strategies depend on maintaining, and ideally improving, valuation metrics over the hold period. A compliance finding that creates regulatory uncertainty is a direct threat to exit value. It’s not an abstract risk on a risk register. It’s a line item that affects returns.


The Industry Has Gotten the Message — Mostly

To be fair, the 2022 and 2023 enforcement sweeps produced meaningful change at large institutions. Major banks and wirehouses invested heavily in communication compliance infrastructure following the fines, and many have adopted enterprise-grade archiving and supervision platforms to close the gaps.

The RIA channel has been slower to respond, in part because the most visible enforcement actions targeted broker-dealers and in part because independent advisory firms often lack the compliance infrastructure and operational bandwidth to implement comprehensive communication supervision at scale.

But the SEC has been moving steadily toward applying the same standards to registered investment advisors. The 2023 risk alerts, the increased examination frequency, and the extension of record-keeping scrutiny to new communication platforms all signal the same direction: the compliance bar is rising, and it’s rising for the entire industry.

The 2022 and 2023 enforcement sweep targeted wirehouses. The next wave will look at RIAs — and enterprise RIAs have the most to lose.


The Strategic Question for Enterprise Leadership

For CEOs, chief compliance officers, and PE operating partners overseeing enterprise RIA platforms, the off-channel communication question isn’t primarily a technology question. It’s a governance question.

The governance question is this: do you have visibility into how advisors across every office, in every acquired firm, are communicating with clients today? And if you don’t, which is true for most multi-office RIA platforms, what’s the firm’s plan for closing that gap?

This isn’t about punishing advisors for using personal phones. It’s about building the compliance infrastructure that lets the firm grow through acquisition without accumulating hidden regulatory exposure at every deal. It’s about ensuring that examination readiness is a scalable capability, not a last-minute scramble. And it’s about protecting the firm’s ability to demonstrate to future acquirers, PE sponsors, and regulators that compliance is a strength, not a liability.

The firms that are building that infrastructure now, before the SEC examination and enforcement action, are the ones that will have cleaner balance sheets, stronger valuations, and a more defensible compliance posture when it matters most.


Key Takeaways

  • The SEC’s 2022–2023 record-keeping enforcement sweep resulted in $2.9B in fines and established off-channel communication as a priority examination area.
  • Enterprise RIAs face compounded risk because M&A growth creates communication compliance gaps faster than most compliance infrastructures can absorb.
  • Due diligence processes that don’t include communication practice audits may be inheriting pre-acquisition liability at close.
  • Examination findings create M&A valuation risk that directly affects PE sponsor returns.
  • The compliance bar is rising industry-wide. Firms building supervision infrastructure now are building a competitive advantage, not just meeting a requirement.

About Blueleaf Engage

Blueleaf Engage is the enterprise client engagement platform built for PE-backed RIA platforms and large advisory firms. Engage provides compliance-first client communication infrastructure, including full message archiving, audit trails, and supervised communication workflows, that scales with your firm as you grow through acquisition. Learn more at blueleaf.com/engage.

Your PE Sponsors Want 20% Growth. Your Client Portal Isn’t Helping