Why the Explosion of Communications Channels Is a Compliance Problem
The use of social and collaborative communications provides new opportunities to deepen engagement with clients, but also creates new sources of compliance risk—in particular, if those intent on wrongdoing believe your focus is elsewhere.
January 09, 2019 at 07:00 AM
5 minute read
Many companies today use more than 40 different communications channels, including social media, mobile apps, collaborative tools, voice, and email. We are approaching a future in which every application will have a messaging component, which presents daunting new challenges for business supervisory processes and technologies.
The reason behind the explosion of new communications tools is clear: the need and desire to communicate with clients over the channels of their choice. It's not about technology per se, it's about meeting your business goals by responding to client demands before your competitors can. Changing demographics mean that it is increasingly likely that your client uses email infrequently—if at all—and will expect to interact on a social or mobile network.
Beyond the pull from clients, firms are also attempting to roll out new collaborative platforms including Microsoft Teams, Symphony, Slack, and WebEx Teams to improve internal productivity between regulated and non-regulated users and shorten client response times. The push from internal IT towards these new platforms adds to the challenge for compliance teams to address a more diverse and complex network of communications and collaborative formats.
|It's More Than Just Messaging
Firms have well established supervisory processes to identify potential policy infractions via the inspection of email and IM against a set of lexicons. But what happens when a conversation takes place over a series of tweets? What happens when a post is altered, deleted, or shared with a third party? What if that conversation is encoded emojis of palm trees, chickens, or smiley poo?
Consider that a single Financial Services collaborative platform, Symphony, has 160 proprietary emoji characters itself. Now consider a conversation hopping across multiple communications channels and chat rooms. Add in voice, video, app sharing, bots, and you arrive at today's communication reality.
|Implications to Supervisory Review
With the rapid adoption of social and collaborative platforms comes implications to supervisory review—and to financial services compliance more broadly—that are enormous to firms of all shapes and sizes. Some of the key considerations include the following:
Policies: Beyond simply stating that “you can't use what cannot be supervised,” firms need to evaluate whether existing communications policies clearly state what registered reps can and cannot do on social and collaborative channels. Since prohibition alone is rarely effective, policies should also clearly outline the consequences for use of unauthorized networks.
Methods of Capture: Every social and collaborative communications channel is different, each offering their own methods of capture—while some are suitable for regulatory use cases, some are not. The availability of APIs or other methods that allow for validation of completeness and accuracy of that source is a pre-requisite for any regulated firm. Simply building a compliance-ready “connector” to capture social and collaborative content is hard enough for a single network—it becomes a full-time job if you are supporting multiple networks and devices and need to keep connections to content sources up-to-date as those sources change over time.
Compliance Controls: Allowing the use of social and collaborative communications sources should not be an all-or-nothing proposition. There is a quickly evolving market for native and third-party capabilities to implement policy controls such as message blocking, feature controls, ethical walls, and data loss prevention. The end-goal of enforcing policy controls uniformly on all communications networks, or equally on-premises and in the cloud, is not achievable yet, but the gaps continue to narrow. Firms should closely monitor the market to understand current capabilities and upcoming feature enhancements from native content providers and third-party solutions.
Supervisory Review: As has been noted previously, most review products in the market today flatten rich, dynamic content from social and collaborative communications into individual messages that need to be pieced together. What more firms are experiencing is that simply threading messages is not sufficient if you are attempting to identify items that may have been changed or deleted, or events that may have taken place in a collaborative workspace like a chat room. We can only expect that this challenge will continue to grow as non-email communication sources continue to increase proportionately, and as social and collaborative communications become the target of FINRA and SEC enforcement actions more frequently.
|Content and Context are Determinative
The use of social and collaborative communications provides new opportunities to deepen engagement with clients, but also creates new sources of compliance risk—in particular, if those intent on wrongdoing believe your focus is elsewhere. The evolution of work communication should also provide an opportunity to refocus supervisory processes and technologies.
It's easy to become consumed with the goal of improving the efficiency of message review, when the objective and focus should be on identifying and responding to potential information risks. Ultimately, in the words of the SEC and FINRA, it is the content and context of a communication that is determinative, not the specific communication tool that is being used.
Robert Cruz is Senior Director of Information Governance for Smarsh, with more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and Discovery cost and risk reduction.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250