Top 4 Communications Channels Exposing Firms to Compliance Risks
Digital workplace transformation took a monumental leap forward during the pandemic as downtown offices splintered into a network of home offices. Now that it’s shown to have been widely successful, the prevalence of remote work is likely to stay. However, while the initial focus was to enable business continuity, the challenges of managing regulatory compliance have been further complicated.
From the recent Smarsh Risk & Compliance survey, we know that firms continue to struggle with compliance requirements as a barrage of new communications tools are introduced. Survey data illustrates significant gaps between the channels firms allow for business use and the retention and oversight needed to meet compliance obligations and successfully manage the subsequent risk.
Compliance gaps: Absence or misalignment of communications policies, supervisory procedures and technology in relation to the channels that employees are actually using to communicate.
There’s still work to be done to fully modernize compliance technology in the financial industry. In this article, we take a deeper look into the top four communication channels leaving firms open to compliance risks and what firms should consider as communications compliance evolves with the workplace.
1. Conferencing and meeting solutions
Conferencing and meeting tools are designed to share information by broadcasting presentations and webinars or facilitating video or voice calls. Common solutions include:
- Zoom
- Webex
- GoToMeeting
These are important tools for firms. But they also have the widest compliance gaps of commonly used communication channels. Even though most surveyed firms are working remotely and allow the use of conferencing solutions, less than a quarter (22% of firms) have established archiving and supervision programs for this content.
In fact, survey respondents were unclear on whether they should even record meetings that take place on these platforms. 64% say they rarely or never record meetings that take place on conferencing solutions, and nearly half of those respondents (47%) don’t see the channel as a source of risk at all.
This is a major concern. FINRA and SEC regulations state that electronic communications must be retained if the content is business-related. As conferencing and meeting solutions continue to add capabilities (like chat features) and firms adopt the tools for more purposes, compliance teams need to be focused on how they approach the oversight of the records that emerge.
"More than half (51%) of respondents started using meeting solutions such as Zoom and Webex — or added seats or functionality — because of work-from-home mandates."
2. Instant messaging and collaboration platforms
Where meeting solutions are intended to share knowledge or information, IM and collaboration tools help individuals or internal teams communicate directly to accomplish a common goal or objective. Communications can be instant messages, file-sharing or virtual meetings, which generate metadata around activities like edits, deletes, joining or leaving a conversation, sending emoji responses and more.
Here’s a breakdown of which platforms are used by the surveyed firms:
These tools are vital for a remote workforce. However, IM and collaboration platforms also present retention and oversight challenges. Nearly one-third of firms that use these tools don’t have a retention or oversight system for these solutions, even though many respondents (89%) allow them for business use.
The sheer volume and variety of data this channel generates requires strong compliance and supervision policies, governance programs and modern technology to adequately mitigate risk. Firms also need to account for increasingly unique oversight challenges, as these platforms are a convergence of several quickly evolving modalities of communication.
3. Encrypted channels and mobile-first apps
Encrypted mobile apps (like WhatsApp and WeChat) are used by more people worldwide than any other tool besides email, and their popularity continues to grow as firms increase their global reach. Encrypted applications were not even in the top 10 most requested by employees in 2018 or 2019 but placed second for most requested communication channel in 2020.
Even so, encrypted messaging applications are the most widely prohibited among survey respondents (at 68%). As we’ve seen from specific enforcement cases, and repeated experience with new communications channels, unsupervised employees and affiliated personnel may be using them anyway.
In fact, close to half of survey respondents have minimal confidence in their prohibition policies. Firms also lack the confidence to deliver regulator-requested content in a reasonable time frame. Compared to email, for example, this indicates a significant confidence gap and compliance liability.
This creates compliance risk for firms and may result in financial or legal penalties. There is a persistent need for firms to take the right steps to implement appropriate mobile governance policies and practices.
4. SMS/text messaging
Employees have been clamoring for years to be allowed to use text messages to conduct business. It has consistently ranked as the most requested channel for use by employees over the years, by a large margin. However, more than half of survey respondents view SMS/text messaging as a top source of compliance risk.
Firms have historically used prohibition policies to manage text message usage. Even though our mobile devices are never far away from us, SMS/text messaging is still overwhelmingly prohibited in financial services according to the survey, considering only 33% of respondents’ firms allow it for work.
Like encrypted messaging apps, there are frequent cases where employees and firms are fined for using this prohibited communication channel. At this point, it is an inconvenient communication barrier to not allow employees to communicate with each other and with customers in such a ubiquitous way. Prohibition doesn’t necessarily mean employees won’t text, and without policies in place to govern text messaging, firms put their organizations at risk.
The future of communications compliance
Regulators are becoming only more vigilant with the remote workforce. Remote workers on disparate networks and new communications tools create an environment vulnerable to fraud and misconduct. Regulators expect firms to establish and maintain reasonable compliance systems designed to monitor the activities of each associated person, no matter where their work location happens to be.
Get a copy of the full survey report to learn what you can do to stay ahead of the trends, challenges and opportunities driving digital communications compliance in the financial services industry.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US