Compliance Professionals Concerned Over New Communication Channels and BYOD
No matter the size of the business (large or SMB), for anyone in financial services, compliance is a major concern for this heavily regulated industry. Interestingly, as compliance concerns go, other industries often look to financial services to adopt best of practices. Recently, financial services compliance professionals participated in a survey regarding retention and oversight of electronic communications. Their collective responses offer insight into the concerns of compliance officers, especially as it pertains to newer communication channels (like social media and texting) and the growth of mobile.
As business communications have expanded beyond the traditional channels, compliance professionals have had to respond by taking steps to build new policies, as well as broaden supervision and retention procedures. Regulatory requirements for electronic communications is expanding and compliance professionals are being asked to produce a broader range of message types during examinations.
“This year’s survey findings illuminate the shifts underway related to electronic communications compliance,” said Stephen Marsh, CEO and founder of Smarsh, the company behind the survey. “The retention and oversight of electronic communications is becoming increasingly complicated as employees are presented with a growing number of options to communicate—from instant messages and mobile devices to websites and social collaboration tools—and compliance officers must adjust quickly and comprehensively to mitigate risks to their firms.”
Risk reduction is the key goal and many recognize that compliance practices have not caught up to all the electronic communication options currently available. In fact, it is these new communication channels that are the second biggest concern for firms.
According to the survey, over the course of the past year there has been a significant increase in the number of firms that allow a variety of mobile devices for business purposes. In past years, most organizations required the use of a controlled, company-issued BlackBerry. Today, the BYOD (bring your own device) trend can be seen even in this highly regulated industry with more than half of firms now allowing iPhones, iPads, Android phones and tablets on the corporate network. Extending compliance practices to oversee these communication devices earns the top compliance concern, cited by 63 percent of survey respondents.
Marsh notes that last year FINRA issued Regulatory Notice 11-39, stating that firms are required to retain, retrieve and supervise business communications regardless of whether they are conducted from a work-issued device or personal device. The survey points to the fact that archiving and supervision practices governing communication from these devices, however, lag behind those established for laptops and desktop computers. A majority of survey respondents (65 percent) said they would have minimal to no confidence in their ability to produce text messages during examinations.
The survey pointed also to a notable change from last year, organizations are adapting and increasingly taking steps to formalize their position on social media use. Nearly 80 percent of respondents indicated they have written policies to address the use of LinkedIn, Facebook, and Twitter, a significant increase from the year before, when less than half indicated they had a policy in place. However, the findings reveal that when it comes to putting archiving and supervision systems in place for social media, most firms (more than 60 percent) have not yet taken action.
“Social media is following a similar adoption path to instant messaging and email,” comments Marsh. “As with those communications channels, we are seeing firms first put policies in place. Then, they turn their attention to enforcement and how they can effectively and efficiently supervise and archive the communications.”
Another area where a lag exists in retention and supervision is company websites. Increasingly interactive with videos, slideshows, Flash and other interactive elements, survey respondents said that website content was the second most requested communication type during regulatory examinations, second only to email. However, 41 percent of respondents indicated having minimal to no confidence in their ability to produce website content during an examination, and only 35 percent reported having an archiving and supervision system in place for websites.
As electronic communication channels increase, so too does the amount of time it takes to maintain regulatory compliance. Compliance burden is reflected in the 60 percent of respondents that reported an increase in resources (time and/or money) spent on electronic message compliance in the past year. Nearly all survey respondents (96.6 percent) indicated resources spent increased or stayed the same.
Reducing risk and maintaining good retention policies is time consuming, but it’s always worth doing, for any industry. Financial services are held to very high standards in this regard. Marsh says in 2011 FINRA doled out 1,411 disciplinary actions against registered individuals and firms and the SEC brought forth 735 enforcement actions that resulted in US$2.8 billion in penalties. The expectation is that examinations will only become more frequent in 2012.
This is the second annual Electronic Communications Compliance Survey conducted by the company. The full survey report is available here for download.
- IT Security
- Internet Privacy
- Messaging Security
- Email Security
- Mobile Security
- Internet Security
- Cloud Security
- Information Security
- Internet Privacy
- Privacy Protection
- Email Encryption
- Data Breach Protection
- Spam Filtering
- Virus Protection
- Botnet Detection
- Internet Worm Protection
- Social Business
- Managed IT Services
- Mobile Devices
- Disaster Management
- 1 of 278