As the electronic communications compliance landscape becomes more complex and scrutinized, a significant number of financial firms are vulnerable because of gaps in their retention and oversight initiatives, according to new research from compliance, e-discovery and risk management firm Smarsh. The firm recently released its seventh annual Electronic Communications Compliance Survey Report.
Adding to the complexity is the growing number of non-email communications options that must be retained and supervised, particularly mobile communications. In fact, mobile devices and non-email communications channels, such as text messaging, account for two of respondents’ top three overall e-communications compliance concerns. Not only were each of these concerns identified by at least half of survey respondents, but the percentages jumped significantly from 2016.
Gaps in retention and supervision programs have substantial consequences. FINRA reported 99 books and records cases in 2016, resulting in $22.5 million in fines. Compared to 2015, that represents a 423-percent increase in fines.
“Firms need to leverage new and emerging channels to communicate with their customers and stay competitive, but they’re failing to manage the risk,” said Stephen Marsh, CEO and founder of Smarsh, in a news release. “We know the outright prohibition of new communications channels simply doesn’t work. Many of the firms that have been fined had policies that attempted to prohibit the communication channel in question. Those that are most successful in managing risk are re-balancing their supervision portfolio, and strategically leveraging technology to identify risk in text messages, social media and instant messaging, in addition to email.”
Here’s why firms are concerned about mobile communications
With mobile devices in the hands of nearly every employee these days, mobile communications are top of mind with compliance professionals. Forty-two percent of survey respondents reported that employees requested to use text/SMS messaging for business purposes—the most requested channel for business use by employees, doubling from 2016.
More than half of respondents (52 percent) identified text/SMS messaging as the type of non-email content that poses the greatest compliance risk to their organization, ahead of social media (33 percent), instant messaging (8 percent) and website content (7 percent). These concerns are validated by gaps in compliance practices and confidence when it comes to mobile communications. Among the firms that allow text/SMS messaging, almost half (48 percent) do not have a solution for retention and oversight in place.
Other key study findings:
The report addresses several additional aspects of electronic communications compliance. Other key findings include:
- Prohibiting the use of a communications channel is not an effective solution for firms. Confidence in the effectiveness of prohibition policies—and the ability to prove that employees are not using a given communications channel—is low. This confidence gap is reported by more than half of respondents for each of the top social media channels: LinkedIn (67 percent), Twitter (57 percent), Facebook (51 percent) and Instagram (52 percent).
- Requests for content during regulatory examinations are growing in scope and diversity. While more than 90 percent of firms examined in the last year reported having to produce email, more than half had to produce website content, and requests for content from social media sites including LinkedIn, Twitter, and Facebook are on the rise.
- While regulatory requirements are often the primary driver for archiving and supervision, 88 percent of respondents recognize electronic communications data can also help identify risks to the organization. More than half of respondents (59 percent) confirm that their organization uses this data to identify fraudulent activity, among other purposes, such as supporting e-discovery and HR issues, and detecting market abuse.
In February and March 2017, 119 individuals in financial services with direct compliance supervision responsibilities participated in a 31-question survey designed to identify current trends and to share insight on policies and practices about the usage, retention and supervision of electronic business communications. Respondents were drawn from a wide range of firm sizes and job titles, from C-level management and chief compliance officers to compliance department staff.