Financial Services Firms Need More than Policies to Manage Communications Risk and Compliance

0

Financial services might be one of the last customer-centric industries where actual human-to-human phone calls are still a primary channel for doing business. The workforce is getting younger, and digital natives (those born in the Internet era, starting with the Millennials) bring their own communication styles, preferences, and channels of choice. Their insistence on communicating by text message and their legendary loathing of phone calls represents a significant shift. When you consider that U.S. Millennials (56 million individuals) and Gen Xers (53 million) represent a third of the country’s entire population, you can begin to grasp the scope of cultural change to which workplaces must adapt.

Financial firms not only employ individuals from these younger generations, they also do a growing amount of business with them. As a group, Americans under 50 prefer texting for business and personal matters. In fact, a Gallup poll from 2014 confirmed text messaging as the most popular form of “nonpersonal communication” among American adults — and it has only become more so in the nearly five years since the poll was conducted.

To remain compliant while accommodating these cultural and socioeconomic trends, firms need to develop an integrated process that includes policy, enforcement, and comprehensive archiving of all communication channels. Allowing more channels increases the inherent risk, but so does operating on the assumption that employees and clients will abide by irksome prohibitions.

It is imperative, of course, to have a formal policy prohibiting the use of certain electronic communications channels and to communicate it clearly to your employees. Documented employee attestation and acknowledgement of the policy won’t prevent all potential regulatory violations, but it does help to protect the company. If an individual knowingly flouts the policy, they will be held individually liable for any penalties levied by FINRA or the SEC. However, the policy is just the beginning of the organization’s responsibility, and accounts for only one component of an effective compliance and oversight program.

All financial firms must reliably retain and adequately supervise the use of all methods of electronic communications their employees use to conduct firm business, both externally and internally. The firm must be prepared to: quickly respond to regulator or auditor demands for specific messages; demonstrate the methods with which they retain and monitor the communications for potential violations; and report what actions, if any, they take when non-compliance is discovered.

If an employee is using a channel that is unsupervised and not being retained, their actions expose the firm to more than the risk of a compliance violation. What if the messages contain customer-specific data that includes personally identifiable information (PII) and a security breach occurs? What if the messages contain firm-specific details that compromise the firm’s reputation and break trust with clients? What if some combination out-of-bounds and retained messages exposes a gap in the firm’s supervision systems, workflows and governance? None of these issues will be prevented by the existence of a prohibition policy. In fact the policy by itself does very little to reduce risk if and when employees choose to ignore it.

In addition to potential violations and resulting fines, it’s worth considering that unpopular prohibition policies have a negative impact on employee productivity and client relations. Your firm’s competitiveness in recruiting both employees and clients could be compromised as a result of banning the productivity-enhancing channels like SMS text messaging and social media (LinkedIn, Twitter, etc.) and workforce collaboration platforms such as Slack, Microsoft Teams and others. If you’re not convinced this is an issue worth solving, ask advisors how comfortable they are with replying “I am only allowed to communicate with you via email” every time a client texts them with a timely request.

Takeaways for 2019

As the Smarsh 2018 Electronic Communications Compliance Survey Report reveals, modern communications channels such as social media, text messages, and collaboration platforms are in high demand from both clients and employees who value the speed and efficiency these newer channels offer. Simultaneously, regulators are increasing their focus on these new channels, and levying heavy fines where firms are found to be deficient in their recordkeeping and supervision efforts.

Text messages, social media, collaboration platforms, and mobile devices arethe future of business communications and your firm must be prepared to deal with this new reality. We highly recommend you update your firms’ Written Supervisory Procedures (WSPs) to include all potential communications channels — and whatever you do, do not rely on prohibition. Prohibiting channels simply does not work, and by prohibiting a channel, you’ve effectively guaranteed that it’s not being monitored. Inevitably, that decision will come back to haunt you.

The key takeaway you should keep in mind throughout 2019 is that as your firm enables modern communications to enhance the efficiency of its workforce, it’s critical to capture and supervise all relevant communications for proactive monitoring and supervision. The alternative only leads to higher risks of reputational damage and increasingly painful fines.

Fortunately, comprehensive archiving platforms can provide the necessary foundation for developing and overseeing a communications policy that is both convenient and compliant. These platforms support the reliable capture, retention, supervision and speedy retrieval of messages and records for communications channels from email and SMS/text messages to instant messages and web site updates. Proactively implementing the proper systems and allowing the compliant adoption of mainstream electronic business channels will protect your firm much better than prohibitive policies that are routinely ignored anyway. As new risk and abuse patterns emerge, regulators will adjust their investigative practices. For instance, they now frequently request supporting documentation that details how your compliance program functions in addition to records of retained messages across numerous communication channels.

Your clients and employees want to use apps and text messaging for the obvious benefits they provide in terms of efficiency and reach, and with modern archiving technology, you can accommodate their preferences while reducing risk and streamlining audits and e-discovery. Of course, the channels that cannot be archived and governed properly (e.g., Snapchat, Confide, etc.) should still be prohibited by policy, but many can be safely adopted and leveraged to keep your business competitive and agile.

Bluntly stated, it’s past time to incorporate your client’s digital communications preferences into your firm’s policies and governance processes. After all, smartphones and text messaging have been a global phenomenon for more than a decade. No one under the age of 35 will understand continued bans on text messaging, and most people over 35 want to use it too. You don’t tell clients you refuse to use the Internet due to the risk of data breaches — admitting you can’t text them back is likely to sound just as ridiculous. In the end, if your client or prospect is aware of firms that have implemented comprehensive archiving solutions and allow the use of most popular communication apps, they may get the sense your firm isn’t interested in going the extra mile to serve them and protect their data and assets.

Implementing solutions that keep customers happy, workers productive, and regulators satisfied is smart business all around. What’s more, the same solutions reduce risk, help detect corporate fraud, and hold everyone accountable. We never know when a new killer app is going to cause another sea change in communications culture. As more of our personal and business tools and environments become smart and interconnected, communication channels will converge and multiply. Being ready to adopt them in compliant and risk-managed fashion will keep your financial services firm ready for the next generation of customers, employees, and regulation.

Share.

About Author

Mike Pagani is a seasoned IT professional and recognized subject matter expert in the areas of mobility, identity and access management, network security and virtualization. Prior to joining Smarsh in November 2014, Pagani held executive-level corporate and technology leadership/spokesperson roles for Stay-Linked, Quest Software, NComputing, Dell Software and others.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.