Recently, Smarsh, a leading provider of hosted archiving solutions for compliance and e-discovery, released its fifth “Electronic Communications Compliance Survey Report,” which focused on key trends and challenges facing compliance officers around the retention and supervision of electronic communications.
Overall, the study found that compliance is taking on a more significant role across organizations – moving beyond traditional archiving and e-discovery efforts, to add value to sales and marketing, HR, risk assessment and cybersecurity.
In comparison to past studies, this year’s report also found that compliance officers are feeling more confident about incorporating new communication channels for business, including social media. According to Stephen Marsh, CEO and found of Smash, nearly three-quarters of respondents now report having a BYOD policy and the ability to capture data to make non-business-specific tools compliant.
One apparent blind spot that has yet to be addressed, however, is the capturing and preserving of text messages used in business communication. Given the multiple tools and platforms that are used for messaging, compliance departments are not able to easily capture the data – leaving this area out of compliance. Nearly two-thirds of respondents admitted they had no confidence in their ability to reproduce messages.
“The oversight of electronic communications has evolved to become far more than the cursory, check-the-box review of email that existed years ago,” said Marsh. “Today, with more data points and better technology at their disposal, compliance teams are more empowered to identify risky communications and then mitigate potentially damaging issues before they become serious. Also, as the compliance role is elevated in importance within an organization, convergence with IT and marketing initiatives is increasing. As a result, compliance is becoming an enabler of social media usage, and a key part of cybersecurity strategy.”
Electronic Communications Retention and Oversight Trends
Click through for findings from a survey of electronic communication compliance trends, conducted by Smarsh.
Greater Social and Mobile Engagement
For the first time in five years, new and emerging communications channels were cited as a concern for fewer than half of the respondents. This year, all of the “big three” social media channels (Facebook, Twitter and LinkedIn) were permitted for business communications at higher rates compared to last year, with LinkedIn experiencing the greatest increase (11.5 percent).
Firms are not only permitting employees to communicate on business social media accounts (for instance, corporate ‘company pages’) — they’re allowing advisors to conduct business through personal social media accounts. Eighty percent of firms that allow social channels allow employees to use personal LinkedIn accounts and 63.5 percent allow personal Twitter accounts.
While the growth in policy and enforcement technology trends in the right direction, a compliance gap still remains. On average, 32 percent of firms that allow social channels do not have a solution in place to retain and supervise social media. The gap is 13 percent larger for firms that don’t allow personal channels (but do allow corporate pages for business communications).
Text/SMS Messaging and Mobile
Allowance of personal devices for business communications is up 17 percent from last year, and 73 percent of respondents have a bring your own device (BYOD) policy, compared to 58 percent last year.
The rates of text message allowance for business communications and archiving continue to rise. However, compliance officers have significantly lower confidence in their ability to produce text messages upon request compared to other types of electronic messaging.
The Role of Compliance
The role of compliance is expanding to include solving new business challenges. E-comm oversight is no longer just a checkbox “need to have” for compliance professionals. As electronic messaging channels have gained more prominence in business communications, firms are recognizing the value of this archived data, and the huge opportunity that message supervision presents to identify risk within an organization.
Seventy-two percent of respondents now believe message supervision is a critical tool to identify risk in their organization, up 13 percent from last year. Eighty-one percent believe message supervision delivers valuable and actionable insights to the businesses, versus 65 percent last year.
Top E-comm Concerns
The shift in compliance professionals’ top concerns shows that message supervision is moving from reactive to proactive. In 2015, as in 2011, new and changing regulations and increased security and enforcement by regulators remained among respondents’ top four concerns. But this year, balancing employee privacy considers with oversight obligations and cybersecurity threats posed by use of electronic message platforms surfaced as top priorities.
Email remained the message type that was most requested during a regulatory exam at 77 percent, up 13 percent from 2014. Website pages, instant messages, Bloomberg or Reuters messages, social media and text messages round out the top six most requested message types.
Supervision activity reports (proof of supervision), disaster recovery or business continuity plan (DR/BCP) and written supervisory procedures (WSP) remained the top three requested forms of related documentations. Requests for these materials are on the rise this year as well.
Data Production Challenges
The issue of data production is under FINRA’s microscope this year, as the self-regulatory organization explicitly called out the inability to provide data in the requested time as “unacceptable” in its 2015 Exams Priorities Letter.
The No. 1 challenge compliance officers face in producing data is managing the number of platforms used to retain and supervise this data.
A single platform to manage and supervise messages from various communications channels was reported by 83.2 percent as ‘important to critically important’ when developing a comprehensive electronic messaging compliance program.