By Shiran WeitzmanCEO and Co-Founder, Shield
Jhe growing reliance on our mobile devices has placed financial institutions in a major dilemma as employees have more access than ever to various communication channels, making it harder than ever to control employee communication. Institutions are obligated to follow certain compliance regulations set forth by the SEC, but that doesn’t mean employees don’t take it upon themselves to extend their correspondence beyond company-owned and approved communication channels. A reported 87% of companies rely on their employees’ ability to access business applications on their mobile phones. The question is through which channels and how financial institutions can mitigate the associated risks.
This article will discuss the role of the SEC in enforcing communications compliance measures while examining current issues facing financial firms and what they can do to overcome these challenges.
Increased interest from the SEC
When it comes to employees using personal devices versus approved communication channels, the SEC has already shown interest in how companies track employee digital communications. In October last year, Reuters reported that the SEC had begun to inquire into how Wall Street banks were “track employee digital communications“, including use on personal devices such as SMS and email.
Much of the SEC’s interest in how these large financial institutions track their staff’s communication, particularly on personal devices, stems from the shift to a work-from-home culture that has created a lack of visibility of employees. Additionally, the work-from-home environment has imposed an uphill battle for companies and compliance teams to manage and audit employee communications.
Financial companies are feeling the pressure to maintain compliance measures when it comes to all forms of communication. Witness the recent fines imposed in December on some of the largest investment banks for failing to maintain proper compliance processes, including record keeping. The two companies faced nearly $1 billion in fines combined. In February of this year, the two Goldman Sachs and HSBC found themselves in a similar situation with the inability to properly track and archive employee communications with fines still outstanding. And even more recently, Citibank found themselves in the hot seat as the SEC investigates the company’s recordkeeping compliance.
Where companies are lagging behind
Many banks continue to rely on traditional providers, whose manual methods are obsolete because they cannot keep up with advances in technology and rapidly increasing communication channels. Simply put, it is almost impossible to manually obtain, sift through and process the vast amount of data on mobile communication channels while adhering to newly imposed regulations and new practices used by malicious actors. CAF reported that there had been a 200% increase in the volume of data to be processed for surveys via encrypted channels such as WhatsApp. While this doesn’t just reflect mobile channels, it demonstrates that businesses need to be equipped with sufficient resources that can accommodate large volumes of data.
Additionally, the aforementioned work-from-home environment has extended longer than some initially anticipated, as many companies have adopted it as a permanent model. This makes these companies vulnerable to nefarious acts of fraud, including instances of market abuse, insider trading, identity theft, and headlong rushing by malicious actors. It has created new opportunities that may go unnoticed. But it doesn’t stop there because the use of emojis has established itself as a toolcamouflage harmful behavior. Emojis, along with gifs and images, can be concerning because they can easily go unnoticed because the intent isn’t necessarily clear.
We are also seeing increased use of voice notes and video messages in the workplace. These two methods of communication can further complicate the compliance process. What makes voice and video difficult to track is that they don’t necessarily use text, making it harder for teams and compliance systems to track and report any malicious intent.
Financial companies may face a dilemma regarding authorized and unauthorized mobile communication channels. From an employer’s perspective, they want to protect the business from any potential instances of abuse or manipulation while having the ability to provide proper compliance oversight. From the employee’s perspective, some platforms provide greater convenience and can sometimes result in the use of unauthorized communication channels. Something can also be said about customer preferences and the influence they have on the platform through which they communicate.
However, financial institutions are still held accountable for the need to provide adequate employee communication compliance measures to meet the requirements of regulators, even companies that have adapted to new technologies and implemented up-to-date compliance methods.
The future of electronic communication practices
Communication with employees will continue to be a problem for financial firms. They must accept that mobile channels will play a major role in their business. Ultimately, if companies are to protect themselves and their employees, it is essential to start by implementing company-wide policies that are clearly articulated to employees on which mobile communication platforms are allowed. to do business and how they should be used. This allows companies to protect themselves by creating transparency and eliminating any potential confusion about what is acceptable and what is not. While this won’t solve all of their problems, it is the first step in protecting the company from employee fraud.
Going further, as compliance technology continues to evolve, companies must recognize that it is imperative that they adapt and implement the new workplace intelligence technologies and tools available to them. . Artificial intelligence plays a key role in the security of a company, allowing it and compliance teams to automate compliance monitoring and provide an analysis solution.
In some cases, market abusers can easily go through multiple mobile channels by sending a message on each to formulate a single message. Some may even resort to using multiple languages, creating multiple threads of correspondence that can fly under the radar or throw off most monitoring tools. This amplifies the need for business intelligence solutions that are AI-powered, transparent, and have the ability to broadly search across multiple mobile channels in parallel and pick up on those patterns. These advanced compliance solutions are essential to improving the overall compliance monitoring process. Financial companies should look for solutions and tools with better record keeping management, advanced search capabilities and enhanced security measures.
Financial firms can and certainly should learn from the mistakes of others to make more informed decisions about how they conduct compliance oversight and adhere to various SEC regulations. Updating your employee communications compliance policies and solutions can help keep your business out of the SEC’s sights and avoid hundreds of millions of dollars in fines.
Even as mobile communications continue to dominate our working lives and expand beyond currently available channels, financial companies can take the right steps to equip themselves with the right tools that are both effective and efficient. Communication compliance platforms that have the ability to provide both business and compliance teams with accessibility, transparency, and to meet regulators’ requirements should be highly considered and sought after. Communications compliance is constantly evolving and will be critical to the future success of the financial industry and the way businesses conduct business.