By Shiran Weitzman, CEO and Co-founder, Shield
The growing reliance on our mobile devices has put financial institutions in a major dilemma as employees have more access than ever before to various communication channels making it harder than ever to monitor employee communication. Institutions have an obligation to meet certain compliance regulations set by the SEC but that doesn’t mean employees don’t take it upon themselves to extend their correspondence beyond company-owned and approved communication channels. A reported 87% of businesses rely on their employees’ ability to access work related apps on their mobile phones. The question is through which channels and how can financial institutions mitigate the risks associated.
This article will discuss the SEC’s role in enforcing communication compliance measures while also examining current issues financial firms are faced with and what they can do to overcome these challenges.
Increased Interest from the SEC
When it comes to employees using personal devices as opposed to approved communication channels, the SEC has already shown its interest in how firms are keeping track of employee digital communications. In October of last year, Reuters reported that the SEC began inquiring how Wall Street Banks were “keeping track of employees’ digital communications” including usage on personal devices such as SMS and emails.
Much of the SEC’s interest in how these major financial institutions are tracking their staff’s communication, especially on personal devices, stems from the shift to a work-from-home culture which has created a lack of employee visibility. Furthermore, the work-from-home environment has imposed an uphill battle for firms and compliance teams to manage and audit employee communications.
Financial firms are feeling the pressure to maintain compliance measures as it relates to all forms of communications. Further demonstrated by recent fines handed out in December to a couple of the largest investment banks for failure to maintain proper compliance processes including record-keeping. The two firms faced nearly $1 billion in fines combine. In February of this year, both Goldman Sachs and HSBC have found themselves in a similar situation with failure to properly track and archive employee communications with fines still pending. And even more recently, Citibank found themselves in the hot seat as the SEC investigates the Company’s record-keeping compliance.
Where Firms are Falling Short
Many banks continue to rely on legacy vendors, who’s manual methods are outdated as they cannot keep up with the advancements in technology and rapidly increasing communications channels. Simply put, it is nearly impossible to obtain, sift through and process the vast amount of data on mobile communication channels by hand while keeping up with any newly imposed regulations and new practices used by bad actors. The FCA reported that there was a 200% increase in the volume of data that needs to be processed for investigations through encrypted channels such as WhatsApp. While that doesn’t solely reflect mobile channels it demonstrates that firms need to be equipped with sufficient resources that can accommodate large volumes of data.
Additionally, the aforementioned work-from-home environment has extended longer than some may have initially anticipated as many businesses have adopted this as a permanent model. This leaves these businesses vulnerable to nefarious acts of fraud including instances of market abuse, insider trading, spoofing and front running from bad actors. It has created new opportunities that can go unnoticed. But it doesn’t stop there as the use of emojis has emerged as a tool, camouflaging nefarious behaviors. Emojis, as well as gifs and images, can be cause for concern as they can easily to go undetected as the intent isn’t necessarily clear.
We’re also seeing increased use of both voice notes and video messages in the workplace. Both of these methods of communication can further complicate the compliance process. What makes voice and video difficult to track is that they aren’t necessarily using text, which makes it harder for compliance teams and systems to track and flag any malicious intent.
Financial firms can find themselves in a dilemma when it comes to authorized and unauthorized mobile communications channels. From the employer’s perspective, they want to protect the firm from any potential instances of abuse or manipulation while also afforded the ability to provide proper compliance oversight. From the employee’s perspective, some platforms offer greater convenience and at times that can result in the use of unauthorized communication channels. Something can also be said about customer preferences and the influence they have on which platform they communicate through.
However, financial institutions are still held responsible for the necessity to provide adequate employee communication compliance measures in order to meet the demands of regulators, even firms who have adapted to new technologies and have implemented up-to-date methods of compliance.
The Future of E-Comms Practices
Employee communication will only continue to be a pain point for financial firms. They need to accept that mobile channels will play a prominent role in their business. Ultimately, if firms want to protect themselves and their employees, it is critical to start by implementing company-wide policies that are clearly articulated to employees which mobile communication platforms are authorized to conduct business on and how they should be used. This allows firms to protect themselves by creating transparency and eliminating any potential confusion on what is and isn’t acceptable. While this doesn’t solve all their problems, it’s the first step in protecting the firm against instances of fraud carried out by an employee.
Taking a step further, as compliance technology continues to evolve, firms must recognize that it is imperative that they adapt and implement new workplace intelligence technology and tools made available to them. Artificial intelligence plays a key role in a firm’s security, enabling them and compliance teams the ability to automate compliance monitoring and provide an analysis solution.
In some instances, market abusers can easily rotate through multiple mobile channels sending one message on each to formulate a single message. Some may even resort to using multiple languages creating multiple threads of correspondence that may fly under the radar or throw off most monitoring tools. This amplifies the need for AI-informed business intelligence solutions that are transparent and powered with the capability to broadly search across multiple mobile channels in parallel and pick up on these patterns. These advanced, compliance solutions are critical to enhancing the overall compliance oversight process. Financial firms should look for solutions and tools that are equipped with greater record-keeping management, advanced search capabilities, and enhanced security measures.
Financial firms can and certainly should learn from the mistakes of others to make better informed decisions on how they provide compliance oversight and meet various SEC regulations. Updating your employee communication compliance policies and solutions can help keep your firm out of the SEC’s crosshairs and avoid hundreds of millions of dollars in fines.
Even as mobile communications continue to dominate our work lives and expand beyond current available channels, financial firms can take appropriate steps to equip themselves with the appropriate tools that are both effective and efficient. Communication compliance platforms that have the ability to provide both the firm and compliance teams with accessibility, transparency, and meet the demands of regulators should be highly regarded and sought after. Communication compliance is ever changing and will be pivotal to the future success of the financial industry and how firms conduct business.