In Our Guide You’ll Learn:
See what Smarsh can do for you today.
In Our Guide You’ll Learn:
See what Smarsh can do for you today.
Texting is simple, concise and compatible with virtually every mobile device, operating system and wireless carrier – making it extremely accessible when a client or a prospect wants to reach out in a time-crunched world. But even though text is easy, reliable and intuitive—if it’s used for business communications, it can create enormous risk.
In Our Guide You’ll Learn:
See what Smarsh can do for you today.
I had a very interesting customer conversation last week that helps lend some perspective on the recent news. This compliance officer was detailing the difficult position she was in as her firm looked at implementing a text message archiving strategy and technology solution.
She knew that texting is everywhere. Enabling her advisors to use text messaging to communicate with customers was a no-brainer. We all know that prohibiting texting is futile and likely presents more risk for the organization. Beyond that, this strategic shift was important for the business — it would give her advisors more tools to work with to communicate with customers and potential customers, through the means of their choice. In simple terms, it represented a major avenue to greater productivity.
At the same time, her number one priority is to protect her organization and its customers from risk. Regulatory scrutiny from FINRA and the SEC is growing more sophisticated and prescriptive. She was concerned about MiFID II. Would text content translate into a massive increase in workload for her team, just to manage the subsequent recordkeeping and oversight challenges? Would the cost of compliance outweigh the benefits?
Even beyond the financial services industry – in the public sector, where more and more local, state and Federal agencies are trying to find ways to meet their open records obligations with new and changing technology – we’re seeing these two competing realities. What wins out – productivity or compliance? For too long, one side has benefited at the expense of the other.
The days of “productivity OR compliance” are behind us. Smarsh, now together with Actiance, is better positioned than ever to offer customers productivity AND compliance.
Together, our combined company provides capture, archiving and supervision support for the most content types (100+) in the industry, across a broad range of electronic communications including email, social media, mobile text messaging, instant messaging/collaboration, encrypted chat and voice communications. Having these solutions to help satisfy their legal and regulatory obligations enables our customers to use Slack, text messaging, LinkedIn or whichever channel they need to grow their businesses.
We’re also seeing organizations struggling with the maintenance and performance of their legacy archiving and supervision technologies. Together, Smarsh and Actiance provide flexible deployment (cloud, dedicated, hybrid, on-premise) and data migration options, along with the industry’s top tools for efficient supervision.
We are incredibly excited about this combination with Actiance, a team that we have partnered with, respected and competed against for more than 15 years. Together, we are taking two complementary market leaders in the Enterprise Information Archiving space and creating one global market leader.
For Smarsh, the wind is at our backs. We have seen aggressive, sustained growth, enhanced by and driven through huge strides with recent acquisitions (MobileGuard and Cognia), traction in the public sector, market demand for our mobile text archiving offerings and support for new communication/collaboration platforms (i.e. Slack). In addition, we were recently named a Leader in the 2017 Gartner Magic Quadrant for Enterprise Information Archiving for the third consecutive year, and are positioned furthest to the right for its completeness of vision.
Together, we can double-down on our 2016–2017 accomplishments. We will increase our investment in product development, grow and nurture our partner ecosystem and accelerate our global expansion. The integration will take time and needs to be done strategically, and we’ll organize in a way that provides the best of our combined capabilities to the benefit of our customers and partners.
Together, we are offering productivity AND compliance, and I am incredibly excited about what’s to come.
In today’s business environment where consumer trust means everything to a company’s success, it’s not enough for your organization to manage risk after the fact. You must spot it as soon it happens to prevent it from spiraling out of control and damaging your brand.
While some companies now actively measure and try to manage risk, many still lack best practices and technology solutions to deal with potentially damaging electronic communications shared with colleagues, clients, prospects, business partners, and more.
As new communication technologies are launched and preferences are built for applications and tools like text messaging that foster quick and easy conversations, businesses struggle to keep on top of approved business practices with employee communications. Today, the many complexities surrounding smart phones and text communications for business present an enormous challenge for organizations.
These can only be solved with clear policies and a technology foundation that allows for capture and supervision. Supervising your company’s electronic communications data can help you realize more effective risk detection, mitigation, and management in the long run.
In fact, if you follow the five principles below, you can dramatically decrease the number of times your company faces serious risks resulting from the ungoverned use of electronic communications.
For electronic communications, it’s best to have the following in place:
1. A Sound Data Governance Framework
A key marker of a company that manages risk well is one that has a smart data-governance foundation in place, including control over electronic communications data.
A governance structure addresses the objectives, guiding principles, and action plans that demonstrate how your company will manage risk. It also identifies the key decision-makers within the organization who will meet regularly to discuss risk-related challenges and carry out action steps. A governance framework should state who supervises and manages electronic communications risk for regulatory, legal, and marketing purposes. It should also address the following questions:
- Who are the key decision-makers in your organization regarding response to potential problems found in your company’s email, social media, text messages, and website?
- Does your company have working groups or committees that can address ongoing areas of concern in electronic communications?
- Which behaviors and statements require escalation to key decision makers? How quickly should issues be escalated?
- When you identify an area of risk, are your key decision-makers aware of the causes of the problem? How are those causes addressed in the long term?
- Is there a system to help continually improve risk identification and escalation in different communications channels, including social media and text messaging?
2. A Culture of Risk Awareness and Compliance
While your company likely has key decision-makers who are responsible for risk management, your governance structure should allow other employees to speak up when they notice unusual, worrisome, or unexpected activities and events related to your business. Everyone is on the front line of risk prevention in the digital age.
This type of culture is influenced strongly by decision-makers, including the CEO and Chief Risk Officer (CRO). Senior decision-makers who spend time educating their legal, compliance, HR, marketing, and other departments about risk will positively affect this process.
Companies that handle governance and supervision of electronic communications well don’t view supervision as obligation where they need to check the box to stay out of trouble. Instead, they see an opportunity to foster better business insights and decision-making. The rule of thumb is: Use every opportunity available to obtain value from key data, to evaluate business risks and opportunities.
3. A Constant Drive for Efficiency
Risk departments and CROs face the task of performing effective risk management with limited resources and staff. A constantly changing regulatory, technology, and business environment makes these restrictions seem especially challenging.
Companies that handle uncertainty in stride tend to manage their risk, regulatory, and legal requirements effectively over the long term. If the risk department has a tight budget, collaboration and sharing of risk-detection resources with other departments can be a big help. For instance, the compliance team might extend the archiving platform it uses for regulatory purposes to the legal team, for use with early case assessment or eDiscovery in the event of an investigation or litigation.
For your light reading list: The Chief Risk Officer and the Dreadful, Horrid, Inefficient Very Bad Day.
4. Innovative Technology that Supports Risk Detection
While a risk department may use various technology tools to analyze data for risk detection, much of the root cause of operational, financial, compliance, and legal risk starts with people. Whether an individual or group takes malicious or unintentional action that results in risk to the company, the trail of error is often found in communications shared via email, social media, text messaging, instant messaging, corporate website content, and so on.
Many companies now look to comprehensive archiving and monitoring of their employees’ electronic communications to spot risk and mitigate it before it becomes a big problem. Since your compliance department may already have a requirement to retain and supervise electronic communications, it makes sense to broaden the use of archiving and monitoring for other business requirements such as developing use policies, staff training and support of legal and HR litigation.
5. A Commitment to Constant Improvement
The final key element is a commitment to undergo continual analysis of systems and processes. This is a long-term undertaking, but it’s one that’s vital to long-term improvement and success. Evaluate your answers to the following questions on a regular basis:
- Where has your company fallen short of its goals for risk management?
- How many high-profile risk problems or crises has your company encountered within the past year? In the past six months? Where and when do they occur?
- When risk affects the business, how quickly does the company react? Was the response quick, or not quick enough? Was the action plan well thought out? Do you have systems and technology in place to effectively handle risk?
With these key principles in place, your company will be on the path to managing risk.
For more information about how a comprehensive archiving platform can help your company manage risk, visit our content security and risk mitigation section online.
The European Union (EU) issued an update to its Markets in Financial Instruments Directive (MiFID), which outlines the required compliance policies and procedures for any business with EU subsidiaries or operations in Europe’s investment services sector.
Marianna Shafir, Smarsh corporate counsel and regulatory advisor, offers helpful insight into the changes—which take effect January 2018—in a Global Association of Risk Professionals (GARP) Risk Intelligence article.
In, Are You Ready for MiFID II, Marianna explains that firms are required to record a range of telephone and electronic communications made with clients over any personal or business device. Electronic communications can include emails, social media posts, instant messages, and text messages. Recordings must be archived and kept available to satisfy requests from EU regulators.
The mandate is intended to protect market integrity. MiFID II—the EU’s first regulatory update to the directive since 2004—will impact multiple facets of the financial services industry, including investment banks, private banks, asset managers, custodial service providers, retail banks, broker-dealers, financial advisers and market infrastructure providers.
Under MiFID II, the minimum period for record retention is five years, but national authorities can extend the period for up to seven years. Firms are required to maintain records in their original format; communications cannot be altered or deleted.
For more information about archiving technology, strategies, and custom solutions that can help you meet these regulatory requirements, visit our MiFID II compliance page or contact a member of the Smarsh team.
As Marianna says, “There’s no time for excuses. It’s MiFID II crunch time!”
In September, FINRA fined and suspended another broker for using text messaging to communicate with clients. This is the fourth fine this year that points to a FINRA trend in 2017: Brokers will be fined for using communication tools outside of their firm’s Written Supervisory Procedures (WSPs).
Fines and Suspensions for SMS/Text Messaging
A broker was fined $5,000 and suspended from association with any FINRA member in any capacity for one month. The broker sent 58 text messages relating to his securities business, including messages about investment strategies and specific securities to 16 customers during the course of a year. The findings stated that by doing so, the broker prevented his member firm from supervising those communications, violated the firm’s policy about business correspondence, and contradicted his attestation that he would use his firm’s email system for all business.
Fines for Books and Records Violations
Also in September, two firms were penalized a total of almost $2 million for allegedly failing to maintain their electronic records in a write once, ready many format—also referred to as, WORM—that could not be altered or destroyed. Federal securities laws and FINRA rules require that business-related electronic records be kept in WORM format to prevent alteration. The SEC has stated that these requirements are an essential part of the investor protection function because a firm’s books and records are the, “primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards.”
One firm was censured and fined $1,500,000 for failure to maintain electronic brokerage records in WORM format. The firm failed to maintain some 9.5 million documents and messages related to its brokerage business, including order tickets, trade confirmations, statements, and other transaction-related records from March 2014 to the present. The company also experienced, “audit deficiencies affecting its ability to adequately retain and preserve electronic records,” in violation of the Securities Act. Although the firm’s WSPs contained provisions for storing electronic records in WORM format, it failed to adequately enforce these procedures to ensure that all such records were maintained in the proper format.
The second firm was censured and fined $175,000 and required to conduct a comprehensive review of the adequacy of its relevant policies and procedures. The firm failed to maintain approximately 10 million electronic Broker-Dealer records in WORM format. The firm also failed to keep a duplicate copy of the electronic record, as required by regulation. The firm was previously fined $100,000 for failing to capture, maintain, and preserve all business-related instant messages among registered representatives between 2005 and 2007.
In its 2017 regulatory and examination priorities letter, FINRA announced it will continue to assess firms’ programs to mitigate risks related to electronic recordkeeping, including compliance with WORM requirements by vendor-provided email review and retention services.
The recent fines are a clear indication violations of electronic recordkeeping continue to be FINRA’s top priority. Even if your WSPs prohibit the use of text messaging for business communications, you can no longer assume advisors aren’t using their mobile devices to communicate with clients. An SMS/text messaging prohibition policy is ineffective. The safest approach to comply with the electronic recordkeeping rules and regulation is to implement an “archive everything” strategy. Firms need to be aware of the electronic communications landscape and ensure they archive all business communications sent to and received by their advisors, whether those advisors communicate via email, social media, text messaging, instant messages, or other forms of electronic communication. It’s time to be proactive and get ahead of the curve!
Read now to see:
- What is keeping record managers/legal/IT up at night
- How other government orgs are managing records and responding to FOIA requests
- Where most government orgs are finding risk
|In this article, originally published by CCI, Mike provides several tips for expanding the compliance perimeter to include social media and text messages.
Download the full article here.
Compliance practices are being forever changed by the widespread adoption of mobile and social technologies, combined with shifting workplace demographics.
Millennials—or those between the ages of 18 and 29—are putting down deep roots in the investment world these days, and are demanding a whole new way of finding and interacting with their financial firms and advisors. If a firm doesn’t use mobile and social technologies to attract and engage this expanding investor demographic, the business will likely suffer.
Even with the demand for mobile and social technologies, many firms and their compliance departments have said “no” to these tools, and have attempted to prohibit their use by financial advisors. But that doesn’t work anymore; the floodgates are already open.
We’re starting to see fines from FINRA against firms that don’t archive social media and text messages. FINRA is now asking firms for proof that they are retaining and supervising social media and SMS/text messages. Now the firm’s burden is also to prove that these new forms of communications are addressed in its written supervisory procedures. In short, firms must have a comprehensive archiving and supervision system in place that covers social media and text communications, or face the regulatory consequences.
Mike Pagani, Smarsh Chief Evangelist and Senior Director of Product Marketing, is a regular contributor to Corporate Compliance Insights (CCI). In his most recent column, Mike provides several tips for expanding the compliance perimeter to include social media and text messages.
“Firms recognize the benefits of catering to millennials with mobile and social communications, while staying compliant with regulations, will reap the rewards.”
Read Mike’s tips for mobile and social media compliance here.
Read Part 1 to learn how:
- The impact of FOIA on your government organization
- Being underprepared to respond to a FOIA request puts your agency at risk
- Manual processes can be reduced to increase efficiency and lower risk