Read now to see:
- What is keeping record managers/legal/IT up at night
- How other government orgs are managing records and responding to FOIA requests
- Where most government orgs are finding risk
Read now to see:
Smarsh is proud to have been named a winner of the Social Media Thought Leadership 2017 Wealth Management Industry Award during a formal gala dinner ceremony held at The Plaza Hotel in New York City on Oct. 11.
WealthManagement.com is the digital resource of “all things wealth management” for financial advisors and estate planning professionals. WealthManagement.com launched the industry awards program in 2015 to recognize industry innovation and leadership for wealth managers, broker/dealers, asset managers and financial technology providers.
Smarsh was recognized for its ongoing excellence in the category of Social Media Thought Leadership, beating out the other category Finalist, Broadridge Financial Solutions, Inc.
Smarsh was also named a Finalist in the category for Technology Providers Thought Leadership, along with Accenture, Envestnet, Freewheel Marketing, and the category winner, PIETech, Inc.
The WealthManagement judging panel recognized Smarsh for its centralized archiving platform that provides a unified compliance and e-discovery workflow across the entire range of digital communications, including social media, text messaging, email, websites and instant messaging.
Smarsh helps more than 20,000 organizations meet their regulatory compliance, e-discovery and record retention requirements. Smarsh continues to add connectors for new types of channels of content. Most recently, Smarsh announced archiving support for Workplace by Facebook, Slack Enterprise Grid, and Symphony Secure Collaboration and Workflow.
|In this article, originally published by CCI, Mike provides several tips for expanding the compliance perimeter to include social media and text messages.
Download the full article here.
Compliance practices are being forever changed by the widespread adoption of mobile and social technologies, combined with shifting workplace demographics.
Millennials—or those between the ages of 18 and 29—are putting down deep roots in the investment world these days, and are demanding a whole new way of finding and interacting with their financial firms and advisors. If a firm doesn’t use mobile and social technologies to attract and engage this expanding investor demographic, the business will likely suffer.
Even with the demand for mobile and social technologies, many firms and their compliance departments have said “no” to these tools, and have attempted to prohibit their use by financial advisors. But that doesn’t work anymore; the floodgates are already open.
We’re starting to see fines from FINRA against firms that don’t archive social media and text messages. FINRA is now asking firms for proof that they are retaining and supervising social media and SMS/text messages. Now the firm’s burden is also to prove that these new forms of communications are addressed in its written supervisory procedures. In short, firms must have a comprehensive archiving and supervision system in place that covers social media and text communications, or face the regulatory consequences.
Mike Pagani, Smarsh Chief Evangelist and Senior Director of Product Marketing, is a regular contributor to Corporate Compliance Insights (CCI). In his most recent column, Mike provides several tips for expanding the compliance perimeter to include social media and text messages.
“Firms recognize the benefits of catering to millennials with mobile and social communications, while staying compliant with regulations, will reap the rewards.”
Read Mike’s tips for mobile and social media compliance here.
Read Part 1 to learn how:
What is the TCPA?
Originally passed in 1991 to regulate telemarketers, the Telephone Consumer Protection Act (TCPA), was updated by the Federal Communications Commission (FCC) in 2015 to broaden its scope. The updated version prohibits companies from sending autodialed business text messages—also known as robotexts—without express consent from the recipient. In the financial services industry, many firms are unaware that these restrictions also apply to text messages sent to clients from broker-dealers or advisors. In 2016, TCPA lawsuits increased by 32 percent, indicating an escalation in risk to businesses. To help mitigate this risk, firms should include a text message archiving solution in the autodial implementation plan.
What TCPA Prohibits
TCPA is broadly written, and has been interpreted to prohibit firms from sending business or marketing text messages to an individual with whom they do not have a business relationship. The Act covers any equipment, including smartphones, with the capacity to send automated text messages and phone calls.
The Act also pertains to various messaging apps, texting platforms, and internet-to-phone text messaging. If a firm’s brokers are using telephone, text, VoIP, or other messaging platforms to market their services, the firm must ensure their communications are compliant.
To comply with TCPA, a firm must receive consent from each individual prior to texting, regardless of if it is a current customer or prospective customer. When the texts comprise telemarketing or advertisements, consent must be provided in writing. However, there is no specific method required for non-telemarketing messages; consent can be granted through verbal permission, checking a box on a website, or providing a phone number on a contact information request form.
It is important to note the FCC has stated that, “where a client provides their phone number to a firm related to the provision of the firm’s services, the provision of the number is considered consent with respect to the messages that relate to the services provided by the firm.” In layman’s terms, this means a firm meets TCPA requirements by obtaining express consent or by ensuring all text messages related to the products or services purchased by the client.
A financial institution is exempt from TCPA if it is sending time-sensitive, pro-consumer text messages which address financial issues related to the customer’s account, such as data-breach notifications, suspected fraud, or identity theft.
To prove compliance with TCPA requirements, firms must ensure they archive the client’s permission to use the cell phone to receive autodialed texts. Although not required by TCPA, broker-dealers should retain client-consent communications as a best practice. In the event of a litigious or eDiscovery event, a firm must be able to prove it obtained the client’s permission to send the communications. Accessing and producing these records is an easy way to verify and provide proof of expressed consent. 
Finding the Right Solution
Firms should capture and retain all business-related communications between their investment advisors or broker-dealers and clients, including proof of consent.
A best-fit solution should automatically retain and index text messages, keep them in a search-ready state, and make them available for on-demand supervision/review and production.
Learn more about solutions for text message archiving.
 FCC Enforcement Advisory: Robotext Consumer Protection, Enforcement Advisory No. 2016-06, 2 (Nov. 18, 2016) [hereinafter FCC 2016 Enforcement Advisory].
 What We Learned from 5 Major TCPA Lawsuits in 2016, Contact Compliance Center, http://www.dnc.com/What-We-Learned-from-5-Major-TCPA-Lawsuits-in-2016 (Mar. 27, 2017).
 Sarah R. Anchors, When Can You Condition Consent to Receive Autodialed Calls/Prerecorded Messages: The Second Circuit Limits a Consumer’s Revocation of Consent, Lexology https://www.lexology.com/library/detail.aspx?g=28a50d7b-a112-4fdd-b8db-03ada293a332 (July 5, 2017).
 In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02–278, Declaratory Ruling, para. 19 (2016) [hereinafter FCC 2016 Declaratory Ruling].
 FCC July 10th Declaratory Ruling, supra note 3 at 30 FCC Rcd 8023–26, paras. 125–33.
 FCC 2016 Enforcement Advisory, supra note 1 at 2.
Global market participants are racing to meet the 2018 deadline for Financial Instruments Directive (MiFID II). Beyond Europe, the market reforms are hitting home for U.S. financial markets, vendors, and financial services firms, which are overhauling operations and IT infrastructures.
Marianna Shafir—Smarsh Corporate Counsel and Regulatory Advisor—will participate in a panel during the Navigating the Maze of MiFID II conference in New York City. The conference focuses on the major impacts of MiFID II upon pre-trade data gathering, investor protections, post-trade reporting, settlement, and best execution—among other areas.
“MiFID II impacts the use of electronic communications and firms must retain records, including recordings of phone conversations, on fixed line or mobile devices, and all electronic communications, including email, social media, instant messaging, and SMS/text messaging,” said Shafir.
“Depending on the business and the country, some firms will need to make more substantial changes than others. However, even in the most heavily regulated countries, the MiFID II requirements on recording order-related communications and associated record-keeping bring the need for new procedures and policies.”
Shafir’s panel, MiFID II and Electronic Communications Records, takes a deep dive into the requirements—which covers voice communication via text, instant messaging, email, mobile, and social media interactions—for the recording of electronic communications that facilitate transactions.
“The conference provides the opportunity to discuss the sweeping changes that will transform global securities trading, and I look forward to providing insight that will help attendees ascertain the scope of the management problem for this requirement, and what organizations can do to achieve compliance,” Shafir continued.
The Navigating the Maze of MiFID II conference—presented by the Financial Technologies Forum—is Monday, September 18, 2017 at the Andaz Wall Street in New York City. Conference attendees have the opportunity to immerse themselves in the complexities of the new regulations and gather useful insights from subject-matter experts and peers. The MiFID II and Electronic Communications Records panel, which features Shafir, begins at 1:30 pm, EST. Follow the conversation on Twitter with the hashtag #FTFMiFID and at @FTFnews.
The world is becoming more and more mobile, not just as a means of standard communication, but also to conduct and manage business matters. Now more than ever, business happens on the go, and employers face increasing demand from employees who want to use their existing personal devices as an extension of their business tools. In regulated and litigious industries where compliance is of the utmost importance, many organizations have turned to Mobile Device Management (MDM) solutions to help bridge the gap between the organization and their employees to ensure requirements are met.
MDM is a security software used by IT departments to monitor, manage, and secure any corporate– or employee-owned mobile devices that access business networks. The software is deployed across multiple carriers, plans, and operating systems.
Organizations that use MDM software can ensure mobile devices are being used in a way that meets company policies. Certain features, such as downloading apps, text messaging, and email can be turned on or off, security settings can be changed, and app usage can be strictly controlled with certain MDM software.
Essentially, an MDM solution can enable employees to use the smartphones that they want to use by forcing the device to abide by certain rules. This doesn’t just apply to software installed across corporate-owned devices either; several MDM solutions are tailored specifically to companies implementing BYOD (Bring Your Own Device) scenarios. Employees benefit by being able use the same device for work and personal use, rather than carrying separate devices—making it possible to work more efficiently. It also allows them to communicate when, where, and how their clients prefer.
Deploying an MDM can also help ensure employees adhere to the compliance and regulatory requirements—while allowing them to use their own personal devices. According to the Smarsh 2017 Electronic Communications Compliance Survey, 83 percent of firms allow employees to use personal devices for business communications. However, half the survey respondents identified mobile communications devices as a major concern, and 23 percent have no or minimal confidence that their firm is capturing and archiving all business messages sent via mobile devices.
Here’s how having an MDM in place can help minimize those concerns:
Solutions such as MobileIron and AirWatch incorporate security and compliance policies and configurations across an organization from a single platform, and provide the visibility and controls needed to deploy, manage, and retire devices when employees replace devices or leave the company. These solutions can be deployed across the most widely used operation systems and platforms, including Apple iOS, Android, Blackberry, Mac OS, and Windows.
Archiving and MDM
Deploying an MDM solution is not enough to keep your business within the boundaries of compliance. To satisfy regulatory requirements around social media, SMS/text messaging, IMs, and emails, look for an MDM solution that integrates with your comprehensive archiving solution. By doing that, you can ensure communications happening on mobile devices can be archived in real time, along with other digital communications—and are readily available to respond to internal or regulatory audits, eDiscovery, or litigious events.
Learn more about how Smarsh provides MDM-friendly archiving here.
Smarsh is proud to have been named one of Inc.’s 5000 fastest-growing private companies in America, marking ten straight years that it has been selected for this prestigious list of leading U.S. businesses.
The Inc. 5000 list is announced each summer to acknowledge the country’s most successful private companies. The editors of Inc. magazine have recognized Smarsh every year for the past decade, due to our ongoing entrepreneurial success and consistent sales growth.
The Inc. 5000 ranking was calculated based on the past three years of trailing revenue growth, from 2013 to 2016. To qualify, companies must be privately held and for-profit. Corporate subsidiaries or divisions of other companies do not qualify.
Smarsh has demonstrated consistent leadership in archiving and compliance for regulatory, corporate, and legal obligations which call for electronic communications records retention, supervision, and e-discovery. The company’s business momentum has grown steadily, with 82.4% average revenue growth year-over-year based on our business strategy to expand further into complementary markets, including text message archiving, voice archiving and public sector records retention.
The whole Smarsh team is honored to earn this achievement again for the tenth year in a row, especially because most companies do not make the Inc. 5000 list for more than two years, and less than one-fifth of 1 percent of all companies stay on the list for ten full years. It has been quite a decade of progress for Smarsh, and yet despite making such gains, we still feel that we are only getting started.
Complete results of the 2017 Inc. 5000 list can be found at www.inc.com/inc5000.
Voice archiving is critical to MiFID II compliance
On 3 January 2018, Europe will see MiFID II and MiFIR come into place. With core principles focused on fairer, safer and more efficient markets, this is a significant piece of legislation. The MiFID II directive impacts financial services firms that operate and/or do business with European firms providing investment services in the European Economic Area, so the implications are global.
While most financial firms in the European Union (and those outside the region that do business with the EU) are aware of MiFID II and know it will impact them from a trading governance perspective, many don’t understand how the expanded rules will affect their recordkeeping requirements. Also, record collection and discovery of this magnitude is beyond the current capacity of many firms.
The requirements for recordkeeping under MiFID II are certain and extensive. Financial firms must prepare for the new rules now, to avoid running out of time before MiFID II is in place.
Financial firms will be required to have systems and processes to capture, retain and reproduce complete records of all services, activities and transactions on firm and client accounts. This includes all telephone calls and voice messages on fixed lines and mobile devices, and all forms of electronic communications including email, SMS/text messaging and instant messaging. All records must be discoverable, even if they don’t lead to a transaction.
Key MiFID II Recordkeeping Requirements that will Impact Voice and Electronic communications
A fundamental operating requirement of MiFID II in relation to recordkeeping is laid out in Article 16 of MiFID II regulations:
“An investment firm shall arrange for records to be kept of all services, activities, and transactions undertaken by it, which shall be sufficient to enable the competent authority to fulfill its supervisory tasks, perform enforcement action, and ascertain that firms have complied with all obligations to clients, potential clients, and the integrity of the market.”
MiFID II requires financial firms to:
It’s Time to Prepare for MiFID II NOW
Smarsh is now the only archiving provider directly capturing mobile voice content directly from the carriers, following the company’s acquisition of London-based Cognia. Cognia is a recognized pioneer in voice archiving, audio search, and analytics, and the pairing of these capabilities with The Archiving Platform from Smarsh gives businesses the most comprehensive solution that handles voice and audio with all other types of electronic communications in one place.
For financial firms in the European Union that have MiFID II recordkeeping and supervision requirements, Cognia’s cloud-based voice archiving tools, combined with The Archiving Platform from Smarsh, provide the secure capture of incoming and outgoing voice/audio communication from fixed-lines, as well as from leading mobile carriers.
Carrier direct capture is the most reliable and automated method to capture content for archival, and it’s easily deployed without the need for additional device software. Smarsh clients can quickly and securely search, analyse, monitor and produce voice and audio content alongside all other electronic information content such as email, social media, and text messages. Audio content can be found using phonetic search capabilities and cutting-edge transcription technology, and conversations can be reconstructed in their proper context across different communications channels. As a result, firms can meet MiFID II requirements without the hassle of searching through separate archives.
Smarsh enables the entire workflow needed to capture, retain, supervise and produce all the electronic communications records required by MiFID II and MiFIR, from voice to email and social media, and much more.