Seventh Annual Report Finds Organizations Spend Too Much Time Looking for Risk in Email; Not Enough Time in Mobile, IM and Social Media
FINRA Annual Conference, Washington D.C., May 18, 2017 – Smarsh®, the leading provider of information archiving solutions for compliance, e-discovery and risk management, today released its seventh annual Electronic Communications Compliance Survey Report. The survey of compliance professionals in the financial services industry shows that as the electronic communications compliance landscape becomes more complex and scrutinized, a significant number of firms are vulnerable because of gaps in their retention and oversight initiatives.
Adding to the complexity is the growing number of non-email communications options that must be retained and supervised, particularly mobile communications. In fact, mobile devices and non-email communications channels, such as text messaging, account for two of respondents’ top three overall e-communications compliance concerns. Not only were each of these concerns identified by at least half of survey respondents, but the percentages jumped significantly from 2016.
Gaps in retention and supervision programs have substantial consequences. FINRA reported 99 books and records cases in 2016, resulting in $22.5 million in fines. Compared to 2015, that represents a 423% increase in fines.
“Firms need to leverage new and emerging channels to communicate with their customers and stay competitive, but they’re failing to manage the risk,” said Stephen Marsh, CEO and founder of Smarsh. “We know the outright prohibition of new communications channels simply doesn’t work. Many of the firms that have been fined had policies that attempted to prohibit the communication channel in question. Those that are most successful in managing risk are re-balancing their supervision portfolio, and strategically leveraging technology to identify risk in text messages, social media and instant messaging, in addition to email.”
Here’s Why Firms are Concerned About Mobile Communications
With mobile devices in the hands of nearly every employee these days, mobile communications are top of mind with compliance professionals. Forty-two percent of survey respondents reported that employees requested to use text/SMS messaging for business purposes—the most requested channel for business use by employees, doubling from 2016.
More than half of respondents (52 percent) identified text/SMS messaging as the type of non-email content that poses the greatest compliance risk to their organization, ahead of social media (33 percent), instant messaging (8 percent) and website content (7 percent). These concerns are validated by gaps in compliance practices and confidence when it comes to mobile communications. Among the firms that allow text/SMS messaging, almost half (48 percent) do not have a solution for retention and oversight in place.
Other Key Electronic Communications Compliance Findings
The report addresses several additional aspects of electronic communications compliance. Other key findings include:
- Prohibiting the use of a communications channel is not an effective solution for firms. Confidence in the effectiveness of prohibition policies—and the ability to prove that employees are not using a given communications channel—is low. This confidence gap is reported by more than half of respondents for each of the top social media channels: LinkedIn (67 percent), Twitter (57 percent), Facebook (51 percent) and Instagram (52 percent).
- Requests for content during regulatory examinations are growing in scope and diversity. While more than 90 percent of firms examined in the last year reported having to produce email, more than half had to produce website content, and requests for content from social media sites including LinkedIn, Twitter, and Facebook are on the rise.
- While regulatory requirements are often the primary driver for archiving and supervision, 88 percent of respondents recognize electronic communications data can also help identify risks to the organization. More than half of respondents (59 percent) confirm that their organization uses this data to identify fraudulent activity, among other purposes, such as supporting e-discovery and HR issues, and detecting market abuse.
To download a copy of the Electronic Communications Compliance Survey Report, visit www.smarsh.com/whitepapers/2017-electronic-communications-compliance-survey-report/.
About the Survey
In February and March 2017, 119 individuals in financial services with direct compliance supervision responsibilities participated in a 31-question survey designed to identify current trends and to share insight on policies and practices about the usage, retention and supervision of electronic business communications. Respondents were drawn from a wide range of firm sizes and job titles, from C-level management and chief compliance officers to compliance department staff.
Smarsh offered an incentive to respondents in the form of a charitable donation via Smarsh Full Circle (www.smarsh.com/fullcircle), its community service initiative. Questions were answered through an online survey, and the responses were collected by a third party.
Smarsh® delivers a comprehensive and integrated stack of information archiving applications and services that help companies protect themselves and manage risk. Its centralized platform provides a unified compliance and e-discovery workflow across the entire range of digital communications, including email, public and enterprise social media, websites, instant messaging and mobile messaging. Founded in 2001, Smarsh helps more than 20,000 organizations meet regulatory compliance, e-discovery and record retention requirements. The company is headquartered in Portland, Oregon, with offices in New York City, Boston, Raleigh, N.C. and London.