SEC Compliance

5 Steps to Effective and Compliant Use of Mobile Devices

December 18, 2019by Smarsh

Subscribe

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Mobile devices have become a common and crucial tool in the workplace. An employee’s ability to engage with clients and customers from anywhere and at any time has allowed organizations to reach new heights in productivity, collaboration and responsiveness.

But this also comes with great compliance risks for industries where all forms of communication need to be captured and retained for auditing or litigation purposes.

Focus of supervision graph blog

Robert Cruz (Smarsh V.P. of Information Governance Solutions), Brian Panicko (Smarsh V.P. of Enterprise Sales and Channel Partners) and Brandon Leatha (Leatha Consulting CEO) explain in a recent webinar how organizations can maintain productivity while minimizing the risks associated with mobile device use.

Mobile business continues to trend upwards

According to Open Market’s recent survey:

80% of millennials prefer to text a company’s 1-800 customer service line vs. waiting on hold
60% of millennials prefer two-way text engagement with companies for speed and convenience
75% of millennials would choose a text-only phone over a voice-only phone

But texting isn’t the only way people are interacting on their phones. Collaboration applications like Slack and social media platforms are used by employees across mobile devices, too. And depending on the content of the messages, if it pertains to the business, they may need to be captured and retained.

Channels with Compliance Gaps bar graph blog

 

“The results depicted in this report reflect the division’s focus on rooting out misconduct that can do significant harm to investors and our markets, and the focus the division places on identifying wrongdoing and taking prompt action to effectively help harmed investors,” said SEC Chairman Jay Clayton.

By archiving or supervising texts, social media or collaboration application messages, firms can enable employee-client engagement on the platforms they prefer.

“The reality is that business-client relationships are often stronger and more successful with immediate communication engagements,” says Leatha. “But these should be treated like any other correspondence, and they need to be captured and easily retrievable should they ever be needed.”

Here's how organizations can balance the use of mobile devices without opening their business up to potential recordkeeping fines:

1. Good governance begins at technology procurement
The use of mobile devices and associated applications goes beyond the purview of a business’ technology department. It’s important to create a governance council within the business that includes the IT, legal and compliance departments, to:

• Evaluate the risks and value of mobile devices or mobile applications
• Anticipate new features and modalities
• Establish onboarding, offboarding and maintenance processes

“Having a multi-team evaluation of new technology or applications is key,” says Leatha. “Develop a proof of concept to not only test the technology, but to also understand the effectiveness of new governance.”

“Evaluating technology isn’t just about looking at the technology itself,” adds Panicko. “You have to understand the ‘ask’ for the technology. It could be as simple—and important—as using the same chat application that’s most used by prospective clients in specific regions. Knowing the ‘ask’ can help you find alternatives that align more with your governance.”

2. Actively develop mobile device governance
Existing mobile device or communication policies need to be reviewed by all stakeholders, including the governance council, as well as the employee or end user. Having this discussion with all those involved can reveal if policies that protect the organization are also empowering the user or employee.

Establish a mobility task force whose role is to:

• Assess existing mobile environment
• Refresh policies per user group
• Update policies as new apps and functionalities are deployed
• Examine latest trends and benchmarks

3. Stay on top of preservation requirements
Electronic communication is becoming increasingly nuanced with emojis, images and GIFs. That’s why it’s vital to have an archiving solution that not only captures these messages, but also be able to retrieve and display them in their native formats to get the complete context.

"Our strategy is to work with native versions of each of these communications so that we understand what the context is and what's in a persistent chat," says Cruz.

4. Proactively define supervision protocols
Communication supervision isn’t just an ongoing requirement for regulated industries. It’s also knowing how business data and information is being shared on mobile devices.

Firms shouldn’t wait until an investigation is taking place to learn that employee messages are violating rules. Proactive supervision of messages sent on mobile devices can help refine protocols and reduce compliance risks.

5. Train and retrain employees
Training employees isn’t a one-and-done session. It’s an ongoing process as firms review existing protocols, identify industry standards or adapt to new laws.

“New laws can change how you use your devices,” says Leatha. “For example, Texas recently passed a law stating if an official sends or receives any business-related message—regardless if they use their personal device or a government-issued device—that message needs to be captured and archived.”

Assess your firm’s mobile communications preferences and policies

Businesses that enable employees with modern tools will have a competitive edge when it comes to hiring as well as in customer interactions. However, it can be a delicate balance between appeasing customers and staying compliant with strict regulations.

“Firms need to understand how clients or customers want to engage with them,” says Cruz. “Then they need to decide if those methods are acceptable or not within the firm’s mobile strategy.”

This article is based on the recent webinar: The Time Is Now: Understanding the Mobile Landscape. You can watch the full webinar here.

Share this post!

Smarsh

Smarsh

Smarsh® helps organizations get ahead – and stay ahead – of the risk within their electronic communications. With innovative capture, archiving and monitoring solutions that extend across the industry’s widest breadth of channels, customers can leverage the productivity benefits of email, social media, mobile/text messaging, instant messaging/collaboration, websites and voice while efficiently strengthening their compliance and e-discovery initiatives.

A global client base, including the top 10 banks in the United States and the largest banks in Europe, Canada and Asia, manages billions of conversations each month with the Smarsh Connected Suite. Government agencies in 40 of the 50 U.S. states also rely on Smarsh to help meet their recordkeeping and e-discovery requirements.

The company is headquartered in Portland, Ore. with nine offices worldwide, including locations in Silicon Valley, New York, London and Bangalore, India. For more information, visit www.smarsh.com.
Smarsh
Archiving and Compliance Blog

Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.

Recent Posts

Regulatory Updates
Key Takeaways from SEC and FINRA 2020 Priorities Letters: Technology Leads Area of Focus
Read more
compliance violation compass review right path featured img
Changing Times – Five Compliance Cornerstones for 2020
Read more
advanced search compliance review supervision featured img
2020: Extending the Vision of Supervisory Review
Read more

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.