Changing Times – Five Compliance Cornerstones for 2020

January 15, 2020by Brian Hill

Subscribe to the Smarsh Blog Digest

Subscribe to receive a weekly digest of articles exploring regulatory updates, news, trends and best practices in electronic recordkeeping.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Compliance is complicated. New communications channels, outdated technologies, and shifting regulatory focus challenge compliance programs. Pundits predict increasing twists and turns on the regulatory landscape in 2020. To mitigate risk, fines, and other damages, you need to keep these five compliance cornerstones top of mind throughout the year:

  • Think beyond explicit regulatory requirements. Financial services firms have long been subject to regulatory requirements, such as FINRA 3110 and SEC Rule 17a-4. These firms have been traditional leaders in adopting technologies to ensure compliance. Yet, organizations in government, healthcare, energy, and other markets are also subject to regulatory obligations. Beyond traditional compliance requirements, increasing demands for more effective governance and e-discovery along with the imperative to better leverage IT resources and cut costs drive many firms to adopt or enhance compliance programs. Comparably, growing needs to capture analytic advantages from multiple sources of insight are also starting to drive organizations across a wide range of industries to adopt sound compliance strategies.

  • Leverage a cloud archiving platform. Cost, deployment speed, and other advantages of cloud solutions compared to on-premises applications are clear and compelling. Firms are steadily shifting away from legacy on-premises compliance tools. Bringing home this point, a 2019 Forrester analysis notes that 63% of decision-makers reported that their firms had implemented or were expanding their use of SaaS for archiving. We see adoption for cloud-based compliance solutions continuing to surge in 2020 and beyond along with a steady decline of on-premises deployments. Cloud has won. Yet cloud-based compliance platforms are far from all the same. A new wave of cloud native solutions is rapidly gaining traction with compelling capabilities and multi-cloud functionality across different geographies to better address data protection and privacy laws, including GDPR, with in-region storage and processing.

Download: Forrester Wave on Information Archiving Cloud Providers, Q1 2019.  

  • Keep up - the scope of data will keep fundamentally changing for compliance and risk mitigation. Email has long been a key focus for compliance and e-discovery. Today’s communications, however, are far from homogeneous. For internal collaboration, customer communications, and partner exchanges, organizations use an extensive and growing variety of tools like Microsoft Teams, Slack, and messaging apps designed for use on mobile devices. While firms are keen to capture improved customer experiences, innovation advances, and other benefits from a this expanding set of social platforms and communication channels, many organizations are still in “catch up mode” in setting and enforcing compliance policies. Noncompliance risks can be significant. Re-enforcing this theme, in recent guidance FINRA reminds us that, beyond email, firms must adhere to preservation, supervision, and other regulatory obligations across all organization-permitted collaboration applications. Email is important, but lack of focus on other communications is a recipe for failure.

  • The right cloud archiving platform matters – pick your vendor carefully. The marketplace for compliance solutions has been undergoing a transformation. As firms shift from legacy on-premises applications to cloud-based solutions, organizations report that some providers fall flat and that they struggle with lack of flexibility and a broad array of obstacles. To avoid these shortfalls, organizations should evaluate cloud content platform solutions in terms of their ability to:

o Consume and preserve native properties across communications and content types

o Incorporate modular design and architecture

o Ensure high performance and global scalability

o Enable usage across diverse cloud platforms

o Embrace cloud infrastructure standards

o Incorporate data security and privacy by design and default

o Foster openness and extensibility

Evaluating these requirements can be a complex exercise, partly complicated by vendor marketing hype. Wellington Consulting recently completed a buyer’s guide to assist in navigating this complexity.

Download: Enterprise Buyer's Guide: Cloud Archiving Platforms.

Look to leverage analytics, AI, or machine learning. Compliance solutions help organizations with communications supervision, e-discovery, and other risk mitigation needs. Some of these systems also, however, hold strong potential for additional business value – especially given the extensive set of communications that they manage. Firms are finding that other systems, such as “big data” or “data lake” applications, can be enhanced with this deep pool of communications and rich collaborative data. Incorporating this extensive data set of extracted insights into relevant systems can greatly advance your customer data mining, advanced analytics, and other programs, yielding potential for increased revenue, lower costs, improved competitive advantage, and stronger customer retention. Over the next 12-24 months, we’re expecting that these capabilities will provide an expanding foundation for compliance professionals to work with other internal functional teams to unlock business value by surfacing new patterns and trends.

Complexity and ongoing changes can complicate compliance programs. As our market shifts, we encourage you to focus on the five key cornerstones noted above. Analyst reports such as Gartner’s Magic Quadrant for Enterprise Information Archiving 2019 can provide additional perspective in the evolving compliance market and in vendor selection. We look forward to ongoing dialog with you throughout the year.

Share this post!

Brian Hill

Latest posts by Brian Hill (see all)

Archiving and Compliance Blog

Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.

More Resources

regulations compliance search review laws featured img
How to Supervise Your Suddenly Remote Broker-Dealers and Investment Advisers
Read more
mobile text communication sms channel featured img
Lessons From the EPA's Lack of Text Message Preservation
Read more
government columns federal building featured img
How CCPA May Impact the Future of Public Records Management
Read more

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.