Creating Effective Supervision Policies for Instant Message and Collaboration Platforms

November 14, 2019by Smarsh

Subscribe

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

The modern workplace is more connected than ever, and as new digital channels emerge, employees face a mountain of messages across screens every day. For companies in regulated industries that are required to monitor their employees’ electronic communications for compliance, managing every channel is already a daunting task.

Collaboration and instant messaging platforms like Slack & Microsoft Teams are the latest tools to transform how people interact at work. Within the last five years, Slack’s number of active daily users reached 12 million, and Microsoft reports that 13 million people every day are now using Teams.

Slack and Teams pose new challenges for compliance teams. They are integrated communication platforms that connect to many other applications, which extends their potential but covers a lot of content ground: voice and video calls, calendar scheduling, and collaborative editing of shared documents, to name a few.

Additionally, conversations on IM and collaboration platforms will move from desktop to mobile or vice versa. This can create gaps in data review unless all message types are captured and indexed with all metadata intact.

All these layers of complexity contribute to a high volume and assortment of data. They require nuanced supervision tactics and modern tools with granular capabilities for managing the process.

Balancing Random Sampling and Targeted Policies

Regulators often require that companies enact a couple different methods of supervision: random sampling of communications during certain time periods—to check for protected information that may have gone under the radar—and proactive policies that target specific words and phrases.

Collaboration channels enable a high rate of interaction, which means a lot of volume to monitor. There’s a balance to strike between identifying regulatory (and potential business and operational) risks, and casting such a wide net across your entire archive of communications data that supervision becomes unwieldy and inefficient.

This is especially true if your organization is at the enterprise level, where a random sample without narrowly defined parameters can be overwhelmed with white noise and high percentages of false positives. Enterprises are uniquely impacted by the large number of employees being supervised across all the various messaging platforms.

Internal and External Conversations to Manage

Though instant messaging and collaboration channels are mostly used internally, those online conversations pose just as much risk as—if not more than—external conversations.

In the case of a confidential or proprietary information leak, for example, if there is discussion about a company’s upcoming IPO, and that information is shared inappropriately it could introduce any number of legal issues.

But Slack and Teams are useful for communicating with third party users as well. Ensuring that brokers, advisers and executives can easily share information with clients and other outside partners is crucial.

One step to managing these concerns is to implement communication guidelines for internal and external interactions that specify which employees can use each channel. Another safeguard is to develop supervision policies with lexicons that support modern communication terms and outline the types of data that cannot be shared. Finally, review policies and escalation plans for violations with employees on a bi-annual basis.

How to Develop, Implement, and Refine Policies

To put a laser focus on what you’re capturing to meet compliance obligations, keep the following practices in mind as you build your policy framework to reduce noise, enable productivity and enact effective supervision policies:

  • Determine a hierarchy of supervision for individuals and groups within your organization. Allow classified stakeholders to discuss confidential transactions on electronic platforms, and limit high-stakes visibility through the appropriate work supervisory policies (WSPs) that outline how applications may or may not be used.
  • Develop a lexicon policy with your determined parameters to capture relevant terms. Make sure to account for common misspellings and conversational jargon.
  • Work with your compliance team and internal resources to identify potential risky terms and phrases. An optimized lexicon is concise enough to capture variations in syntax, but not too broad to introduce too much “white noise.”
  • Avoid the use of high-risk terms and domains by excluding them from the company’s approved lexicon. Exclusion policies in Pro Archive and Enterprise Supervision can provide an extra line of defense in the regulatory process.
  • Bolster ongoing policy performance with targeted exclusions and regular, diligent random sampling. Don’t just set it and forget it. Schedule a standing meeting with stakeholders to check in on performance.

Whether it be for internal purposes or to satisfy regulatory requirements, organizations need well-tuned policies to enforce their supervision process. Proper policy setup is essential for efficient, intuitive message reviews and other workflows.

Policies can be custom-created, or built from templates provided by your solution provider, and should be fine-tuned on a regular basis for maximum performance and efficiency. Training and educating employees bring the cycle of policy-tuning full circle—making compliance highly efficient even as new platforms emerge.

For more on building policies for compliance, check out The Financial Advisor’s Guide to Social Media Strategy & Policy.

Share this post!

Smarsh

Smarsh

Smarsh® helps organizations get ahead – and stay ahead – of the risk within their electronic communications. With innovative capture, archiving and monitoring solutions that extend across the industry’s widest breadth of channels, customers can leverage the productivity benefits of email, social media, mobile/text messaging, instant messaging/collaboration, websites and voice while efficiently strengthening their compliance and e-discovery initiatives.

A global client base, including the top 10 banks in the United States and the largest banks in Europe, Canada and Asia, manages billions of conversations each month with the Smarsh Connected Suite. Government agencies in 40 of the 50 U.S. states also rely on Smarsh to help meet their recordkeeping and e-discovery requirements.

The company is headquartered in Portland, Ore. with nine offices worldwide, including locations in Silicon Valley, New York, London and Bangalore, India. For more information, visit www.smarsh.com.
Smarsh
Archiving and Compliance Blog

Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.

More Resources

Connected suite spotlight 2019 ft category
Enterprise Supervision Enables 'Superveillance' for Global Financial Organizations
Read more
Connected suite spotlight 2019 ft category
How UX Design Helped Shape the New Enterprise Supervision Workflow
Read more
Supervisory policies blog
Creating Effective Supervision Policies for Instant Message and Collaboration Platforms
Read more

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.