Creating Effective Supervision Policies for Instant Message and Collaboration Platforms
The modern workplace is more connected than ever, and as new digital channels emerge, employees face a mountain of messages across screens every day. For companies in regulated industries that are required to monitor their employees’ electronic communications for compliance, managing every channel is already a daunting task.
Collaboration and instant messaging platforms like Slack & Microsoft Teams are the latest tools to transform how people interact at work. Within the last five years, Slack’s number of active daily users reached 12 million, and Microsoft reports that 13 million people every day are now using Teams.
Slack and Teams pose new challenges for compliance teams. They are integrated communication platforms that connect to many other applications, which extends their potential but covers a lot of content ground: voice and video calls, calendar scheduling, and collaborative editing of shared documents, to name a few.
Additionally, conversations on IM and collaboration platforms will move from desktop to mobile or vice versa. This can create gaps in data review unless all message types are captured and indexed with all metadata intact.
All these layers of complexity contribute to a high volume and assortment of data. They require nuanced supervision tactics and modern tools with granular capabilities for managing the process.
Balancing Random Sampling and Targeted Policies
Regulators often require that companies enact a couple different methods of supervision: random sampling of communications during certain time periods—to check for protected information that may have gone under the radar—and proactive policies that target specific words and phrases.
Collaboration channels enable a high rate of interaction, which means a lot of volume to monitor. There’s a balance to strike between identifying regulatory (and potential business and operational) risks, and casting such a wide net across your entire archive of communications data that supervision becomes unwieldy and inefficient.
This is especially true if your organization is at the enterprise level, where a random sample without narrowly defined parameters can be overwhelmed with white noise and high percentages of false positives. Enterprises are uniquely impacted by the large number of employees being supervised across all the various messaging platforms.
Internal and External Conversations to Manage
Though instant messaging and collaboration channels are mostly used internally, those online conversations pose just as much risk as—if not more than—external conversations.
In the case of a confidential or proprietary information leak, for example, if there is discussion about a company’s upcoming IPO, and that information is shared inappropriately it could introduce any number of legal issues.
But Slack and Teams are useful for communicating with third party users as well. Ensuring that brokers, advisers and executives can easily share information with clients and other outside partners is crucial.
One step to managing these concerns is to implement communication guidelines for internal and external interactions that specify which employees can use each channel. Another safeguard is to develop supervision policies with lexicons that support modern communication terms and outline the types of data that cannot be shared. Finally, review policies and escalation plans for violations with employees on a bi-annual basis.
How to Develop, Implement, and Refine Policies
To put a laser focus on what you’re capturing to meet compliance obligations, keep the following practices in mind as you build your policy framework to reduce noise, enable productivity and enact effective supervision policies:
- Determine a hierarchy of supervision for individuals and groups within your organization. Allow classified stakeholders to discuss confidential transactions on electronic platforms, and limit high-stakes visibility through the appropriate work supervisory policies (WSPs) that outline how applications may or may not be used.
- Develop a lexicon policy with your determined parameters to capture relevant terms. Make sure to account for common misspellings and conversational jargon.
- Work with your compliance team and internal resources to identify potential risky terms and phrases. An optimized lexicon is concise enough to capture variations in syntax, but not too broad to introduce too much “white noise.”
- Avoid the use of high-risk terms and domains by excluding them from the company’s approved lexicon. Exclusion policies in Pro Archive and Enterprise Supervision can provide an extra line of defense in the regulatory process.
- Bolster ongoing policy performance with targeted exclusions and regular, diligent random sampling. Don’t just set it and forget it. Schedule a standing meeting with stakeholders to check in on performance.
Whether it be for internal purposes or to satisfy regulatory requirements, organizations need well-tuned policies to enforce their supervision process. Proper policy setup is essential for efficient, intuitive message reviews and other workflows.
Policies can be custom-created, or built from templates provided by your solution provider, and should be fine-tuned on a regular basis for maximum performance and efficiency. Training and educating employees bring the cycle of policy-tuning full circle—making compliance highly efficient even as new platforms emerge.
For more on building policies for compliance, check out The Financial Advisor’s Guide to Social Media Strategy & Policy.
Share this post!
Archiving and Compliance Blog
Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.