Over the past 15 years, Smarsh has urged financial services firms to retain all of their electronic communications for compliance purposes – no matter what devices, applications or channels a firm uses to talk with customers and prospects, or even internally. Email, social media, text messages, website content and internal collaboration platforms are all fair game for regulatory scrutiny, so firms must keep them in check.

Unfortunately, when talking with compliance professionals, many tell us they are already overburdened by the communications supervision tasks at hand. As they continue to perform the same ol’ supervision processes they’ve used for years, they don’t adapt to the changing risks in their organizations. So, while struggling to do what worked a decade ago under today’s digital deluge, they fail to recognize or supervise what’s really most risky. To put it bluntly, supervision is broken. (But it can be fixed).

Here’s why. Firms know they must perform regular supervision of communications. The catch is that compliance must carry out this ongoing mission while dealing with an ever-widening set of content, rushing forward from a sea of social media channels, collaboration platforms and text messages. All of these are perceived to place additional strain on a firm that may not conduct message review often enough to truly identify and mitigate risk, or that buckles under the time and resource commitment needed to review email.

According to the 2016 Electronic Communications Compliance Survey Report, many smaller firms (1-5 employees) say they can only review electronic messages on an ‘as needed’ basis, usually when a regulatory exam or internal audit seems imminent. Small firms may want to do more, but this ‘retain and respond’ scenario is common because they often lack people and resources, and employees may wear many hats, including compliance responsibilities. This puts a small firm in a risky situation where it plays the odds, hoping the consequences of non-compliance are lesser than the need to channel resources into other activities besides systematic supervision. However, hope is not a sound business or compliance strategy.

For larger firms, supervision problems usually manifest in a different way. Most have more resources and time devoted to the review of electronic communications, but they may look at risk in all the wrong places. Long-established surveillance procedures tend to primarily target email, albeit rather ineffectively, as the volume of email a firm exchanges continues to grow. However, it’s probably not in email where the greatest risk exists.

Despite their specific supervision challenges, small and large firms share the following issue: they neglect the thorough supervision of newer forms of digital communication, which present the most risk. Social media, text messages and other forms of content remain unsupervised while compliance employees continue to spend countless hours reviewing only email and older communication types. Meanwhile, we’ve seen time and time again that nefarious actors converse on newer, less-supervised channels like chat and mobile devices.

To deal with communications channels besides email, firms may attempt to do one of the following:

• Prohibit the use of newer, non-email communications channels. This rarely works, because firms still must prove to regulators that their system of prohibition is adhered to and enforced. Meanwhile, investors want to interact with their financial advisors in new and different ways, and forward-thinking reps push their firms to provide them with the tools necessary to keep growing the business.
• Put their head in the sand, and fail to acknowledge that new communications channels are used by firm employees and customers. Chances are that several new channels are being used (without compliance oversight), and regulators will find out about it.
• Extend email supervision tactics already in place. This isn’t a viable approach, because outdated supervision solutions and processes that center on email aren’t likely to adapt well to new communications channels, which are far more dynamic and complex. And if firms already rely on inefficient existing procedures – like random samples or lexicons that haven’t been updated – applying these to email PLUS new content means firms ultimately create more inefficiency for more people.

It’s clear that what got firms here won’t get them where they need to go in this highly regulated environment.

At the same time, here’s what’s promising: a comprehensive archive platform represents a technology disruption that will drive the efficiencies necessary to scale supervision initiatives, for small and large firms.

The comprehensive archive platform category by definition begins with the ability to store all content types in a single repository. The true value emerges when it comes to what can be done with the data in the archive.

By using a comprehensive archive and leveraging an automated policy engine to reflect a firm’s governance policies, review teams can upgrade antiquated random samples and lexicons with policies designed to find specific risk, such as complaints or anti-money laundering. Using the best practices of the financial services industry and the power of automation, compliance teams can also introduce intelligent exclusions to their policies to reduce the amount of false-positive messages to review. In addition, teams can review, report on and tune policy effectiveness, and automate the prioritization of content that merits more scrutiny.

From there, specialized review workflow capabilities in a comprehensive archive enable compliance teams to focus high-priced professionals on the most pressing e-communications compliance risks.

Options to supplement or redeploy existing staff to more valuable tasks can then be evaluated, to help allocate the right amount and knowledge level of people required to conduct reviews. In this way, the human bandwidth gained from the more efficient use of a firm’s reviewer resources can be directed at a broader set of content types to reduce risks within the expanded compliance perimeter.

That’s just the beginning. Many firms also already use content from their archive for purposes outside of compliance and risk management. Those on the cutting edge use behavioral analytics, relationship mapping, predictive logic, and correlate data sets and data types to provide even more power to surface information efficiently from the archive. To leverage this innovation today and in the future, however, the content needs to be available for the machine to learn from – in other words, it needs to be archived.

Creating a sustainable, scalable and holistic approach needed for effective electronic communications supervision is elusive but surprisingly simple.  A philosophical shift away from the incremental addition of new content types and supervision tasks toward a more comprehensive yet efficient approach might be all that’s needed. Once firms can understand that the world of electronic communications is not going to slow down, they can then shift their approach away from denial and prohibition toward embracing and enabling. Wouldn’t it be great if compliance was ready to support and supervise any new communication tool the business wanted to use almost immediately? To do this, however, we recognize that compliance can’t be overburdened by each and every one of them.

The solution boils down to being able to capture and store all types of content, in one place and then exploiting the many efficiency tools that are available to continuously speed up and automate routine tasks. Ultimately, this allows a limited amount of compliance resources to have much better supervision as they look across all content – including the riskier, newer types – while not increasing their workload along the way.