Practical Advice for Information Governance and Off-Channel Communications Compliance
The recent regulatory focus has been centered on large financial institutions using prohibited (or off-channel) communication tools. At its core, the discussion here is how firms can be more effective in identifying and remediating the challenges around information governance.
Tool prohibition or elevation?
Organizations are tasked with determining which communications tools they need to support their business and tap into the preferences and needs of their customers. Ultimately, they need tools that will:
- Generate the greatest amount of engagement with their audiences
- Enable internal collaboration
- Improve the effectiveness of decision-making
From a governance perspective, information either creates value or risk. Organizations have been thinking about information governance from a structured data perspective, asking themselves, “How do we deal with files and transactional data?”
It's a discipline that's understood within organizations dealing with established forms of data. However, my contention is that companies need to extend that process of infrastructure and policies to these unstructured communication sources as well. While deciding which tools to prohibit, companies need to consider how tools could improve their internal collaboration and engagement with their audiences.
Could prohibiting WhatsApp or another channel pave the way for faster, more efficient communication? Would approving the use of additional channels enable more conversations with customers than would otherwise exist?
Likewise, organizations also need to consider the risks of these tools beyond regulatory risks. While the regulatory implications are front and center, there are other issues that could arise from the use of new and more numerous channels. Currently, we see organizations looking at other risks including data privacy, data security, potential litigation risk and potential loss of intellectual property.
These are all things to consider because digital communication tools are creating risks that may reside exclusively in the virtual world, including inappropriate texts. So, when you’re deciding about how to prohibit or evaluate a tool, your assessment must be holistic.
Steps to proper information governance
Off-channel communications is not just a buzzword or trending topic in the realm of information governance. It’s a serious and current issue for regulated industries. In a world so intricately connected through social media, text messaging, and collaboration platforms, organizations need to stay exam ready when regulators come knocking — and that all starts with establishing proper information governance.
Step 0: Set the tone
Companies must reassess the way that they make prohibition decisions. Governance councils and stakeholder engagements need to occur more frequently and with senior-level executives getting involved. That will set the tone from the top, and with a more holistic operationalized process — that's where governance begins.
1: Trust but monitor
Having policies, procedures and training are all part of making sure that people are using the approved tools properly. Employees must understand where the guardrails are, too. This requires that companies actively manage communications. Simply banning TikTok, WhatsApp, Signal, Discord or whatever the tool is, can't be the end of the conversation. You can trust your people but as a compliance officer or risk manager, you need to have visibility to know whenever people use prohibited tools. There needs to be policy and procedures that kick in when you see those channels being used.
2: Use the right technology
Start with the right capture technology. You need to have purpose-built technology that allows you to capture the context, modalities, and all the things that are unique about collaboration platforms, social media applications, and text messaging. Secondly, you need to have the right infrastructure in place. Captured communications data need to be efficiently indexed and searchable across all the different communication sources. There’s no point archiving a message if you can’t find it later.
3: Establish communications oversight
Organizations in highly regulated industries must their business-related communications. Regulators are focusing on off-channel communications and setting the tone for fines and penalties for non-compliance in that area.
To supervise those communications, companies need triggers that alert them to infraction and possible risks. With proper lexicons in place, that contain certain keywords are flagged for review. It’s important that companies be proactive instead of reactive when it comes to oversight, because simply having a prohibition policy without ongoing inspections won’t fly with regulators.
What the future holds for information governance and off-channel communication
Information governance is typically framed as preventing or reducing problems. This is especially true in the case of off-channel communications with the hottest subtopics being prohibition and risk mitigation. However, there’s so much value in properly managing your information.
Organizations are beginning to realize that communications data and information can be one of the most important assets to the business if it’s shown the necessary care and attention. This data we’re talking about is information on your customers — how they choose to engage, react and respond. That insight could unleash greater value for an organization, informing your internal stakeholders as well as fueling other applications.
Companies are starting to realize that investing in technology, policies, training and enforcement is valuable to the business. It potentially enables the agility and responsiveness that a company needs to be more competitive. There’s no other way around it, your communications data and customer information must be utilized and managed properly.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.