How to Build a Strong Compliance and E-Discovery Program During COVID
Remote work means more electronic communication
COVID-19 has changed business operations across industries and businesses the world over. Executives in charge of records management, e-discovery, and compliance shouldn’t be surprised that the virus is transforming your part of that world, too.
Let’s begin with what has changed in the last several months. Huge portions of the workforce have been told to work remotely, and they’re likely to keep working remotely for…well, we don’t even know. In some cases, forever.
That means more communication via electronic channels. And that means more data, generated on more messaging apps: Slack, iMessage, WhatsApp, Facebook, LinkedIn, and many more. Plus traditional email programs. Communication will also happen on other apps that perform business tasks, but have chat capabilities built into them.
Now consider what hasn’t changed. First, regulatory requirements for records retention or employee surveillance; and second, litigation risks that require a company to dig up relevant information. Those burdens existed before coronavirus emerged, and they will remain after its defeat.
So what do those two facts mean for compliance officers? That you need to map old regulatory compliance and e-discovery burdens on a new communications landscape.
In an abstract sense, that’s not news. Compliance officers have always had to nudge their policies, procedures, and technologies to evolve along with the times. In practical terms, however — nothing has accelerated that task like COVID-19 is doing right now.
Understanding today's compliance challenges
To navigate this COVID-challenged world, compliance officers need to strengthen two capabilities of their compliance programs.
First is the sheer collection of data. Employees are communicating across multiple apps, using multiple devices (both personal and company-issued), over unknown networks. That data must be collected and stored, regardless of how it was generated and what format it uses.
Second is the analysis of that data. When we say that COVID-19 is forcing us to perform old routines in new ways, misconduct is no exception to that rule. Employees will try to exploit gaps in communication oversight or mask their true intentions behind emojis with multiple interpretations or punch out an intemperate message on the keyboard they would never speak aloud. Once those actions exist in your data archive, you’ll need a way to bring them to the surface.
Building a strong compliance program
To meet those challenges of data collection and analytics, compliance officers will need to assure that several components of an effective compliance program are present and working well:
Clear policies and training about how employees should communicate. This includes which apps and devices to use, which security protocols to follow, and so forth. After all, most employees want to follow the rules and support their firms — so compliance officers should make doing so as clear and easy as possible. Even when an employee doesn’t follow those rules, the existence of clear policies and training will help the company reduce its liability for a compliance failure.
Workflows and procedures that employees will want to use. For example, if the company wants employees to use certain messaging apps or to follow certain security protocols, those steps should be easy for employees to do. Otherwise, they will see compliance with rules as an obstacle to their “real” jobs, and develop a workaround. This point is especially true today with COVID-19, where so many employees are working remotely, far from direct oversight and with easy access to their own technology.
Utilizing advanced technology that is capable of gathering disparate data. This includes unstructured data from emails or chat messages. That data will need to be stored in a secure repository, even if that location is a “virtual” repository that exists in several physical locations to respect global privacy rules.
Data analytics, driven as much as possible by artificial intelligence. For example, a winking emoji can carry all sorts of meanings depending on the context. It won’t be enough to find all messages with that emoji, because human review of so many results is impossible. AI can allow sophisticated sentiment analysis to separate harmless winks at a joke and leave humans to analyze the remaining results that suggest something more sinister.
Strong alerting and reporting capability. This way compliance officers can discover potential trouble more quickly and report risks to senior executives as necessary.
Staying ahead of risk
None of those ingredients for success should surprise compliance officers. In one form or another, they’ve all been necessary for years, for a host of compliance risks.
What’s changed is that COVID-19 has increased the urgency of putting these ingredients into place. The longer a business waits, the more its real operations drift away from pre-virus policies, controls, and technologies that no longer keep pace with the risks. Don’t fall into that trap.
Share this post!
Matt Kelly
Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in the inaugural class of 2008 and named to Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77). In 2018 he won a Reader’s Choice award from JD Supra as one of the Top 10 authors on corporate compliance.
Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006 through 2015.
Latest posts by Matt Kelly (see all)
- Fostering a Better Climate for Employee Surveillance - July 6, 2021
- Electronic Communication: Lost in Translation - April 27, 2021
- What ‘the New Normal’ Really Means for Compliance - February 23, 2021
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US