Compliance & Legal Industry Insight: Digital Communications Are Front and Center
For several years, Smarsh has attended and sponsored top e-discovery and financial services regulatory compliance industry events, including Legalweek, SIFMA C&L and FINRA Annual. Along with our customers and partners we have a unique perspective on the regulatory and legal challenges firms are experiencing as digital communications have evolved.
The events have explored different headline topics over time, from predictive coding adoption and FRCP changes at Legalweek and the International Legal Technology Association’s event (ILTA) to the impact of deregulation followed by “regulation by enforcement” at SIFMA C&L and FINRA Annual.
Until this year. Hopping back into the in-person conference circuit revealed just how much the world has changed. Our collective reliance on digital communications tools like Zoom, Teams, and Slack — combined with the demographic pull toward social networks like TikTok and Instagram around topics like cryptocurrencies — was noticeable everywhere.
We even managed to engage in a discussion or two about the compliance and risk implications of the metaverse. It’s clear that we’ve reached an entirely new era in business communications. To paraphrase the great Dr. John, “I’ve been in the right place, but it must have been the wrong time.” Well, the time has come.
Business operations, technology infrastructure and both internal and external communications have rapidly, irreversibly advanced — resulting in new and unique legal, compliance and cybersecurity risks. Legal and compliance minds (mostly) agree — there is no turning back to how things used to be. Let’s discuss some of the highlights.
SIFMA Compliance & Legal: The Storm is Here
Several sessions at SIFMA’s Compliance & Legal event touched on the use of digital communications. This focus wasn’t entirely surprising, considering the various related topics recently addressed by regulators, including:
- The SEC’s investment advisor marketing rule to incorporate evolution in communications technology
- Proposed changes to the immutability storage requirement outlined within SEC 17a-4
- The Presidential Executive Order calling for coordination on cryptocurrency regulation
In the Smarsh breakout session, “Digital Communications in the Hybrid Workforce,” (the highest-attended breakout session) we explored the concerns around social media practices — including the unauthorized use of prohibited networks and the impact of “Finfluencers.” We also discussed how to respond to the requirements outlined within the SEC cybersecurity rule — such as how to best respond to the 48-hour breach reporting requirement and third-party-risk assessment demands.
This will continue to create a challenge for resource-strapped compliance teams, but the indicators all point in the same direction: firms will continue to see new tools and greater adoption of digital platforms into the foreseeable future. It’s time to update policies, refresh training and modernize automated controls.
Other topics touched upon throughout the conference included:
Updated marketing/advertising rule
Conversations continue about how firms will respond to new definitions of advertising and solicitation proscribed under one rule — prior to the enforcement window, which opens in late 2022. While firms appear to appreciate the greater flexibility around the use of social media, many remain immersed in updating policies, procedures and disclosures to address the principles in the updated rule.
Remote work supervision
Firms are looking at where business takes place in this environment and whether their tools and oversight processes remain suitable, specifically as they relate to communications with the public. Panel discussions highlighted the need for supervision and monitoring of communications to include the potential use of prohibited networks to spot outside business activities (OBA).
Social media “Finfluencers” and gamification
This is a priority for the SEC, as they are looking at how firms are using social media to attract and refer clients, what controls are in place, and what surveillance is in place for Finfluencers. It’s been a record-breaking couple of years for new accounts, and particularly new retail investors. Regulators will begin to focus on protections for these activities.
Digital engagement practices (DEPs)
Panel discussions were focused on using digital engagement practices to engage with customers in a fun way with a focus on educating investors. Regulators appear to remain focused on protecting investors from manipulations (more frequent trading, trading outside their risk tolerance or sophistication, etc.). Panelists were clear that they didn’t feel a need for more regulations here, but that they would expect a regulatory notice to clarify some of the issues addressed in the regulator’s Request for Comment letter.
LegalWeek: The Earthquake and Approaching Tsunami
Similarly, the impact of digital communications on e-discovery workflows and processes was not lost upon the event agenda, nor within the stories being told by many e-discovery service and technology providers.
The urgency among practitioners appeared a bit different than at SIFMA for a few key reasons:
- Many firms remain locked into the technology and workflows that they’ve become accustomed to (namely, centered on messages, files, and attachments)
- They’ve not fully internalized how critical non-messaging modalities (e.g., embedded voice, video, collaborative editing, whiteboards, etc.) can be to understanding the conversational context
- They may not be familiar with technologies that address these new forms of collaboration
Our panel session, "Hybrid Work and the Discovery of Collaborative, Social and Mobile Content," explored this topic and arrived at similar conclusions: the use of interactive and collaborative content sources is part of the shift that many organizations were seeing explode even prior to the pandemic. The actions that they see firms are taking to address this reality include:
Establishing governance programs
Stepping up governance programs to evaluate the business benefits, vs. risk/cost of new technologies being considered for business use, in partnership with compliance, security, and technology stakeholders.
Ongoing evaluation of communications technology
Continually inspecting existing tools with an expectation of the agile release of new features and, in some cases, before risk controls can be implemented.
Rethinking content preservation policies
Re-examining policies to determine if a change from reactive to proactive preservation makes sense for that specific technology (in order to avoid the alternative of wrestling with content providers that may or may not know your specific discovery demands).
Modernizing e-discovery
Understanding the extent to which current discovery technologies can comprehend new modalities, or leave discovery teams with a puzzle to reassemble conversational context.
Employee training
Ensure that employee training programs reflect hybrid work models and the use of currently supported tools used by specific job roles to ensure that individuals understand the risks and possible negative impact on their business.
The impact of the digital communications tsunami may not have yet been felt by all compliance and legal stakeholders in these two gatherings. But it is now visible to more and its ultimate arrival onshore is inevitable.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US