Digital Communications Compliance: Predictions for the 2nd Half of 2023

Off-channel: The beginning of the end of regulation by enforcement?

The move toward corporate-owned devices (COD) continues, with limits

While we can expect a continuation in the shift toward COD strategies, the economics of deploying and maintaining mobile devices becomes more challenging with size. This will drive greater awareness of mobile device management (MDM) features available to support BYOD strategies, as well as an increase in firms that use hybrid approaches.

Oversight practices of mobile remains vexing

The playing field expands to non-text-based messaging

As noted by FINRA at the annual conference, firms should be considering the use of alternative content formats like voice and emojis as potential sources of off-channel activities from those attempting to avoid monitored channels. We expect that scrutiny in this area will intensify given the nature of today's multi-modal collaborative tools and will likely be the subject highlighted in future enforcement actions.

Self-reporting and stronger collaboration with regulators will increase

The SEC made a very clear statement in contrasting its most recent enforcement actions in the $7M to $15M neighborhood against the more sizable earlier fines. In paraphrasing SEC enforcement head Grewal's words, the difference is intentional to reflect firms that had self-reported off-channel lapses and action taken on deficiencies that had previously been identified. The results of this message should become evident through additional enforcement actions in the second half in the 'smaller' fine category for global banks, as well as smaller broker-dealers and advisers.

ChatGPT will make its mark on compliance

Over the last year, ChatGPT and other large language models (LLMs) have gone from the obscure to the mainstream. What has become clear is the enormous potential to completely redefine everything from specific jobs to entire industries. What needs to be clarified are the implications for regulated businesses in terms of understanding how they can be governed to remediate their risks effectively. Here’s what lies ahead:

Prohibition policies will be enacted

Despite the disruptive opportunities created by AI, the policy move most firms will make is to say 'no' until they have a better understanding of its impact and risks. For many of its potential uses, ChatGPT serves as a tool to support decision-making and delivery of content, and as such, will initially be treated under the same (if not greater) level of scrutiny as other unapproved communications tools currently under the regulatory microscope.

Due diligence of existing applications will intensify

As we've seen countless times, prohibition is rarely effective, and it isn't easy to see a different outcome for an area of technology that is driving at a pace of innovation never seen before. Firms can provide policies, training and squash internal projects. Still, they will continue to expend a growing amount of energy in assessing how AI-driven functionality may be embedded by existing applications and systems to ensure that the firm's assets and information are not exposed to models with inadequate controls.

Firms will prioritize investments in controlled applications and systems

Despite the hype surrounding ChatGPT, regulated firms will look first toward large language models designed and trained for specific, controlled processes such as conduct surveillance for investigation of off-channel communications and outside business activities. Other processes are also likely to focus on internal decision-making processes using closed models where inputs and outputs can be better controlled.

AI will change monetization strategies of content source providers

AI and LLMs will continue to be seen as a monetization opportunity for many, including Microsoft, Google, Salesforce, Meta and what remains of Twitter. This has changed the perception of value created by the information within their applications and has resulted in a change in the cost that some seek to impose to extract information from those applications. This has significant implications for the content sources financial services firms choose to allow for business use and will result in increased pushback from the industry and a switch to more economically favorable alternatives.

Regulators will chime in

With opportunity comes the potential for fraud and abuse, followed by regulatory focus. As the SEC has already stated that it sees AI as a source of the next financial crisis, we should fully expect guidance from the SEC on how regulated firms should attempt to govern its use and manage its risk.

FEATURED SESSION

Mitigate Cyber Compliance Risk: Policies in Your Cybersecurity Framework

On-demand webinar

WATCH NOW

Share this post!

• Author
• Recent Posts

Robert Cruz

Vice President, Information Governance at Smarsh

Robert Cruz is Vice President, Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.

Latest posts by Robert Cruz (see all)

• REGULATORY ALERT: SEC Targets Its Own Staff’s Text Messaging - April 30, 2024
• Smarsh Connect 24: Stronger, Faster and Smarter - April 24, 2024
• The Big Question at SIFMA C&L Orlando: “Can We Just Be Done with Off-Channel Enforcement Now?” - March 25, 2024

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.