Off-Channel Communications: Lessons Learned for E-Discovery and Non-Financial Service Firms

July 23, 2024by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

The past two years have been marked by a nearly non-stop focus from financial services regulators on using unapproved communications tools. The heat from regulators has increased greatly over the years, and this scrutiny has spread beyond financial services firms. The purpose is clear: to assess the firm’s ability to identify where employee misbehavior and policy infractions may be happening. If these activities are happening on unapproved communications tools, a firm’s ability to examine records of those activities is significantly limited.

So, what are the lessons learned that can be leveraged by firms outside financial services, particularly since the U.S. Department of Justice announced it will also examine corporate compliance programs and how they are addressing this topic? This was the question we recently posed on our webinar with Exterro’s VP of Product Brad Harris and Radical Compliance founder Matt Kelly.

Here are some of the key takeaways — which are expanded upon in our guide: Tackling the Challenges of Off-Channel Communications.

A new culture of on-channel compliance

Matt Kelly, Founder of Radical Compliance, reiterated a point raised several times in previous webinars — there is no perfect solution. This is because of the proliferation of tools, the imperfections in each, and the fact that businesses will not be deterred from using those that enable productivity and results.

As a result, the central issue is more about corporate culture and reinforcing the message to employees that business-related communications cannot occur outside of approved channels.

“You might be using your own phone to make dinner plans. That's okay,” said Kelly, “But you may not be speculating about your client's market trading strategies with your coworkers on iMessage or Snapchat. [That’s] not okay.”

Consequence management is also a key element, which is how you punish offenders. But this is far trickier for non-financial firms where this issue is still relatively new.

Exterro’s Brad Harris added to not consider this topic solely in terms of apps but also other tools, such as project management tools like Asana and ticketing systems like ServiceNow, Jira, Atlassian or Confluence. “All of these various tools now are embedding the ability to chat with other users within these applications,” said Harris. “So, think about the challenge being much more broad than just about specific applications.”

From the SEC to DOJ: What’s the message?

Matt Kelly, has written extensively on regulatory action, including actions from the SEC and statements from the DOJ. He noted that the requirement to hire independent consultants to examine compliance programs can be “exacting and onerous” given their wide-ranging purview over surveillance programs, technology use, training programs, records preservation, as well as enforcement from firms.

“Do more senior executives get harsher penalties because they should know better? Do lower-level people who are repeat offenders also get harsher penalties because they're repeat offenders? That is going to be onerous for a lot of companies.” Kelly concluded that if the terms ‘widespread and pervasive’ and ‘failure to follow up on red flags’ appear in your assessment of off-channel communications, you're going to have a painful conversation with the regulator— whether that's the SEC or the Justice Department— because it points directly at your corporate culture.

Harris noted that one of the more significant implications of the focus on off-channel will be to pull different disciplines within an organization into these discussions.

“It's not just your compliance department, your legal department for litigation, or your cybersecurity team for cyber breaches. All of these various disciplines are gaining knowledge and awareness of these activities.”

Risk assessments must be an inter-departmental collaboration

Kelly sees firms outside of financial services quickly becoming aware that this is a tough problem. Many are looking at it first in terms of policy adjustment. And they’re just now beginning to explore IT solutions to try and make sure that their oversight capabilities are keeping pace with this evolving and borderless risk.

However, the problem can be most difficult on the human side, and firms are now moving beyond employee training into thinking about consequence management with scaled tiers of infractions and discipline that can be as severe as firing.

Harris emphasized that organizations often know far more than they realize but sometimes don't share learnings as they go. Compliance, legal, HR and investigative teams are often asking the same questions about which communications tools are being used. Organizations that are proactive and bringing those disciplines together are in a better posture to respond, regardless of the issue being regulatory, litigation, or investigative in nature.

Ultimately, knowing where communications are taking your business reinforces the point that this issue is about behavior, not policies or technology. Staying in step with this constant pace of innovation is the biggest communications challenge firms face, and the best approach is making adjustments in policy, training and technology demonstrate a culture of compliance.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.