Regulatory Hotspots: Good Enough Isn’t Good Enough
In the ever-evolving landscape of compliance practices, emerging technologies like ChatGPT garner significant attention from compliance professionals. It’s all too easy to recognize the potential of these tools to streamline repetitive tasks, enhance supervisory review, and transform compliance practices.
However, accurately predicting the complete impact of such technology remains a challenge. In a recent webinar, we sat down with Mimi LeGaye, president and founder of MGL Consulting, to discuss the evolving regulatory expectations and provide valuable insights on how firms can effectively prepare for examinations.
Watch the webinar, "Regulatory Hotspots – Good Enough Isn’t Good Enough."
Here are key takeaways from the conversation highlighting the ongoing challenges of managing digital communications and adopting more effective compliance practices.
Assessing ChatGPT's impact on compliance programs
When polled to assess ChatGPT and its influence on shaping compliance programs throughout 2023, webinar attendees believed it was premature to ascertain the full impact of this technology. The rapidly evolving nature of technological advancements presents challenges in accurately predicting their effects.
Nevertheless, it was evident that ChatGPT has garnered significant attention from compliance professionals who anticipate its potential to automate repetitive tasks, enhance supervisory review and transform compliance practices.
Navigating regulatory hotspots: Insights into compliance expectations
This year has seen significant developments in exam preparation and regulatory expectations. One of the key areas of focus has been the rapid acceleration of technology driven by the hybrid work environment and advancements in compliance automation.
Regulatory bodies like FINRA and the SEC are adopting a holistic approach to digital communications. This poses challenges for firms in effectively managing and supervising a wide range of communication channels.
“We've seen several enforcement cases over the last six months where FINRA is really digging into the practices around supervision,” says LeGaye. “Not just do you have written policies, but do those policies line up with your actual practices? And how are you documenting your supervision? And is it being done timely?”
To shed light on these critical areas, here are some valuable insights for navigating regulatory hotspots and staying ahead of compliance requirements.
Technology acceleration
The pandemic and changing demographics have resulted in the swift adoption of new communication channels, such as WhatsApp, text messaging, and collaboration platforms like Teams. Regulators are now scrutinizing how firms utilize and monitor these technologies.
“Firms need to review additional guidance from FINRA and the SEC regarding the use of electronic communications, social media, personal devices, collaboration platforms and video protocols,” says Tiffany Magri, Regulatory Compliance Advisor at Smarsh. “It’s important to think through how to use business communication technologies within regulatory frameworks.”
“Regulators are really focusing on technology and application capabilities and the firm's adoption process,” says LeGaye. “Does the firm really understand the capabilities of the different technologies they're allowing their folks to use?”
LeGaye adds that firms need to be able to describe the following:
- What’s the technology or vendor vetting process?
- What’s the rationale behind allowing a particular communication channel?
- How will a channel be captured?
- How are the firm’s activities supervised — and how will the firm document that supervision?
Evolving regulatory expectations
Regulators are taking a comprehensive approach to digital communications beyond written content. They are interested in how firms handle various technologies, including video, whiteboards and chat.
Again, firms are expected to demonstrate proper supervision and documentation practices.
Redefining recordkeeping policies
Firms must reevaluate their recordkeeping policies, particularly in determining what constitutes a business communication. Regulators emphasize the importance of content in digital communications, regardless of the medium used.
“The applications we're using today are embedded with modalities, including voice, video, transcripts, and other advanced technologies that now are just part of the body of a record,” says Robert Cruz, V.P. of Information Governance at Smarsh. “It's just the nature of the technology, especially around collaboration.”
Broadening the scope of recordkeeping requirements
Regulators are increasingly interested in capturing both internal and external communications to understand decision-making processes. Amendments to rules like SEC 17a-4 highlight the need for compliant retention of electronic records.
“We're seeing regulators focused on making sure that firms are capturing internal communications as well as external communications,” says LeGaye. “Regulators want to understand the thought process that goes into the decisions that are being made on a business level and who is involved in those discussions. And if you look at the new amendments made to SEC 17a-4 from a recordkeeping perspective, it's very broad when it comes to any electronic records needing to be maintained.”
Exam preparation
Effective exam preparation is crucial for ensuring compliance and mitigating regulatory risks. Firms can increase their chances of success by adopting a proactive approach to build a strong compliance culture and address compliance gaps.
Firms should view examinations as opportunities to strengthen compliance programs and stay ahead of regulatory requirements. Taking the following steps ahead of time, and documenting and retaining the necessary evidence, is crucial to be well-prepared for examinations, including:
- Understand the examination process: Firms should thoroughly grasp the objectives, scope, and regulatory expectations to align their efforts
- Build a strong compliance culture: Establishing a culture of compliance throughout the organization is crucial and promotes ethical behavior and proactive compliance approaches
- Conduct internal assessments: Comprehensive internal assessments covering policies, risk management, and record-keeping practices can help identify compliance gap
- Maintain documentation and recordkeeping: Having organized, up-to-date, and comprehensive records demonstrating compliance with regulatory requirements is essential
- Practice with mock examinations and interviews: Simulating the examination process internally can identify areas for improvement and enhance communication skills with examiners
- Engage external expertise: Seeking guidance from experienced consultants can provide an objective perspective and tailored recommendations
- Monitor and make enhancements continually: Regularly reviewing and updating policies, conducting internal audits, and staying informed about regulatory changes help proactively evolve compliance practices
“Make sure that you're going back and doing ongoing evaluation of the different technologies,” says LeGaye. “Test the systems to make sure they're working the way you intend for them to work and that you understand what the technology is capable of.”
Good enough isn’t good enough
In today's regulatory landscape, mere "good enough" compliance is no longer sufficient to navigate the intricacies of regulatory hotspots. The advent of ChatGPT and other technological advancements introduces both uncertainty and potential for automation in compliance programs.
To navigate these challenges effectively, firms must be current with evolving regulations to:
- Understand expectations
- Be prepared for examinations
- Adapt and enhance their strategies
- Embrace technology
- Strengthen training and education
- Maintain a proactive approach to compliance monitoring
By embracing these practices, organizations can strive for excellence and help ensure compliance amidst a dynamic regulatory environment.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US