Why Hybrid Work Can’t Go Unsupervised
Hybrid and remote work rely heavily on digital communications such as Slack, Zoom, Microsoft Teams and others. While this gives organizations the ability to hire and work with talent from anywhere in the world, it does come with implications affecting those in regulated industries such as financial services firms.
Collaboration technologies empower employees to communicate and engage in many forms — whether that’s text, voice, video, attachments or any of the constantly new features that are rolling out on a regular basis. The diversity of communications data also creates challenges in how firms can maintain supervisory control.
Combined with new technologies, work from anywhere and demographic shifts are creating unprecedented information variety. Firms must be mindful of:
- Evolving methods of capture and feature control
- New features defaulted on, many without previous notification
- Mismatch between legacy discovery tools and today’s communications
Watch the full webinar: Why Cyber & Hybrid Work Can’t Go Unsupervised.
Regulators are catching up
Non-email communications continue to be the new focus along with WORM failures, deficiencies in WSPs, and even failures to properly review red flags discovered in supervisory procedures.
FINRA fines jumped 60% in 2021 even as case numbers dipped. The SEC also reported a 33% increase in penalties. This shows that the cost of these infractions is growing, and regulators aren't shy in doling out punishment.
Melissa MacGregor, AGC and Managing Director from SIFMA, says:
"I think a lot of the cited firms either had failings where they've adopted a new technology or a new product or a new line of supervision, but then perhaps didn't totally execute on that as well as they could have. In some cases, changes have been made on the backend. These firms didn't know about it or didn't have the right policies and reviews in place to understand that some of those things were happening. And then they find out about it too late."
This emphasizes some of the things that are coming through in various regulatory enforcement actions, including the most recent FINRA Exam Priorities letter.
However, this does show that regulators are looking at new technologies and trying to understand how firms are using them, how they impact compliance, and where firms need to update their policies and procedures.
Old rules can’t regulate modern practices
Both firms and regulators are discovering that a lot of new ways of doing business are being regulated against rulesets written in eras that are long gone. That's a disconnect or gap that firms have to meet and overcome.
Prohibited tool usage was a top issue that arose when reflecting on regulatory actions centered on individuals interacting on tools that weren't approved for business use. This wasn't just a product of the pandemic when employees were working from anywhere, it's also the reality that there are new, more efficient ways of engagement.
Traditionally, financial firms are slower to adopt new technologies because of these rules and regulations. Implementing new technologies is a resource-intensive project, requiring firms to consider how they'll integrate the technology, how they'll review the new communication channel, and whether the costs are justified.
"We're definitely hearing a lot about 'off book' use of various tools and communications platforms," says MacGregor. "Text messaging has long been a source of anguish for compliance officers. Text messaging is certainly something that a lot of employees and customers want to do, and I think that's true for a lot of new platforms. Firms are trying to figure out how they can implement those tools while remaining compliant."
As firms add more of these new technologies, it doesn't matter what medium it is. Business communications are required to be captured, stored and supervised.
Where do we go from here?
How should firms move forward? Is there still a question about whether communications are written or not, per the language of recordkeeping requirements in 17a-4?
"It's certainly something that's still in question, and it's something that firms are still assessing on a platform-by-platform basis. If you're doing a live video, is that written? So, there are so many different steps that need to be taken in any analysis in this area," says MacGregor.
But what if workers are collaborating on a document sharing platform where everyone has access to the same document? Is that communication because they're editing the same document?
"This and digital whiteboarding are examples of a gray area. There was a time when people were arguing that chat was live communication, and therefore not written communication. While that conversation is settled, there's certainly always going to be another technology that's going to come forth and needs more assessing," says MacGregor.
How firms evaluate new tools needs to be different depending on the tool. Email, text, social platforms and collaboration applications are all very different. Where most people are formal and professional in emails, you might see emojis or acronyms in texts and chats.
Review of communications needs to be different, too. Getting a good handle on that can be tough, and it takes time. Firms should be patient with themselves and make sure that they can do that before they dive too far into these great new platforms.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.