Mobile Comms Throw a Monkey Wrench into Compliance
As the electronic communications landscape becomes more complex and scrutinized, a significant number of firms are facing compliance gaps, especially when it comes to mobile.
That’s according to Smarsh’s seventh annual Electronic Communications Compliance Survey Report, which found that retention and oversight initiatives are suffering from challenges relating to proliferating complexity.
In fact, mobile devices and non-email communications channels, such as text messaging, account for two of respondents’ top three overall e-communications compliance concerns. Not only were each of these concerns identified by at least half of survey respondents, but the%ages jumped significantly from 2016.
With mobile devices in the hands of nearly every employee these days, mobile communications are top of mind with compliance professionals. Forty-two% of survey respondents reported that employees requested to use text/SMS messaging for business purposes—the most requested channel for business use by employees, doubling from 2016.
More than half of respondents (52%) identified text/SMS messaging as the type of non-email content that poses the greatest compliance risk to their organization. These concerns are validated by gaps in compliance practices and confidence when it comes to mobile communications. Among the firms that allow text/SMS messaging, almost half (48%) do not have a solution for retention and oversight in place.
Other concerns surrounding retention and oversight include social media (33%), instant messaging (8%) and website content (7%).
That’s a big issue given the fact that requests for content during regulatory examinations are growing in scope and diversity, the report found. While more than 90% of firms examined in the last year reported having to produce email, more than half had to produce website content, and requests for content from social media sites including LinkedIn, Twitter and Facebook are on the rise.
“Firms need to leverage new and emerging channels to communicate with their customers and stay competitive, but they’re failing to manage the risk,” said Stephen Marsh, CEO and founder of Smarsh. “We know the outright prohibition of new communications channels simply doesn’t work. Many of the firms that have been fined had policies that attempted to prohibit the communication channel in question. Those that are most successful in managing risk are re-balancing their supervision portfolio, and strategically leveraging technology to identify risk in text messages, social media and instant messaging, in addition to email.”
Gaps in retention and supervision programs have substantial consequences. FINRA reported 99 books and records cases in 2016, resulting in $22.5 million in fines. Compared to 2015, that represents a 423% increase in fines.
On the plus side, while regulatory requirements are often the primary driver for archiving and supervision, 88% of respondents recognize electronic communications data can also help identify risks to the organization. More than half of respondents (59%) confirm that their organization uses this data to identify fraudulent activity, among other purposes, such as supporting e-discovery and HR issues, and detecting market abuse.
Source: Information Security Magazine