Social Media, Mobile Prove Too Much for Compliance Officers
Compliance professionals are struggling to keep up with the explosion of communications channels, including social media and mobile devices, according to the latest Electronic Communications Compliance Survey Report from Smarsh.
The company’s sixth annual compliance survey reveals that gaps in enforcement, retention and policies remain very high, exposing firms to the risks of undetected fraud, errors and regulatory enforcement actions.
The primary purpose of electronic message supervision is to fulfill regulatory requirements designed to protect investors, such as SEC rule 17a-4, which requires firms to archive electronic business communications in non-rewriteable and non-erasable (WORM) formats for at least three years. In addition to retention, firms are required to perform risk-based review of correspondence and internal communications.
The compliance function must ensure the firm is compliant with these mandates, thereby minimizing the business risks of noncompliance, such as fines, reputational damage and loss of license to operate.
What that means in practice is that compliance professionals need to supervise all types of business communications, even when messages reside on personal devices and social media accounts. Making this a reality, however, presents challenges, and compliance to-date has not kept up with implementing retention and supervision systems for all the communications channels employees use for business.
Key concerns include growing regulatory scrutiny of electronic communications of all types, balancing privacy and compliance, management of the increasing number of communications channels, hackers and a dearth of personnel to meet the compliance burden.
To this last point, 40% of survey respondents believe too many or way too many messages are flagged for their review as part of the supervision process, indicating firms either don’t have the resources needed to effectively keep up with reviews, or they see too many false-positive search results which take up valuable compliance team time.
Nearly 90% of respondents expect the resources (time and/or money) dedicated to electronic message compliance to remain the same, or increase only slightly in the next 12 months. Fewer than one in 10 expect to receive a significant resource increase. Unsurprisingly, this concerns compliance professionals. More than one-fourth of respondents (28%) cited insufficient budgets as a top concern this year, up from 22% last year.
“Firms have an immediate need to rethink their traditional approach to the retention and oversight of electronic communications, especially as they aim to demonstrate a culture of compliance,” said Stephen Marsh, CEO and founder of Smarsh. “Our data illustrates that too many firms are not retaining and supervising different types of electronic communication, and not performing systematic supervision as regularly as necessary. Those that do have established surveillance programs are struggling to find efficiencies under the weight of a growing volume of electronic communication.”
Meanwhile, social media is the communication channel representing the highest perceived level of risk, cited by almost 50% of respondents. Yet more than 40% of firms that enable employees to use LinkedIn and Facebook do not have retention and supervision solutions in place, leaving them vulnerable. This compliance gap is even greater for mobile/text messaging, where almost 70% of firms that allow its use for business fail to archive the content.
Whether new content types are allowed or not, compliance professionals report low confidence that their firm is in full compliance with regulatory requirements for these communications. For instance, almost 60% of respondents from firms that allow text messaging for business communications have little or no confidence in their ability to produce these electronic records within a reasonable time frame.
Photo © Andrey_Popov
Source: Information Security Magazine