US regulators are increasingly looking at companies' oversight of their employees' use of non-official communication methods, like texting and using certain apps
Autumn 2023 saw yet more fines imposed by U.S. regulators for recordkeeping breaches with the firms concerned having failed to stop employees, including those at senior levels, from communicating using unapproved methods, such as messages sent via personal text and WhatsApp. The total monetary penalties imposed in the U.S. is now more than $2.6 billion.
The results of Theta Lake’s 2023/24 Digital Communications Governance, Compliance and Security Report reinforce this continuing regulatory scrutiny, with 78% of professionals surveyed reporting that they expect regulators’ monitoring of communications will increase. The Theta Lake report offers insight into the challenges facing global financial services firms, analyzing the views and independent responses of more than 600 IT and compliance professionals. The report also highlights the need for an updated approach to compliance and security for the unified communications and collaboration tools that have cemented their place into the fabric of the workplace.
“Wall Street institutions do not get to keep regulators in the dark while enjoying all of the benefits of being a regulated entity in U.S. financial markets,” said Commodity Futures Trading Commissioner Christy Goldsmith Romero in an August statement in support of holding banks accountable for widespread use of personal text messaging or Whatsapp to evade regulatory oversight. “Those choosing to participate in U.S. financial markets are on notice — the era of evasive communications practices is over. The CFTC will hold you accountable. It’s time for Wall Street to stop waiting for an enforcement action before it changes its practices. Tone at the top must change on Wall Street. Change can only happen if the banks’ C-suites establish a culture of compliance over evasion.”
Revisiting communications compliance
More than three quarters (77%) of those surveyed in the report said they are revisiting communications compliance. A further 17% said they are planning to, with almost half (45%) deciding on a complete rethink.
Indeed, organizations need modern compliance and security technology to tackle today’s challenges including the need to modernize the capture and control environment while driving firm revenue through staff productivity and compliance efficiencies. Traditional approaches often have inherent gaps and are not able to capture, retain, search, retrieve, and supervise across all communications platforms, which leads to inefficiencies, ineffective compliance, and compliance teams choosing to disable key features that users want and need. That in turn exacerbates the risk of employees adopting unmonitored channels with the increased danger of substantial enforcement actions and fines.
One of the key drivers for the rethink on communications compliance is the persistence of off-channel or unmonitored communications. Two-thirds (68%) of respondents said they have chosen to disable core unified communications and collaboration tools’ features because their existing tools can’t effectively capture them or make them searchable for detecting and reporting risks.
This unfortunately has led to unintended consequences, including the continuing use of unmonitored channels as employees opt to use the most effective communication tools. In fact, 74% of respondents said they thought it was likely that employees are using unmonitored communications channels, up from 66% in 2022.
Modern solutions for digital communications governance provide a seamless approach to compliance, enabling the full use of unified communications and collaboration tools together with increased return on investment, levels of employee engagement, and reduced risk. And that risk includes a significant element of enforcement actions if firms do not heed the lessons from the latest U.S. fines. Clearly, regulatory patience has run out and firms would be very well advised to join those that have already made communications compliance a board-level topic.
“People can use whatever chat rooms or whatever communications channels that they find appropriate, but you have to capture that communication just as you did in earlier technologies and the like,” said Securities and Exchange Commission Chair Gary Gensler, during a fireside chat at a financial industry conference in May.
Into the future
Financial firms and other professional services firms would be wise to consider a revised strategic approach to digital communications governance without delay and certainly before a review is mandated or recommended by regulators. Firms may wish to consider a three-point approach to the challenge:
1. Focus on recordkeeping
Without comprehensive, at-the-source capture of the right data at the right time, it is impossible for firms to reconcile and report on the completeness of their recordkeeping. Everything flows from the upfront native capture and context of all relevant records — whether that be voice, video, emojis, chats, files, emails, or images.
Enabling previously restricted features will not only reduce unmonitored communications by keeping users productive on monitored tools, but it will also improve the required recordkeeping.
2. Search and navigate the records
Once firms have the means for comprehensive recordkeeping across all processes, the ability to search and navigate those records, and the meshed communications within them, becomes both possible and efficient. Existing, disparate recording and archiving tools can neither unify nor provide the required functionality.
3. Conduct AI analysis of records
Ultimately, comprehensive and unified communication records will enable institutions to undertake proactive compliance and supervision; and for that, given the sheer volume of the records, specifically trained artificial intelligence (AI) can help firms detect and remediate risks at scale.
As the Theta Lake report shows, U.S. regulators’ interest in having firms stop their employees from communicating using unapproved methods, such as personal texts and WhatsApp, is likely only to grow. Firms need to get ahead of this problem by embracing a program of proper recordkeeping that includes capture, search, and analysis capabilities.