Financial services firms face an urgent need to rethink their usual approach to retention and oversight of electronic communications, according to a recent survey.
Last week, Smarsh, a provider of hosted archiving solutions for compliance and rediscovery, released its sixth annual Electronic Communications Compliance Survey Report, which found that compliance processes are buckling under the weight of the volume and variety of today's electronic communications.
"Firms have an immediate need to rethink their traditional approach to the retention and oversight of electronic communications, especially as they aim to demonstrate a culture of compliance," Stephen Marsh, CEO and founder of Smarsh, said in a statement. "Our data illustrates that too many firms are not retaining and supervising different types of electronic communication, and not performing systematic supervision as regularly as necessary. Those that do have established surveillance programs are struggling to find efficiencies under the weight of a growing volume of electronic communication."
Smarsh gathered its data in February and March of this year via a 36-question survey provided to 221 individuals in financial services with direct compliance supervision responsibilities. The respondents were drawn from a wide range of firm sizes and job titles, ranging from C-level management and chief compliance officers to compliance department staff.
Financial firms feeling vulnerable
While many concerns highlighted by respondents have remained consistent over the survey's six-year history — for instance, growing regulatory scrutiny and the challenge of adapting to new communications channels — Smarsh found that supervision practices are still not sufficiently addressing the compliance implications of these trends. The survey revealed that policy, enforcement and retention gaps remain high, leaving firms vulnerable to undetected fraud, errors and regulatory enforcement penalties.
Key findings include the following:
- Social media is the communication channel representing the highest perceived level of risk, cited by 48 percent of respondents. Even in firms that have banned social media channels, the percentage of respondents who have minimal or no confidence that they could prove the prohibition is working ranges from 30 percent for LinkedIn to 41 percent for Facebook and 45 percent for Twitter.
- Text messaging/SMS represents the largest compliance gap. Respondents report no or minimal confidence in the effectiveness of prohibition (38 percent for SMS/text; 44 percent for Apple iMessage).
- Forty percent of survey respondents believe "too many" or "way too many" messages are flagged for their review as part of the supervision process, indicating firms either don't have the resources needed to effectively keep up with reviews, or they see too many false-positive search results.
- Nearly 90 percent of respondents expect the resources (time and/or money) dedicated to electronic message compliance will remain the same or increase only slightly in the next 12 months. Fewer than one-in-ten expect to receive a significant resource increase.
- Twenty-eight percent of respondents cited insufficient budgets as their top concern in 2015, up from 22 percent last year.
Who's supervising this stuff?
"As we analyze data from our own customer base and from the industry through projects including our annual Electronic Communications Compliance survey, a series of conclusions surface that cause concern, individually and collectively. Set against the backdrop of increasing regulatory scrutiny, the conclusions weave a story that becomes downright troubling," Marsh writes in the survey. "To put it bluntly, supervision is broken. (But, it can be fixed)."
Prohibition is ultimately unsustainable because firms need to demonstrate to regulators that the policy is adhered to and enforced, Marsh writes. Many firms, he writes, are taking a 'head-in-the-sand' approach, waiting for regulators to provide more guidance or their peers to receive penalties before they get serious about their oversight responsibilities. That's a ticking time bomb, Marsh writes. Other firms are trying to extend what they've had in place for years for the email channel. But the volume of email continues to grow, and attempting to 'flatten' all electronic content — from social media platforms, file-sharing platforms, text messaging and new messaging applications like Slack — exacerbates that problem while also making it harder to find specific items and understand their context.
"Creating a sustainable, scalable and holistic approach needed for effective electronic communications supervision today can't be done overnight, but it can be done," Marsh writes. "It requires the coordination of the right processes, technology and human capital across stakeholders from IT departments, compliance, legal and marketing units. This upfront work, however, will deliver strong ROI by reducing costs and resource needs while strengthening the effectiveness of supervision to find and address the real risk across all content types."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.