Support Learning and Insight

It’s more important than ever to understand the challenges facing financial executives. Support the Financial Education & Research Foundation today.


Younger Workforce Is Driving A Mobile-Compliance Gap

by Robert Cruz

New multi-modal networks are forcing compliance teams to get out ahead of their legacy retention and supervision policies.

©HAKINMHAN/iStock/Getty Images Plus

Members of Generation Z – born from 1996 to 2010 – continue to invigorate the workforce with fresh perspectives and new ideas. They are projected to soon comprise nearly a quarter of the global working population. Much like Millennials who were born from 1979 to 1995, Gen Z brings an updated outlook and technical approach to the job, which is creating new compliance risks for organizations.

Generation Z represents the first cohort of employees who have grown up fully immersed in a digital environment. They cling to their smartphones as an essential way of life and being able to operate in their digital native habitat fosters an expectation for an instantaneous exchange of information and communications. For Gen Z workers to truly embrace their jobs, they are demanding an ability to access the tools that they are comfortable and familiar with – and the tools that they know their client peers prefer.

For all these reasons, prohibiting younger workers from using personal devices and messaging applications to conduct business is no longer a viable option. New multi-modal networks such as integrated voice, video and chats are being requested and approved for use, forcing compliance teams to get out ahead of their legacy retention and supervision policies.

A recent survey of more than 300 compliance professionals in the financial services industry found that organizations must rethink their approaches to the adoption, retention and oversight of electronic communications. The needed strategy should embrace modern electronic communication technologies in the workplace, including personal mobile devices. 

After all, widespread use of personal devices has become the de facto workplace standard. Three-quarters of executives surveyed (75%) now allow employees to use personal mobile devices at work, and that number is steadily increasing each year. On the other hand, nearly half of survey respondents (44%) lacked confidence that their organizations were capturing and archiving all business communications through allowed mobile devices, revealing a troubling hole in their compliance oversight.

In addition, SMS and text messages on mobile devices were the leading source of perceived risk for 77% of survey respondents, followed by collaboration platforms such as Slack, Zoom and Microsoft Teams (36%). Respondents also reported compliance shortfalls due to a lack of archiving and supervision solutions for many allowed popular communication channels such as Instagram (50%) and SMS/text messaging (40%).

The growing adoption of collaboration technologies presents a new dynamic that is interactive and multi-modal, with the ability for colleagues to co-author documents, record conversations, embed virtual assistants, and much more. Both Microsoft and Slack have recently published adoption rates which clearly show that the movement away from email as the primary channel of communications is upon us.

Crossing Over the Collaboration Compliance Gap

What the data specifically calls out is that the adoption of the technology and the evolution of compliance controls are not in sync, which we typically refer to as the compliance gap. There are several reasons for this growing gap. In many cases, IT departments and users are driving the adoption of these tools before compliance, legal, security and privacy teams can properly assess the risks. In addition, users have not been given proper guidelines about how these collaboration tools should or should not be used. For too many, these platforms seem like a benign place to socialize with “chat buddies” versus potentially carrying risks not only for compliance, but also by introducing potential leaks of intellectual property and data that can escape the company with departing employees.

Many firms continue to use tools to meet SEC and FINRA supervisory requirements that were designed over a decade ago for email – not for today’s multi-modal, interactive content. For example, some firms have had to supervise persistent chats with hundreds of participants where activities such as modifying content, or joining/leaving a chat room, could be significant. In short, such unexpected items are hitting review workflows now, and compliance teams are not comfortable with their ability to identify and remediate the risks.

As the trends toward mobility and collaboration further permeate the workforce through Gen X and Millennial workers, the compliance gap will trail further behind the permitted use of these technologies. That’s why implementing modern compliance controls has become so important.

No one should be surprised that nearly everyone is on a mobile phone at this very minute. FINRA provided guidance about this concern way back in 2017. Yet many firms still impose prohibition policies, or they lack effective automated controls. This is a big surprise, because prohibition policies have been shown to be ineffective, and capture and control solutions have been on the market for years. Companies that do not heed this growing threat to their compliance posture are only doing so at their own peril.

Robert Cruz is Vice President of Information Governance Solutions for Smarsh.