Government Controllers Speak

Discover how government controllers are leading the state and federal governments out of the pandemic in FEI's ForwardThinking Q2 Series.

Compliance

Prohibition is Not Prevention: Digging Deeper on Electronic Communications Compliance


by Mike Pagani

Financial firms doing business with Millennials and Gen Zers must manage the inherent risks that accompany the newer, more agile non-email channels to remain compliant with regulations.

©ViewApart/ISTOCK/THINKSTOCK

Next time you’re in the office, take a look around. More than one third of the U.S. workforce is made up of the Millennial Generation — as of 2016, they are the largest age-based cohort of employees and job seekers. That’s 56 million individuals aged 21-36 (2017). Add another 53 million (mostly) tech-savvy Gen Xers, and you can quickly get a sense of the profound and sweeping potential compliance impacts caused by their communication styles, preferences and channels of choice – a massive shift from those of older generations.

A recent survey found that 75 percent of Millennials and Gen Zers (the next youngest cohort) prefer to text rather than talk to people on the phone or in person. They are intolerant of time-consuming processes, avoid live phone calls, and will routinely give up on companies that don’t respond to their inquiries within 10 minutes or less. Financial firms doing business with these age groups — not to mention clients of all ages who love the convenience of digital conversations — must find a way to accommodate this expanding cultural dynamic while managing the inherent risks that accompany the newer, more agile non-email channels to remain compliant with regulations.

No matter what you do, it’s important to have a formal policy prohibiting the use of certain electronic communications channels and to communicate it clearly to your employees. Documented employee attestation and acknowledgement of the policy won’t prevent all potential regulatory violations, but it does help to protect the company. In the event that someone knowingly flouts the policy, they will be held individually liable for any penalties levied by FINRA or the SEC. However, the policy is just the beginning of the organization’s oversight responsibility, and accounts for only one piece of the compliant client communications puzzle.

Per regulations, all financial firms must reliably retain and adequately supervise the use of all methods of electronic communications their employees use to conduct firm business, both externally and internally. They must be prepared to: first, produce specific messages on demand should the regulator request them as part of an annual examination or unscheduled audit; second, demonstrate the methods with which they retain and supervise the communications for potential violations; and third, report what actions, if any, are taken when non-compliance is discovered.

If an employee is using a channel that is unsupervised and not being retained, their actions expose the firm to more than the risk of a compliance violation. What if the messages contain customer-specific data that includes personally identifiable information (PII) and a security breach occurs? What if the messages contain firm-specific details that compromise the firm’s reputation and break trust with clients? What if the out-of-bounds messages refer to other messages that are supervised on proper channels, thereby exposing a gap in the firm’s supervision systems, workflows and governance? Obviously, none of these issues are prevented by the existence of a prohibition policy — they aren’t even mitigated to any meaningful extent when employees ignore the policy – and they do.

Beyond potential violations and resulting fines, perhaps the most impactful shortcoming related to prohibition policies is the negative impact to employee productivity and client relations. Firm competitiveness is often compromised as a result of choosing to say no to the use of productivity-enhancing communications channels like SMS text messaging, social media (LinkedIn, Twitter, etc.) and internal collaboration platforms like Slack, Microsoft Teams and others. Ask any financial advisor how comfortable they are about growing numbers of clients sending them text messages to which they must reply “I am only allowed to communicate with you via email”.

The best option is to adopt the use of a comprehensive archiving platform that supports the reliable capture, retention, supervision and speedy retrieval of messages for communications channels beyond email. Your clients and employees want to use apps and text messaging for the obvious benefits they provide in terms of efficiency and reach, and with the comprehensive archiving technology available today you can accommodate their preferences while reducing risk. Of course, the use of channels that cannot be archived and governed properly (e.g., Snapchat, Confide, etc.) should still be prohibited by policy, but many can be safely adopted and leveraged for the business benefits they provide. Proactively implementing the proper systems and allowing the compliant adoption of mainstream electronic business channels will protect your firm much better than prohibitive policies that are routinely ignored anyway.

At this point, smartphones and text messaging have been a full-scale, worldwide phenomenon for more than a decade. It’s past time to incorporate your client’s digital communications preferences into your firm’s policies and governance processes. Simply put, no one under the age of 35 will be in favor of your decision to disallow text messaging, and most people over 35 would rather have the ability to use it as a valuable business tool too. Look at it this way — no one would lobby for arranging financial transactions without the use of Internet-connected computers because a data breach is possible. But when you tell a client you aren’t allowed to text them back and they have to switch the conversation to email, you may sound just as unreasonable. More to the point, if your client or potential client is aware of firms that have implemented comprehensive archiving solutions and allow the compliant use of the channels they desire, they may very likely decide your firm isn’t interested enough in doing what’s necessary to win and retain their business.

The digital communications revolution is only beginning to take flight — as mobile phones, tablets, wearables, homes, cars, and workplaces become increasingly smart and interconnected via IoT and automation, the adoption of new and converging channels will surely multiply. Companies that put solutions in place to safely enable their customers’ preferences and the workforce that serves them, the better they will be prepared for the next killer digital communications app — and for Gen Z and what lies beyond.

 

Mike Pagani is the Senior Director of Product Marketing and Chief Evangelist at Smarsh.