The status quo shifts frequently in compliance, and firms would be smart to equip themselves with a solution that can adapt with it.
By Harriet Christie, Chief Operating Officer, MirrorWeb
The Securities Exchange Commission’s (SEC’s) primary function is to protect investors, by drafting and enforcing regulations which hold firms accountable for their actions. One fundamental example of this is that all interactions between brokers and investors must be scrutinized, to ensure no wrongdoing.
The prevalence of digital communications in the modern world has prompted a regulatory overhaul, and since September 2022, the SEC has expanded record-keeping requirements significantly. Two of their standout actions are listed below.
i) Rolling out a new marketing rule, which has fundamentally altered which communications must be captured by regulated firms.
ii) Alongside the Financial Industry Regulation Authority (FINRA) and Commodities Futures Trading commission (CTFC), administering billions of dollars worth of penalties in an industry-wide crackdown on the illicit use of mobile devices.
As a result of this activity, compliance has taken center stage. Communications surveillance platforms are now less of an insurance policy and more of a mandatory requirement. More than ever, the compliance function directly impacts staff behaviors, and so its implementation will affect the entire organization it serves, rather than just the compliance team. It’s no longer just a box to be ticked.
We’ll take a deep dive into the critical roles within any organization, and how they influence a buying decision for monitoring and surveillance vendors.
CHIEF FINANCIAL OFFICER
Cost-effectiveness
As with every product or service that the firm uses, cost is a major consideration for the CFO. Compliance can be a costly business, and mitigating as much risk around non-compliance will be forefront for the CFO. Assuming value from any potential vendors will also be critical, meaning priorities will lean towards competitively priced offerings.
Transparent fees
When considering service agreements, it’s important to understand that ‘hidden’ fees are common in the surveillance sector. Firms may be billed additionally for platform training, for example, a feature which could reasonably be expected to be included in the cost of service.
The SEC Rule 17a-4 mandates that records of business communications must be maintained for 6 years. In order to achieve this, firms may be charged data export fees when they leave their surveillance vendor. This ties users into the working relationship indefinitely, as the export fees can be extremely costly, as it’s generally based on the volume of data.
Hidden fees make budgeting very difficult as the CFO can never be certain what’s around the corner, or what’s waiting at the end of the contract.
Modern Platform Capture
As mentioned, the SEC and CTFC issued over $2 billion worth of penalties last September over the unauthorized use of WhatsApp across the industry. Any CFO will be keen to keep their firm out of the financial firing line, so while there is greater cost in monitoring additional channels (WhatsApp, Telegram), they may deem it worthwhile for full peace of mind.
Regulators take time to legislate for new forms of misconduct, but have shown a willingness to issue retrospective penalties once they have done so. From SMS to WhatsApp, iMessage, WeChat and Telegram, the list of different (largely mobile) corporate channels has grown as digital platforms have proliferated. Partial compliance is just another phrase for noncompliance, and so it would make sense for the CFO to support their COO in capturing as many of these channels as possible, to avoid any nasty surprises in the future.
Evolving capture capabilities
The CFO should look for a vendor that is able to react quickly to develop their product and evolve with regulatory demand. Some leading providers are built on antiquated systems and require longer product development cycles, which could have damaging financial repercussions.
CHIEF OPERATING OFFICER
Minimal restrictions
For any business, communicating on their clients’ terms gives a competitive advantage. By limiting the number of authorized channels that brokers can use, it may mean binding them to a platform which a client or prospect is not comfortable with using. Deals come down to making people’s lives easier, and a COO will know that the less restrictions they impose, the better. For example, SMS is the preferred avenue of brand communication for 48% of consumers. Email is the next highest, with just 24%.
It’s not only about making consumers happy; the COO can optimize efficiency by enabling brokers to operate compliantly, whatever their preferred channel of communication may be.
Finger on the pulse
Capturing many platforms is not just about regulatory cover. There’s a reputational risk if firms can’t capture modern platforms, as they won’t engage tech-savvy prospects. The COO will recognize that a conservative approach is not sustainable in the current digital landscape, and should look for adaptability and modern platform capture in their solution.
Native Threading
Native threading should also feature on the COO’s wishlist, as once again, the less habits need refining, the more efficient the compliance process will be. In the communications surveillance sector, frustration has intensified around messages not being displayed in their native format, making compliance reviews confusing and time-consuming. By reviewing content in the format they recognize, they’ll save time and speed up the entire operation.
Actionable Insights
The insights from archived data are valuable business drivers. While all vendors will provide this information to a certain extent, one key differentiator is the quality of website capture. Website performance can be best evaluated and experienced through ‘replay’ – the ability to access an interactive version of the website as it appeared at the time of capture.
This is more effective than the relatively disjointed process of analyzing screenshots, as it gives a more authentic feel for the user journey. It is more appealing to regulators too, for the same reason. As a result, the COO should only settle for full replay capabilities in order to better understand their customers.
Customer Service
Communications surveillance software is technical, and as its capabilities expand, its implementation across a wider team becomes more complicated. This is often difficult with older, less digitally-adept employees, and so a reputation for prompt, effective training and customer service is extremely valuable. This should be a key consideration for the COO, to avoid damaging bottlenecks.
LEGAL DEPARTMENT
Marketing rule compliance
Ideally, the surveillance solution will capture all digital channels in order to comply with the new SEC Marketing Rule, which is mandatory. By capturing everything, from Slack to email, websites and social media, the legal department won’t need to worry about the implications of digital ‘advertisements’ being missed.
Mobicomms compliance
We have already discussed the huge fines issued across financial services in the past year, for the improper use of mobile messaging apps. The legal department will need to consider that even if a compliance risk is identified and certain channels are banned, they could still be used, unauthorized, by employees that have come to rely on their convenience. It is therefore in the legal team’s interest to capture as many platforms as possible.
Furthermore, if a solution can be implemented which separates business and private communications on personal (BYOD) devices, this would certainly be worth exploring as an additional layer of protection.
Full-Text Search
When a legal hold (or litigation hold) is activated during the process of eDiscovery, the organization in question can suddenly be compelled to produce six years worth of electronic records. Archived content can be used to support such situations, and it’s extremely useful if the accumulated data is easily searchable, so the legal department can pinpoint the appropriate sections without rooting through vast swathes of data. Searchability is therefore a very valuable feature, and one that legal teams will depend on.
Evolving capture capabilities
Legal monitoring takes up a large chunk of the legal team’s day to day workload. It’s important that the solution they select is able to pivot quickly and adapt in the transitory compliance landscape, which they will be pushing to keep pace with.
CHIEF TECHNOLOGY OFFICER
A future-proof solution
The CTO is likely to favor a vendor that is in tune with modern communications channels. This means less limitations, greater adaptability, and simpler integrations with any wider tech projects. Even if the firm is not currently using a full suite of modern platforms, the wider surveillance capability is useful should they wish to expand their communications channels in the future.
Onboarding
While the CTO will be technically-minded, they’ll benefit from a vendor that leads on onboarding, ensuring that everything is in place for a smooth transition while project-managing the vital (and sensitive) process of data migration. Poor response times and connection difficulties should be avoided, so it’s worth conducting some research to ensure no time is wasted.
Certification
Data surveillance is a complex procedure, fraught with technical and legal considerations. The CTO will need peace of mind that their company data is being handled appropriately in a reliable, robust, platform. Appropriate ISO & SOC certifications and listings with the relevant authorities (such as the FINRA Compliance Vendor Directory) should provide reassurance.
THE GREATER GOOD
There are clearly myriad factors when considering a communications surveillance vendor. Success looks different in every role, and so different features provide different benefits to different stakeholders.
Many of these details are intrinsically linked. Technological shortcomings could eventually have legal repercussions, which will in turn impact the firm’s finances, and so on. Businesses should therefore strive to choose a solution that has the best holistic impact on your organization, keeping them out of the headlines while having minimal impact on employees’ day to day behavior.
Most importantly, they should do their research. The status quo shifts frequently in the compliance landscape, and it would be smart to equip themselves with a solution that can adapt with it.