This article is an excerpt from the Smarsh 2016 Electronic Communications Compliance Survey Report.
This survey of financial firms shows that while many acknowledge the risk, large recordkeeping compliance gaps persist. Learn about the most common compliance gaps and steps you can take to protect your firm by downloading the full report here.
It is the content of the message that determines its status as a business record. Compliance professionals need to supervise all types of business communications, even when messages reside on personal devices and social media accounts. Making this a reality, however, presents challenges, and compliance to-date has not kept up with implementing archiving and supervision systems for all the communications channels employees are allowed to use for business.
While compliance has made some progress to keep pace with these new channels – for instance, companies with policies governing the use of web conferencing platforms rose to 61 percent in 2016, up from 50 percent in 2015 – these gaps are not closing.
Almost half of respondents (48 percent) cited social media as the number one channel of perceived compliance risk. Even when a firm has banned social media channels, risks remain if employees do not adhere to the ban. In fact, the percentage of respondents who claim to have minimal or no confidence that they could prove the policy of prohibition is working ranges from 30 percent for LinkedIn to 41 percent for Facebook and 45 percent for Twitter.
Seventeen percent of respondents who allow but don’t archive social media say archiving will create too much content for compliance to review. Twelve percent say they are waiting to see industry regulators enforce regulatory guidance around this channel. These approaches leave firms exposed to risk of non-compliance findings in the case of an examination.
Despite the ubiquitous nature of text messaging, this communication channel presents the largest compliance gap. Similar to social media, confidence gaps abound for SMS/text messaging.
Respondents report no or minimal confidence in the effectiveness of prohibition: 38 percent for SMS/text messages and 44 percent for Apple iMessage. A full 39 percent of those who allow but don’t archive these messages said they are waiting for industry regulators to enforce guidance before they will begin archiving text messages.
While instant messaging ranked third among the communications channels in perceived compliance risk, the survey data demonstrates that the risks are similar to the top two. Again, respondents have no or minimal confidence in the effectiveness of prohibition: 48 percent for public IM and 45 percent for corporate IM.
Even when allowed, nearly half of companies (44 percent) do not have any archiving or supervision systems for public instant messaging services.
In addition, it is now difficult or impossible to archive communications from many popular consumer IM platforms, because of changes in service. For example, Yahoo recently released a fully redesigned, web-based version of its consumer instant messaging client, Yahoo Messenger. With that release, Yahoo ended support of all prior versions of its Yahoo Messenger client. The new version of Yahoo Messenger can’t be archived for retention and supervision of instant messages.
How can we help!