Content based on the webinar: Compliance Quick Hits – Collaboration Tools in 20 Mins by Elin Cherry, CEO, Elinphant, LLC and Tiffany Magri, Regulatory Compliance Advisor, Smarsh.
In a modern, hybrid-workplace where many employees now work remotely, collaboration technologies — like Microsoft Teams, Slack, and Zoom — have become a central part of business communications. From a compliance standpoint, financial services firms must ensure such communications satisfy their books and records and supervisory obligations. Failure to meet regulatory requirements will result in penalties that can hurt the business’s finances and reputation.
In our recent webinar, Compliance Quick Hits – Collaboration Tools in 20 Mins, our industry experts discussed:
- How regulatory requirements apply to collaboration technologies
- Spotting and addressing common compliance pitfalls
- Best practices for implementing supervisory controls over collaboration technologies
Below is a summary of critical points from our discussion.
The Adviser Act Rule 204-2 is the main rule that requires registered investment advisers to maintain and preserve books and records, including the many types of records that apply to collaboration technologies—like video conferencing, file sharing, and chat messaging. U.S. Securities and Exchange Commission (SEC) Rule 17a-4 lays out additional requirements for how electronic records must be maintained and preserved.
Thus, when firms use collaboration tools, a key consideration is what books and records to save from a compliance standpoint. “The answer isn’t black and white about whether all video calls need to be recorded and saved as books and records,” said Elin Cherry, founder and CEO of Elinphant, a financial compliance consulting firm.
As technology evolves, so do regulators’ interpretations of what constitutes a record. A decision that may have felt relatively conservative to a firm a couple of years ago might not be a conservative decision going forward. “It’s important to continually reassess whether to broaden what the firm currently keeps as books and records,” Cherry said, “Or whether the firm needs to broaden its supervisory practices.”
Compliance pitfalls and solutions
Define business records
By their very design, collaboration technologies enable multimodal conversations and features, including email, video files, text messages and more. Because firms can use these tools in various ways, businesses must look at all the features and then define which features in the collaboration tools are business records that need to be stored.
One potential compliance pitfall of collaboration technologies is failing to define which communications need to be captured from a books and records standpoint. A business must establish these definitions to lay the groundwork for policies and practices.
Develop policies and procedures
Once upon a time, firms used to be able to write their policies and procedures more broadly. By doing so, they “didn’t have to be updated quite as often, maybe just annually,” said Tiffany Magri, a senior regulatory advisor at Smarsh. That’s no longer the case. “I don’t think you can get by with general policies and procedures for communication anymore,” she said.
Policies and procedures should be strategic, allowing businesses to operate efficiently while maintaining regulatory compliance to avoid disruption and fines. “I would caution, when going through policies and procedures, make sure that they are customized to each collaboration platform,” Magri added. “How are you documenting that? How are you supervising those?” The key is to understand the use of your different platforms thoroughly.
Stay apprised of new features
New features or updates are often added to these collaboration technologies unbeknownst to the firm. It’s critical to stay on top of any recent updates. Staying apprised of new features or updates can help the firm ensure it remains compliant with its obligations and avoids falling into hot water. Cherry recommended one way to achieve compliance may be to have the chief compliance officer or a key IT team member review the collaboration features regularly.
Sit back and observe
Another best practice is for the compliance officer to sit with back-office employees occasionally and ask them what features they use within the collaboration tools. Cherry advises compliance officers have employees demonstrate how they use it, and to do this with a sample of people across the firm.
Compliance officers may be surprised about what they learn. “I think you’ve got less than a perfect net if all you’re doing is sampling what’s being captured,” Cherry said.
When training, don’t just train the back-office employees and IT. Everyone is connected to compliance. Be sure to also train those responsible for onboarding new vendors. When a new vendor is onboarded, for example, they should know when and how to contact the compliance department to determine whether that needs to be captured from a books and records and supervisory standpoint.
Perform ongoing e-communication risk assessments
Perform ongoing e-communication risk assessments on how employees and the firm use these collaboration technologies. Magri recommended reviewing technology features quarterly rather than annually because even if certain features are turned off, they can easily be turned back on — knowingly or unknowingly — by an employee or through an application update or system error.
Also, be sure to conduct risk assessments on the technology features and how employees communicate with one another — and what’s being communicated. For example, emojis in emails and text messages have become a growing enforcement risk in recent years, opening firms up to charges from the SEC for securities law violations. Careful and thorough supervision is imperative to staying ahead of risk.
Expand the scope of oversight
If the firm has all the communications data it needs to satisfy books and records requirements, another best practice is to think about how the firm can analyze that data to identify other types of potential compliance risks that could be lurking. Taking advantage of that and thinking outside of just compliance, you can add more value to your program.
FEATURED SESSION: Compliance Quick Hits – Collaboration Tools in 20 minutes
Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. Smarsh provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.
Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Need A Regulatory Marketing Compliance Consultant? A Bit More About Us
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.
We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…
Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.