Corporate Compliance Insights: Collaboration Compliance During a Crisis

Considerations for Using Collaboration Tools Like Zoom and Webex

In the midst of the COVID-19 pandemic, many financial services firms are implementing work from home policies using collaboration tools. Theta Lake’s Marc Gilman provides background on regulatory responses and requirements, as well as practical advice about compliance considerations.

In the wake of the COVID-19 pandemic, many financial services firms are implementing work from home policies using collaboration tools. Theta Lake’s Marc Gilman provides background on regulatory responses and requirements, as well as practical advice about compliance considerations.

As individuals and organizations aggressively invoke business continuity plans in the wake of coronavirus, a rapid uptick in the use of collaboration platforms like Zoom and Cisco Webex are helping to connect employees and support remote working environments. In fact, Cisco, LogMeIn, RingCentral and others are offering free trials and resources to proactively support employees who are shifting to work-from-home arrangements.

Moreover, several banks, including HSBC and JPMorgan Chase, are publicly discussing migrations to remote working setups and moving directly to collaboration platforms for client communication and support purposes, acknowledging that the ability to be nimble and flexible is critical.

At the same time, the rapid expansion in the use of video collaboration platforms cannot come at the expense of compliance requirements and standards. Based on a recent Theta Lake Survey, 90 percent of financial services and insurance firms are using video tools in their organization. FINRA as well as the SEC, NFA and FFIEC all issued guidance about responding to coronavirus discussing the support of continuing business functions and considerations for possible rule exemptions in certain cases. In the U.K., the FCA released a statement on COVID-19 to remind firms to maintain their recordkeeping and recording standards in remote work scenarios.

Financial institutions must maintain compliance as collaboration platform usage skyrockets, even though the circumstance driving the exponential usage will, in due course, dissipate. In this article, we’ll first discuss collaboration risks and then, how regtech tools can facilitate use and oversight of collaboration applications to promote a fast, adaptable and connected workforce during a crisis.

Collaboration Platform Risks

The power and convenience of collaboration tools and their benefit during times of crisis, when face-to-face meetings are impossible, is that they facilitate robust video and voice calling and conference capabilities, as well as file-sharing, chat, webcam and whiteboarding functionalities. In practice, this means the ability to easily start up any type of a communication where a routine client check-in can lead to the distribution of a prospectus, brainstorming a new investment strategy on whiteboards and the recommendation to purchase a particular product. In a remote working scenario, these features can thankfully replace the majority of electronic and in-person meetings while supporting team connectedness in a comprehensive manner.

These necessary and helpful of communication capabilities don’t mean compliance and risk management can lapse or be ignored, particularly in light of regulators’ guidance around the coronavirus response. Collaboration features make interactions powerful, meaningful replacements for in-person meetings, but also pose challenges for financial services firms who must abide by strict rules around investment recommendations, recordkeeping, cybersecurity and supervision. As a result, leveraging collaboration platforms for business continuity purposes must be handled carefully. Each feature must be analyzed individually to determine if its use has an implication for the oversight or conduct obligations. It’s absolutely clear that collaboration tools can offer critical capabilities during a crisis, but firms must ensure that they can meet compliance requirements before including them as part of a business continuity strategy.

Regulatory Response to COVID-19 and Collaboration Compliance Requirements

FINRA issued clear collaboration compliance requirements in 2019’s Report on Examination Findings and Observations, stating that these platforms are subject to the same capture, retention and supervision requirements as other digital communications channels, such as email and social media. As a result, the SEC’s Rule 17a-4 mandates around the capture and retention of communications relating to the “business as such” of broker-dealers apply to collaboration content as well.

Additionally, firms must supervise business communications from collaboration platforms in a manner consistent with FINRA Rule 3110. FINRA included digital communications in its 2020 Risk Monitoring and Examination Priorities Letter, which puts firms on notice that its policies, procedures and technologies for managing collaboration compliance will be thoroughly reviewed this year.

Given the increased use of collaboration tools as a result of the coronavirus response, firms must have nuanced compliance programs designed to meet regulatory requirements for their use. As Kenneth Bentsen, President and CEO of SIFMA, said during a recent Bloomberg TV interview, firms should “be as ready as you can possibly be” when the moment comes to make tough decisions about invoking redundancy and continuity plans.

Using Regtech for Collaboration Compliance

Whether it is the ability to detect the transmission of Form CRS for Reg BI purposes, identify statements that would be considered false or misleading under FCA or FINRA rules or determine if an appropriate firm-specific disclaimer has been included during a conference, transparency into collaboration communications is key for demonstrating compliance and empowering employees to use these tools.

As a first step, your firm needs to decide on a collaboration platform to use during a business continuity event. Ensuring that employees have access to corporate-issued accounts on Zoom, Microsoft Teams, RingCentral, Cisco Webex or another platform is essential. Given applicable regulatory mandates, firms will not want employees to use personal accounts or other non-approved applications for business communications, as they cannot apply the necessary compliance controls to those systems.

Next, firms must choose regtech tools purpose-built for collaboration that can capture dynamic content and store it in a 17a-4-compliant electronic archive. Employees will likely use the full breadth of collaboration features (whiteboarding, webcams, chat and video, etc.), and being able to archive and subsequently search through the content will be essential for examination, investigation and litigation purposes.

Finally, regtech tools must facilitate the supervision of communications that occur over a firm’s chosen collaboration platform. Regtech applications must leverage AI and machine learning to pinpoint regulatory and information security risks across the spoken, shown and shared content for more efficient and effective reviews. Modern tool sets relying on basic word searches of transcripts for oversight ignore key visual cues and place an over-reliance on transcript accuracy. Attempting to supervise collaboration data in the same manner as legacy email review platforms simply will not work.

Conclusion

When traditional modes of living and working are disrupted, thoughtful research and preparation are key to navigating uncertainty. This applies whether relating to daily commuting routines or regulatory strategy. From a compliance perspective, knowing your firm’s collaboration tools, synthesizing relevant regulatory requirements and deploying regtech tools purpose-built to enable compliance and productivity will benefit your business and state of mind.