Our “2020 Survey Report: State of Digital Collaboration and Communication Compliance” provided a great opportunity to understand how firms are thinking about compliance readiness and the risks relating to emerging video and collaboration platforms. In this blog post, we’ll examine some of the results and make a few recommendations for compliance officers grappling with the practical consequences of the increasing use of video and collaboration applications.
Increasing Use of Video
Based on our results, 90% of organizations are using video as part of their collaboration platforms. This is a pretty staggering statistic, which essentially means that, regardless of your size, geography, or business mix, video is an essential component of the way you do business. This was borne out by the fact that the top three use cases for video were client advisory and sales, customer service, and sales and marketing. Every part of your organization is using video, so understanding how it is used and the regulatory and security requirements for its use are critical.
are using video as
part of their
Compliance Preparedness Lacking
The regulatory focus on compliance requirements for video and collaboration have increased significantly over the last year. While we found that the overwhelming majority (75%) of respondents know that compliance and security are core to digital transformation initiatives, 81% of participants either don’t understand or only partially understand the regulatory requirements for digital transformation.
FINRA included digital communications in its 2019 Exam Findings and Observations as well as in its 2020 Exam Priorities, clarifying that video and collaboration platforms are subject to the capture, retention, and supervision mandates associated with other electronic messaging platforms. Additionally, compliance requirements under the SEC’s Regulation Best Interest will have broad implications for the ways that financial professionals communicate with clients. Look no further than the SEC’s recent FAQs and their example of a financial professional engaging in a conversation with a customer on the golf course. Of that informal conversation, the SEC stated if “you engage in a communication with a retail customer that rises to the level of a “recommendation,” whether in the context of a “hire me” conversation or otherwise, the recommendation will be subject to Regulation Best Interest.”
The “always-on” nature of modern client engagement means that quick Zoom or Webex meetings about market updates as well as casual client interactions at baseball games will have meaningful compliance and oversight implications. Emerging regulatory requirements like the Senior Managers and Certification Regime and the PRIIP regulation coupled with over $150 million in fines for communication supervision failures in 2019 suggest that failing to have a proactive approach to compliance in place is increasingly indefensible.
Search and Retrieval Challenges
Compliance challenges are further complicated by overlapping e-discovery and privacy mandates. We asked participants about their ability to search and retrieve video content and found that 55% of respondents said it would be impossible, difficult, or take a time-consuming manual search to locate and retrieve video content. Skyrocketing volumes of video and collaboration data pose meaningful challenges to the legal, compliance, and risk teams responsible for analyzing that information for examination, investigation and litigation purposes.
Use Modern Compliance Technology
Given an active regulatory focus, firms must implement technologies to manage compliance and supervision requirements for collaboration and video platforms. Firms should ask themselves the following questions:
Can you capture and archive, consistent with SEC Rule 17a-4, all of the video, audio, chat, and file transfer content from platforms like Zoom, Microsoft Teams, Cisco Webex, and other collaboration applications?
Do your compliance tools facilitate quick, consistent identification of risks in content shared through a webcam or whiteboarding session?
Are you able to identify conduct violations such as statements that could be considered misleading under FINRA Rule 2210, whether investment advice might be improper according to Reg BI, or if disclaimers and disclosures do not meet FINRA standards?
Can you track what was spoken shown, or shared across platforms as users move from collaboration to chat to phone?
These questions are daunting, but your firm must confront them and design a compliance program tailored to your size, scope, and IT footprint, so that when regulators ask, you are ready with credible responses.
Firms must identify smart technologies purpose-built for modern collaboration platforms that include the ability to capture, retain, and supervise native features like video, audio, whiteboarding, chat, and file transfers. When assessing solutions, selecting tools that leverage AI and machine learning to detect risks across dynamic video and audio content as well as text exchanges is critical. If firms neglect these new collaboration capabilities when developing their compliance strategies, they will be stuck trying to retrofit legacy email-based archiving and supervision platforms to accommodate video, voice and other new content types.
If history is any guide, attempting to transpose video and audio content into email format and use basic search lexicons for e-discovery and investigation purposes will not succeed. A tortured compliance approach rooted in email-based techniques ignores the critical context in collaboration communications, and dooms any attempts to produce, review, and supervise such content.
Firms must adopt new archiving and supervision systems that capture and preserve modern collaboration data in its native format with the ability to view, listen, watch, and search across those mediums. Moreover, compliance tools should enable searches for logos, weapons, faces, or concepts to provide real value. Leveraging new compliance technologies will facilitate more efficient and effective oversight and demonstrate to regulators that you have deployed sophisticated tools to meet both the spirit and letter of their directives.
say it's difficult or time-consuming to locate & retrieve video content.
”When assessing solutions, selecting tools that leverage AI and machine learning to detect risks across video and audio content is critical.Theta Lake2020 Survey Report: State of Digital Collaboration and Communication Compliance
Take a Calculated, Risk-Based Approach to Implementation
After selecting an archiving and supervision technology, focus on implementation. Perhaps select a single collaboration platform to roll out in the near term and deploy your new compliance technologies to support it. In the alternative, or as a supplement, identify high-risk users in your organization, or target financial professionals with client-facing roles as an initial focus.
Finally, choose the platforms and the types of content you want to archive and supervise. Parsing and reviewing a majority of high risk content and a smaller percentage of low risk content is one way to drive efficient oversight. Regardless of how you ultimately structure your implementation strategy, make sure that compliance tools can accommodate different workflows, content types, and risk profiles for maximum flexibility and effectiveness.
Improve Data Leakage Prevention Practices
In addition to traditional capture, retention and supervision concerns, compliance teams must also consider the data leakage risks associated with these new modes of communication and ensure that technical controls can be deployed to monitor and detect the exfiltration or loss of sensitive client or firm information. FINRA and the SEC highlighted DLP and cybersecurity as focus areas for 2020 exams, and the unique risks posed by collaboration tools must be top of mind for compliance and information security teams.
Whether you want to ensure that client or firm confidential information is not being shared inappropriately over a webcam or screen share, or monitor voice conversations during a pre-IPO quiet period, using tools that provide transparency into these risks is essential. As we emphasized above, leveraging compliance applications purpose built to detect potential risks in collaboration content is key.