Resource Constraints, Social Media Pose Compliance Challenges: Study

A study of compliance practices found companies struggling; many have so little confidence in their ability to supervise social media apps, they don't even try.

compliance challenges

When it comes to financial compliance, communications supervision is more important than ever, but resource constraints present a challenge—and then there are the ever-expanding communications channels that employees are using.

For example, in April, WhatsApp took a page from the Apple playbook and announced that every message sent through its app is protected with "full end-to-end protection."

In its sixth annual Electronic Communications Compliance Survey Report, Smarsh, a provider of hosted archiving solutions for compliance and e-discovery, found compliance professionals concerned about how to keep up, or even perform what was once a basic task: supervising business communications.

In the survey of 221 financial services professionals with direct compliance supervision responsibilities, five key concerns emerged: worries around increased scrutiny and enforcement (42 percent said they've been examined in the last 12 months, up from 27 percent in the 2015 survey), balancing employee privacy considerations with oversight obligations, new communications channels, cyber-threats and insufficient human resources.

Nearly half (48 percent) of respondents said social media is their No. 1 perceived compliance risk. More than 4 in 10 (41 percent in the case of Facebook and 45 percent for Twitter) had little-to-no confidence that they could prevent users from using social media apps.

More than 40 percent allow employees to use LinkedIn and Facebook and have not supervision solutions in place. Likewise, 60 percent allow employees to use messaging for business communications, while nearly 70 percent fail to archive that content.

The largest compliance gap, however, is with messaging apps, found Smarsh.

"A full 39 percent of those who allow but don't archive these messages," said the report, "are waiting for industry regulators to enforce guidance before they will begin archiving text messages."

Smarsh also found patterns based on business size.

Small companies tend to be review materials on an "as needed basis … operating under the premise that simply having a repository of electronic communications is good enough," Smarsh CEO Stephen Marsh wrote in the report. Large firms are more diligent, but tend to look for risk in the wrong places.

"They have long-established surveillance procedures targeted primarily at email that are ineffective at worst and inefficient at best," Marsh added. "Forty percent of respondents believe they have too many or way too many messages flagged for review."

According to the survey, 67 percent of companies with more than 500 employees reviewed messages daily, while only 11 percent of companies with 11 to 50 employees did the same.

The majority (65 percent) of those surveyed said the No. 1 feature they're looking for in a supervision technology is the ability to review materials more efficiently and effectively.

Companies also are looking at using behavioral analytics, relationship mapping, predictive logic and the correlation of data sets and types to find internal risks, Marsh said.

"Many are already using content from their electronic communications archive for other purposes besides compliance and risk management," he said. "New tools will allow firms to get even better value out of their archive. Soon they'll be able to do things like evaluate product quality, customer sentiment, and even measure employee performance.

"To be able to use these innovations now and in the future, though, electronic communications content needs to be available for the machine to learn from. In other words, all electronic communications content needs to be archived. That's the best place to start to address the issues."