It wasn’t that long ago that social media and instant messaging were totally verboten. Financial services professionals fretted that the absolute ban on these speedy forms of digital communications hamstrung their ability to communicate with clients, and, more importantly, to bring in the business.
Well…total bans on instant messaging and social media are history now…but not the headaches they cause compliance officers, who now have the added burden of detecting misconduct in real time.
Record retention on steroids
More than ever, registered investment advisors (RIAs), broker-dealers, futures commission merchants (FCMs) or others operating in the Sarbanes-Oxley influenced financial wild west, are glued to their smartphones and tablets, tapping, trading, emailing, texting all day long. How is a chief compliance officer ever going to keep up? Especially when new digital outlets and tools, many as yet unimagined, continue to come online?
Buried but unbowed?
In the e-Book “Mounting a Defense Against Digital Media” published jointly by Compliance Week and SAU Global, the article “Detecting Misconduct in Real-Time,” posits that “the ubiquity of these modern communication tools and their eventual embrace by financial firms has validated initial concerns” that there will be holes and breaches in even the best-laid plans for compliance and security. “If you want proof,” the article went on, “read the chat logs of individuals caught in the…rate-rigging scandals for LIBOR and foreign exchange.”
So…bad actors will continue to…act badly. And the regulatory agencies will continue their demand that internal compliance professionals find and report them. The issue, however, is not so much archiving and retrieving messages (although the size and scope of digital communications is daunting), it is monitoring chats in real time and expanding oversight to the growing number of new tools your firm members are using to communicate…instantly.
Can a winking emoticon be a secret message?
Following a trail of chat evidence to support a case is one thing. That’s kind of like locking the barn door after the you-know-what has left. Increasingly compliance officers are relying on technology and human oversight to manage risk. Notice a change in a trader’s behavior…red flag and then launch surveillance. To try to decipher every potential code word for every member of every office would likely require National Security Agency-caliber systems.
That doesn’t mean ignorance is bliss
You are responsible, ultimately. So be smart. Have good written supervisory policies procedures in place. Make sure everyone knows they exist. Track, review, manage and archive all your electronic communications. Then focus. Segment and prioritize who you should be tracking (remember the suddenly oddly-acting trader?) and establish how deeply into their digital world you plan to go.
Stuff happens. And when it does, you can count on the Securities and Exchange Commission, Financial Industry Regulatory Authority, or other regulatory bodies to come knocking on your door.
Don’t be that firm. You know, as a Broker-Dealer, RIA, or FCM, you and your compliance team must create, implement, maintain, confirm, and review written supervisory policies and procedures and oversee electronic communications to ensure regulatory compliance, reduce reputational exposure and avoid related financial consequences.
As a compliance professional, you know regulatory compliance requirements are getting more all-consuming and that complying can often feels like an undertaking without end. If your compliance function is under pressure to do more with less, what are the options?