The volume of data associated with communications in the financial services sector has exploded in recent years. But as firms allow communication to take place across more channels, a recent survey from Smarsh finds compliance efforts are not keeping pace.
Nearly one-third (32%) of firms that allow business communication through employees’ personal social media accounts do not have supervision or social media archiving solutions in place to monitor those messages. The compliance gap doubles to 64% when it comes to text messages – even as regulations call for the timely capture and production of e-communications upon request.
“You’ve got advisors and brokers communicating with their customers and communicating with business partners in the office all over text messaging because it is easy and its everywhere. The problem is most organizations don’t have the means to capture, archive or reproduce those communications,’ explains Smarsh founder and CEO Stephen Marsh. “Out of all the questions the survey asks and all the different aspects of compliance gaps, text messaging is the biggest risk area for many firms.”
These compliance gaps and other industry trends are highlighted in the Smarsh 2015 Electronic Communications Compliance Survey.
Why do these compliance gaps exist?
Managing e-communications has become more complex and firms are utilizing tools and protocols to manage these growing pains in different ways. Nevertheless, firms are failing to delivery requested information to regulators in a timely manner. The three most commonly cited reasons were:
- Difficulty in searching across multiple applications and locations – 46%
- Lack of familiarity with the necessary technologies – 45%
- Inadequate staffing resources – 39%
FINRA and the SEC recently issued guidance related to cybersecurity risk and preparedness. Recent high-proile attacks also have made cybersecurity a hot topic at financial services firms. According to the survey, 83% of respondents participated in conversations about risks related to cybersecurity in the last year and 58% expect their role to change as a result of managing such risks.
“The electronic communications archive is no longer simply a check-the-box technology used to fulfill regulatory requests for firm data. Instead, archiving is now playing an increasingly important role in overall cybersecurity strategy and efforts by reducing and consolidating data silos across a growing number of content channels, and identifying risky communications or activity proactively – before they become serious and potentially damaging issues,” Marsh explained in a noted distributed with the survey results.
Nearly 60% of respondents answered that they were mostly to completely confident in their ability to prevent
and detect cyberthreats, yet Marsh cautions that the survey results over the last five years, coupled with events in the marketplace, indicate some of that confidence might be misplaced as many respondents simply don’t know what they don’t know when it comes to their cyber vulnerabilities.
Additional survey insights
In addition meeting regulatory requests, some 72% of respondents said that message supervision is a “critical tool to identify real risk in their organization.” Eighty-one percent believe message supervision “delivers valuable and actionable insights to the business.” Firms are also using e-communication monitoring data to aid in litigation or to meet e-discovery requests.
To compile its results, Smarsh surveyed 274 compliance professionals in February and March, drawing respondents from both small and large firms with a broad range of compliance-related job titles, from the C-suite to staff level. Sixty-four percent of respondents were RIAs while another 38% were BDs.