4 Tips to Tighten Your E-Comms Controls
4 Tips to Tighten Your E-Comms Controls
In recent years, the financial services sector has witnessed a series of regulatory fines imposed on firms due to inadequacies in maintaining comprehensive records of employee electronic communications (e-comms). The latest news involves a new round of fines totalling $549 million, announced by US regulators in early Aug 2023. These fines are in addition to the already substantial sum of over $2 billion in penalties that have been levied thus far globally.
These financial penalties have arisen primarily due to record-keeping failures; the failure to properly record and store business e-comms. Although certain banks have initiated internal processes to address these issues under the umbrella of 'record-keeping,' regulatory authorities have also highlighted a broader concern. In specific cases, such deficiencies were found to be ingrained within the organisational culture, necessitating more extensive cultural and behavioural reforms.
For financial institutions that have thus far avoided regulatory scrutiny on this matter, the question of how to effectively manage these challenges is pertinent. The feasibility of achieving compliance might raise concerns, particularly for smaller firms when compared to the many large entities that have already faced fines and possess more substantial financial and human resources. Fortunately, several strategies can be adopted to enhance the control environment around e-comms and record-keeping and achieve better outcomes.
Consideration should be given to the availability of tools designed to capture, store, and monitor communication channels currently under regulatory focus, such as WhatsApp. If a firm requires the use of these channels, there are compliant methods to integrate them, albeit potentially incurring additional costs. Given the recent surge in fines, a careful cost-benefit analysis is warranted to assess these costs against potential risks to both reputation and financial penalties in the prevailing regulatory landscape.
4 Practical Tips to Tighten eComms Controls
Once all necessary business-approved channels are captured, compliance teams have multiple avenues to strengthen control measures:
Refine Communication Policies
- Initiate a review and potential update of the communication policies, with a specific focus on approved channels.·
- Ensure that the list of authorised channels is widely communicated to relevant stakeholders.
- Regularly reinforce the policy, including its inclusion in onboarding procedures.
- Obtain acknowledgments from employees.
Structured Channel Deployment
- Collaborate with IT to establish a systematic process for channel approval before deployment.
- Compliance should hold oversight authority over channels, user groups, and functionalities.
- Clearly delineate the conditions for each approved deployment, with particular emphasis on capture, storage, purging, and monitoring protocols.
Manage Personal Device Usage
- Address the use of personal devices in the workplace by instituting guidelines or policies that align with compliance requirements.
Leveraging Existing Systems
- Optimise current systems to reinforce compliance efforts.
- Consider utilising technology to filter messages containing specific references or to implement automated reminders regarding communication policies.
Conclusion
The increased regulatory emphasis on communication record-keeping underscores the imperative for all financial institutions, irrespective of size, to fortify their control frameworks. By capitalizing on tools, revisiting policies, and fostering interdepartmental collaboration, smaller firms can adeptly navigate the intricacies of regulatory compliance and mitigate potential risks.
If you are grappling with this, or related surveillance issues, feel free to reach out to me for an informal discussion about how I may assist.