Federal regulators’ attention on the use of mobile devices in the financial services industry has companies adopting new technology and revamping their policies. And, as MirrorWeb’s Harriet Christie explores, everyone in the organization plays a role in keeping compliance center-stage.
The SEC’s primary function is to protect investors, by drafting and enforcing regulations which hold firms accountable for their actions. One fundamental example of this is that all interactions between brokers and investors must be scrutinized, to ensure no wrongdoing.
The prevalence of digital communications in the modern world has prompted a regulatory overhaul, and since September 2022, the SEC has expanded record-keeping requirements significantly. This includes rolling out a new marketing rule, which has fundamentally altered which communications must be captured by regulated firms, and levying billions of dollars worth of penalties in an industry-wide crackdown on the illicit use of mobile devices.
As a result of this activity, compliance has taken center-stage and companies are increasingly realizing that the compliance function directly impacts staff behaviors, and so its implementation will affect the entire organization it serves, rather than just the compliance team. It’s no longer just a box to be ticked.
We’ll take a deep dive into the critical roles within any organization, and what concerns they are likely to focus on when it comes to selecting communications surveillance platforms.
Chief financial officer
Primary concern: Cost effectiveness
As with every product or service that the firm uses, cost is a major consideration for the CFO. Compliance can be a costly business, and mitigating as much risk around non-compliance will be forefront for the CFO. Assuming value from any potential vendors will also be critical, meaning priorities will lean toward competitively priced offerings.
What to watch out for
When considering service agreements, it’s important to understand that hidden fees are common in the surveillance sector. Firms may be billed additionally for platform training, for example, a feature that could reasonably be expected to be included in the cost of service.
The SEC Rule 17a-4 mandates that records of business communications must be maintained for 6 years. In order to achieve this, firms may be charged data export fees when they leave their surveillance vendor. This ties users into the working relationship indefinitely, as the export fees can be extremely costly, as it’s generally based on the volume of data.
Chief operating officer
Primary concern: Minimal restrictions
Vendor selection deals often come down to making people’s lives easier, and a COO will know that the fewer restrictions imposed, the better. It’s not only about making consumers happy; the COO can optimize efficiency by enabling brokers to operate compliantly, whatever their preferred channel of communication may be.
What to watch out for
This isn’t just about regulatory cover. There’s a reputational risk if firms can’t capture modern platforms, as they won’t engage tech-savvy prospects. The COO will recognize that a conservative approach is not sustainable in the current digital landscape and should look for adaptability and modern platform capture in their solution.
Primary concern: SEC rule compliance
Ideally, the surveillance solution will capture all digital channels in order to comply with the new SEC marketing rule, which is mandatory. By capturing everything, from Slack to email, websites and social media, the legal department won’t need to worry about the implications of digital advertisements being missed.
What to watch out for
We have already discussed the huge fines issued across financial services in the past year, for the improper use of mobile messaging apps. The legal department will need to consider that even if a compliance risk is identified and certain channels are banned, they could still be used, unauthorized, by employees that have come to rely on their convenience. It is therefore in the legal team’s interest to capture as many platforms as possible. Furthermore, if a solution can be implemented that separates business and private communications on personal (BYOD) devices, this would certainly be worth exploring as an additional layer of protection.
Legal monitoring takes up a large chunk of the legal team’s day to day workload. It’s important that the solution they select is able to pivot quickly and adapt in the transitory compliance landscape, which they will be pushing to keep pace with.
Chief technology officer
Primary concern: A future-proof solution
The CTO is likely to favor a vendor that is in tune with modern communications channels. This means fewer limitations, greater adaptability and simpler integrations with any wider tech projects. Even if the firm is not currently using a full suite of modern platforms, the wider surveillance capability is useful should they wish to expand their communications channels in the future.
What to watch out for
While the CTO will be technically minded, they’ll benefit from a vendor that leads on onboarding, ensuring that everything is in place for a smooth transition while project-managing the vital (and sensitive) process of data migration. Poor response times and connection difficulties should be avoided, so it’s worth conducting some research to ensure no time is wasted.
Data surveillance is a complex procedure, fraught with technical and legal considerations. The CTO will need peace of mind that their company data is being handled appropriately in a reliable, robust, platform. Appropriate ISO & SOC certifications and listings with the relevant authorities (such as the FINRA compliance vendor directory) should provide reassurance.
The greater good
There are clearly myriad factors when considering a communications surveillance vendor. Success looks different in every role, and so different features provide different benefits to different stakeholders.
Many of these details are intrinsically linked. Technological shortcomings could eventually have legal repercussions, which will in turn impact the firm’s finances, and so on. Businesses should therefore strive to choose a solution that has the best holistic impact on their organization, keeping them out of the headlines while having minimal impact on employees’ day to day behavior.
Most importantly, they should do their research. The status quo shifts frequently in the compliance landscape, and it would be smart to equip themselves with a solution that can adapt with it.