Navigating the expanding compliance perimeter smarsh 2016_notes_20 04 16_video
-
Upload
smarsh -
Category
Technology
-
view
140 -
download
0
Transcript of Navigating the expanding compliance perimeter smarsh 2016_notes_20 04 16_video
Navigating the expandinge-communications compliance perimeter
Ken AndersonVice President, Marketing
Today’s discussion items
Technology & compliance at a crossroads
The landscape:
How are firms managing?
The path forward
2
Every 60 seconds on the Web
Compare 2013 to 2015:
• WordPress
3
www.smartinsights.com
+12%+48%
+51%
Proliferation of content in regulated industries
2000 2016
The diversity and complexity of electronic communications beingused continues to grow year over year
4
IM
SOCIAL
WEB
MOBILE
FILES
VIDEOS
VOICE/AUDIO
Regulatory oversight, today and tomorrow
5
• FCA Final Guidance 15/4 Social Media & Customer Communications (2015)
• The Markets in Financial Instruments (MiFID) II (Jan. 2018)
Expanded governance & intensified scrutiny
• Records of all electronic communications and telephone calls (fixed and mobile) retained for minimum of 5 years.
• Includes not just communications that conclude in a trade, but all those calls and communications that are intended to conclude in a trade.
• Electronic communications and telephone calls on both privately owned and firm issued equipment need to be retained, for both permanent and contracting staff.
Source: MiFID II Directive 2014/65/EU Article 16 (7)
7
You need to be prepared to produce records:
• Phone call logs/recordings
• Instant message platforms
• Website content
• Mobile/text messaging
• Enterprise & personal social platforms
• Collaboration tools/files
The time of maximum need
69%
39% 36% 36%25% 25%
0%
20%
40%
60%
80%Most Common Electronic Message Types
Requested During Last Regulatory Examination
Source: 2015 UK Compliance Survey
7
The Landscape:
How Are Firms
Managing?
8
How are firms managing?
The 2015 Electronic Communications Compliance Survey Report
9
Allowance of social channels has grown in financial firms…
Source: Smarsh Annual Compliance Surveys (US FinServ orgs)
But a significant compliance gap exists.
of US firms that permitsocial do not have retention/ supervision in place.
39%
10
Compliance beyond email
UK compliance gaps
Graphic mage(with white background)
goes here
UK firms recognise value of social media, allowing use for business communication
of UK firms that permit social do not have retention/ supervision in place.
73%
11
• LinkedIn• Twitter • Mobile
~60%
60%56%
Some observations on US vs. UK
12
"...a member firm's obligations to supervise electronic communications are based on the content and audience of the message, rather than the electronic form of the communication. Consequently...FINRA expects a firm to have supervisory policies and procedures to monitor all electronic communications technology used by the firm and its associated persons to conduct the firm's business. To that end, a firm should consider, prior to implementing new or different methods of communication, the impact on the firm's supervisory system, particularly any updates or changes to the firm's supervisory policies and procedures that might be necessary.”
FINRA Notice to Members 07-59, Dec. 2007
Timeline of US social regulatory scrutiny
13
Jan. 2010 Aug. 2011
FINRA Regulatory Notice 10-06
Guidance on Blogs and Social Networking Websites
Jan. 2012
FINRA Regulatory Notice 11-39
Social Media Websites and the use of Personal Devices for Business Communications
SEC National Examination Risk Alert
Investment Adviser Use of Social Media
July 2011
FINRA Quarterly Report of Disciplinary Cases
: “…former rep of a Texas firm is serving a one-year suspension for a series of violations, including failure to inform her firm's principal that she had a Twitter account and sending more than 30 tweets about securities.”
The path forward
14
Challenge: Bringing order to the chaos
15
The good news: you can…
use the latest digital marketing apps and channels AND stay compliant.
16
Stakeholder alignment in action
The Challenge• Social organisation with an active adviser community
• FCA FG15/4 social media compliance
• Key driver: “Compliant business enablement”• More communications empowerment = more business
productivity• Preparation for MiFID II
Email, Bloomberg IM, Chatter, Corporate Twitter page, Corporate Facebook page, SLACK
17
Best Practices
Implement reasonable policies and procedures
STEP 2. Staff training
STEP 3. Technology for enforcement of retention/policy
Search Policies
Cases Admin
STEP 1
STEP 2
STEP 3
18
Step 1: Implement polices & procedures
• Extend policies to encompass more than email
• Policies need to address…
• Regularly review and add up-to-date regulatory guidance to your policies
19
Step 2: Training
• Understand and document training
• Identify and deputise your SMEs
• Pre-approval vs. supervision/post-review on social
20
Step 3: Retention & enforcement technology
21
MichaelSam
Matt
Eric
Jane• Broad range of content types and versions across email, IM, social, mobile, files and web
• Cloud-based or on-prem?
• Policy-driven compliance and supervision
• Immutable retention
Comprehensive Archive Platform
• Ease the burden of monitoring content across multiple channels
• Enable powerful search and case management
• Implement retention policies so content is stored as long as needed
• Apply legal holds to support investigations or discovery events
A comprehensive archiving solution will…
22
• Enforce your firm’s established policies
• Automatically flag risky content
• Help you quickly take action and remediate policy violations
• Provide an audit trail of all actions taken incl. corrective actions
A comprehensive archiving solution will…
23
Resources for your journey
Read at: www.smarsh.com/whitepap
ers/uk-fca-social-media-guidance-best-practices-for-
recordkeeping/
Read at: www.smarsh.com/whitepapers/uk-preparing-for-MiFID-II-and-MiFIR-recordkeeping
24
Questions?
Thank you
Regulatory landscape
MIFID II Directive: firms must be in a position to archive, supervise and disclose all their electronic communications, including telephone calls (fixed and mobile), from any device, personal and business.
Financial Conduct Authority
Final Guidance 15/4 Social Media & Customer communications
European Commission
JANUARY 3rd 2018 MARCH 2015
• Recordkeeping Minimum 5 years
• All-inclusive Not just communications that conclude in a trade, but allintended to conclude in a trade
• Recordkeeping Social media platforms themselves not sanctioned
• Expansive Rules Governing supervision and retention of social media communications
Increasing Governance Challenges
• Variety Communications data generated by variety of apps, sources and devices
• Volume Integration/API complexity • Authenticity Maintaining context e.g. social media is commonly multifaceted;
Twitter post contain link to YouTube video • Complexity Public social media archiving encompasses three different
approaches Portal Access, Proxy, API
Public social content: Facebook, LinkedIn, Twitter.Business social content: Google Talk, Microsoft Yammer,
Salesforce Chatter. Websites. Text messages.
Messaging content types beyond email gaining regulatory scrutiny
The Challenges IT Challenges
Supported content types
Email VideoSocial WebMobile Audio Files
Search Policies
Cases Admin
Core Platform Features
IM
22