Navigating the expandinge-communications compliance perimeter

Ken AndersonVice President, Marketing

Today’s discussion items

Technology & compliance at a crossroads

The landscape:

How are firms managing?

The path forward

2

Every 60 seconds on the Web

Compare 2013 to 2015:

• Email

• WordPress

• Twitter

3

www.smartinsights.com

+12%+48%

+51%

Proliferation of content in regulated industries

2000 2016

The diversity and complexity of electronic communications beingused continues to grow year over year

4

EMAIL

IM

SOCIAL

WEB

MOBILE

FILES

VIDEOS

VOICE/AUDIO

Regulatory oversight, today and tomorrow

5

• FCA Final Guidance 15/4 Social Media & Customer Communications (2015)

• The Markets in Financial Instruments (MiFID) II (Jan. 2018)

Expanded governance & intensified scrutiny

• Records of all electronic communications and telephone calls (fixed and mobile) retained for minimum of 5 years.

• Includes not just communications that conclude in a trade, but all those calls and communications that are intended to conclude in a trade.

• Electronic communications and telephone calls on both privately owned and firm issued equipment need to be retained, for both permanent and contracting staff.

Source: MiFID II Directive 2014/65/EU Article 16 (7)

7

You need to be prepared to produce records:

• Email

• Phone call logs/recordings

• Instant message platforms

• Website content

• Mobile/text messaging

• Enterprise & personal social platforms

• Collaboration tools/files

The time of maximum need

69%

39% 36% 36%25% 25%

0%

20%

40%

60%

80%Most Common Electronic Message Types

Requested During Last Regulatory Examination

Source: 2015 UK Compliance Survey

7

The Landscape:

How Are Firms

Managing?

8

How are firms managing?

The 2015 Electronic Communications Compliance Survey Report

9

Allowance of social channels has grown in financial firms…

Source: Smarsh Annual Compliance Surveys (US FinServ orgs)

But a significant compliance gap exists.

of US firms that permitsocial do not have retention/ supervision in place.

39%

10

Compliance beyond email

UK compliance gaps

Graphic mage(with white background)

goes here

UK firms recognise value of social media, allowing use for business communication

of UK firms that permit social do not have retention/ supervision in place.

73%

11

• LinkedIn• Twitter • Mobile

~60%

60%56%

Some observations on US vs. UK

12

"...a member firm's obligations to supervise electronic communications are based on the content and audience of the message, rather than the electronic form of the communication. Consequently...FINRA expects a firm to have supervisory policies and procedures to monitor all electronic communications technology used by the firm and its associated persons to conduct the firm's business. To that end, a firm should consider, prior to implementing new or different methods of communication, the impact on the firm's supervisory system, particularly any updates or changes to the firm's supervisory policies and procedures that might be necessary.”

FINRA Notice to Members 07-59, Dec. 2007

Timeline of US social regulatory scrutiny

13

Jan. 2010 Aug. 2011

FINRA Regulatory Notice 10-06

Guidance on Blogs and Social Networking Websites

Jan. 2012

FINRA Regulatory Notice 11-39

Social Media Websites and the use of Personal Devices for Business Communications

SEC National Examination Risk Alert

Investment Adviser Use of Social Media

July 2011

FINRA Quarterly Report of Disciplinary Cases

: “…former rep of a Texas firm is serving a one-year suspension for a series of violations, including failure to inform her firm's principal that she had a Twitter account and sending more than 30 tweets about securities.”

The path forward

14

Challenge: Bringing order to the chaos

15

The good news: you can…

use the latest digital marketing apps and channels AND stay compliant.

16

Stakeholder alignment in action

The Challenge• Social organisation with an active adviser community

• FCA FG15/4 social media compliance

• Key driver: “Compliant business enablement”• More communications empowerment = more business

productivity• Preparation for MiFID II

Email, Bloomberg IM, Chatter, Corporate Twitter page, Corporate Facebook page, SLACK

17

Best Practices

Implement reasonable policies and procedures

STEP 2. Staff training

STEP 3. Technology for enforcement of retention/policy

Search Policies

Cases Admin

STEP 1

STEP 2

STEP 3

18

Step 1: Implement polices & procedures

• Extend policies to encompass more than email

• Policies need to address…

• Regularly review and add up-to-date regulatory guidance to your policies

19

Step 2: Training

• Understand and document training

• Identify and deputise your SMEs

• Pre-approval vs. supervision/post-review on social

20

Step 3: Retention & enforcement technology

21

MichaelSam

Matt

Eric

Jane• Broad range of content types and versions across email, IM, social, mobile, files and web

• Cloud-based or on-prem?

• Policy-driven compliance and supervision

• Immutable retention

Comprehensive Archive Platform

• Ease the burden of monitoring content across multiple channels

• Enable powerful search and case management

• Implement retention policies so content is stored as long as needed

• Apply legal holds to support investigations or discovery events

A comprehensive archiving solution will…

22

• Enforce your firm’s established policies

• Automatically flag risky content

• Help you quickly take action and remediate policy violations

• Provide an audit trail of all actions taken incl. corrective actions

A comprehensive archiving solution will…

23

Resources for your journey

Read at: www.smarsh.com/whitepap

ers/uk-fca-social-media-guidance-best-practices-for-

recordkeeping/

Read at: www.smarsh.com/whitepapers/uk-preparing-for-MiFID-II-and-MiFIR-recordkeeping

24

Questions?

Thank you

Regulatory landscape

MIFID II Directive: firms must be in a position to archive, supervise and disclose all their electronic communications, including telephone calls (fixed and mobile), from any device, personal and business.

Financial Conduct Authority

Final Guidance 15/4 Social Media & Customer communications

European Commission

JANUARY 3rd 2018 MARCH 2015

• Recordkeeping Minimum 5 years

• All-inclusive Not just communications that conclude in a trade, but allintended to conclude in a trade

• Recordkeeping Social media platforms themselves not sanctioned

• Expansive Rules Governing supervision and retention of social media communications

Increasing Governance Challenges

• Variety Communications data generated by variety of apps, sources and devices

• Volume Integration/API complexity • Authenticity Maintaining context e.g. social media is commonly multifaceted;

Twitter post contain link to YouTube video • Complexity Public social media archiving encompasses three different

approaches Portal Access, Proxy, API

Public social content: Facebook, LinkedIn, Twitter.Business social content: Google Talk, Microsoft Yammer,

Salesforce Chatter. Websites. Text messages.

Messaging content types beyond email gaining regulatory scrutiny

The Challenges IT Challenges

Supported content types

Email VideoSocial WebMobile Audio Files

Search Policies

Cases Admin

Core Platform Features

IM

22