While compliance officers are more confident in their firms’ use of new communications channels for business, including social media, they’re concerned about the retention and production of text messages, with most firms that allow their employees to conduct business via texts stating they have “minimal to no” confidence in their ability to produce such messages during a regulatory exam, according to a survey released Friday by Smarsh.
In its fifth annual report, Electronic Communications Compliance Survey, Smarsh found that of the 274 financial services compliance professionals polled, nearly three-quarters (72%) believe supervising the types of messages sent by their firm’s employees is critical to identify risk in their organization, up 13% from last year.
The compliance professionals polled hailed from the RIA, BD, insurance, hedge fund, private equity and banking industries.
Eighty-one percent said message supervision delivers “actionable insight” for the business, while 64% of respondents indicate responsibility for all non-compliance-related data production requests related to litigation, e-discovery and HR investigations.
“The oversight of electronic communications has evolved to become far more than the cursory, check-the-box review of email that existed years ago,” said Stephen Marsh, CEO and founder of Smarsh, in statement announcing the poll results. “Today, with more data points and better technology at their disposal, compliance teams are more empowered to identify risky communications and then mitigate potentially damaging issues before they become serious.”
Marsh added that with the compliance role now being “elevated in importance within an organization, convergence with IT and marketing initiatives is increasing,” with “compliance becoming an enabler of social media usage, and a key part of cybersecurity strategy.”
Sixty-six percent of those polled said that what concerned them most about cybersecurity was preparing for targeted regulatory exams or regulatory scrutiny, while 53% stated a big concern was having appropriate incident response planning in place and being prepared to respond to actual data breaches.
This year’s poll also found a greater use of social media and mobile engagement, with all of the “big three” social media channels — Facebook, Twitter and LinkedIn — being permitted for business communications at higher rates than last year.
For example, in 2011, just 39% of respondents allowed LinkedIn, compared with 72% today.
For the first time in five years, “new and emerging communications channels” were cited as a concern for fewer than half of the respondents.
Firms are not only permitting employees to communicate on business social media accounts, for instance corporate “company pages” — they’re allowing advisors to conduct business through personal social media accounts.
Eighty percent of firms that allow social channels allow employees to use personal LinkedIn accounts, and 63.5% allow personal Twitter accounts.
The poll notes that while the growth in policy and enforcement technology trends are moving “in the right direction, a compliance gap still remains,” as 39% of respondents that allow social channels do not have a solution in place to retain and supervise social media.
As to text messaging and use of mobile devices, firms allowing personal devices to be used for business communications have risen 17% from last year, with 73% of respondents stating they have a Bring Your Own Device (BYOD) policy.
While the rates of allowing text messages to be used for business communications and archiving continues to rise, the poll found that compliance officers “have significantly lower confidence” in their ability to produce text messages upon request compared with other types of electronic messaging.
As to exam preparation, the poll found that email remained the message type that was most requested during a regulatory exam at 77%, up 13% from 2014. Website pages, instant messages, Bloomberg or Reuters messages, social media and text messages round out the top six most requested types of messages.
Supervision activity reports (proof of supervision), disaster recovery or business continuity plan (DR/BCP) and written supervisory procedures remained the top three requested forms of related documentations, with requests for these materials on the rise in 2015 as well.
Also, with data production under the Financial Industry Regulatory Authority’s microscope this year, compliance officers stated that the No. 1 issue they face in producing data is managing the number of platforms used to retain and supervise such data.
A single platform to manage and supervise messages from various communications channels was reported by 83.2% as “important” to “critically important” when developing a comprehensive electronic messaging compliance program.
— Check out Best Finance Tweets of the Month: May 2015 on ThinkAdvisor.