This is a guest post from Jimmy Douglas, Director of Alliance & Industry Relations at Smarsh, originally seen on the Smarsh blog on April 9, 2014.
When talking with compliance professionals about the retention and supervision of email, social media, instant messaging, text and web content, I hear lots of success stories—even as firms face the challenges of evolving regulations and technologies.
What sets the successful compliance teams apart from others? What do they do differently, compared to firms that battle with electronic communication retention and supervision responsibilities?
In most cases, the successful compliance team makes sound decisions about their firm’s electronic communications compliance policy, and continually evaluates and adjusts the policy when new regulations, communications trends, or technologies appear.
In contrast, firms that make compliance mistakes often make assumptions which result in flawed policy and procedures surrounding books and records. These may even lead to weighty consequences or sanctions during a regulatory audit or legal event.
A few of these risky assumptions include:
1) My firm is too small to require a comprehensive electronic communications governance policy.
Some firms may think they’re not ‘big enough’ to archive and monitor their electronic communications records. They haven’t considered adopting a technology solution or formalized a communications policy. Instead, the firm relies on manual communication review methods, or the limited archiving and monitoring functions found in the tools they already have. In the worst case scenario, a firm might not even supervise electronic communications at all.
The outcome: A firm may be small, with staff members who know and trust each other, but that doesn’t mean every rep knows about all the activities within the business, or that all activities fall within compliance boundaries. Even if your firm has a great reputation, with employees who are ethical, conscientious, and familiar with every aspect of the business—industry regulators will still examine its electronic communications policies, supervision and records.
The solution: Take the steps to put electronic communications policies and supervision in place.
2) There’s no need to follow the firm’s electronic communications policy after the official document has been created and distributed to staff.
This is an area where a well-meaning firm can get into trouble with email, social media, instant messaging and other types of electronic communication. It happens when significant time and resources are invested to produce a formal electronic communications governance policy, but the policy isn’t followed or enforced. Employees then forget or ignore policy guidelines for appropriate use and content.
The outcome: Regulators don’t award merit points for the creation of a policy; they need to see the policy enforced. They want to see documentation of electronic communication review activities conducted by the firm’s compliance team or supervisor responsible for message supervision.
The solution: Today’s archiving and compliance solutions can help a compliance team supervise electronic communications on a regular basis, and detect, escalate and resolve policy violations. Advanced solutions also allow compliance teams to produce an audit trail during an examination, so regulators can see supervision activities.
3) It’s too time-intensive and costly to evaluate my firm’s electronic communications governance policies over time.
Similar to the second assumption above, a firm might invest the resources to create a governance policy, but then neglect to evaluate its effectiveness and fit for the organization over time.
The outcome: The first draft of a governance policy is often unrealistic. It may not fit the way a firm actually conducts business, or effectively identify risk. Whatever the reason, if a policy doesn’t accommodate the day-to-day workflow and culture of a firm, it won’t work well in the long run.
The solution: Successful governance policies are flexible; they bend and change over time, as the firm grows, changes direction, or adjusts to new regulations and technology. Review your firm’s policies on an ongoing basis, in a way that makes sense for your business and the market you operate in.
So take a step away from the day-to-day urgencies of running your business to focus in on the assumptions listed above. Spending some time on the solutions can save your firm time, money and regulatory sanctions.
And while not every firm has the resources to hire a full-time compliance professional, there are technology solutions available that can help small firms automate much of the electronic communications supervision process.
For more information on Smarsh and RIA in a Box, click here