How often do you and your colleagues hold virtual meetings using a videoconferencing platform? In today’s remote-work environment, probably quite often. And, how regularly does your firm capture the content from those video sessions for regulatory purposes?
Financial firms have largely failed to implement policies and procedures around video sessions and other commonly used collaboration and conferencing technologies. It’s the elephant in the room of today’s communications compliance and regulatory environment, and neither FINRA nor the SEC will give firms a pass on meeting their obligations in this regard.
Findings from the recent Smarsh 2020 Risk & Compliance Survey Report show that not enough financial firms acknowledge how the modern regulatory landscape is changing, particularly as newer communication and collaboration tools, like Zoom and Microsoft Teams, continue to evolve and create further complexity for e-communications record-keeping.
Conferencing solutions have become essential tools for business continuity, but the associated compliance risks are perhaps not completely understood. Organizations that have adopted these tools should step back, consider what’s at stake, and ensure that their policies and procedures are adapted accordingly.
More than half (51%) of survey respondents indicated they’ve recently adopted tools like Zoom, or added seats or capabilities, in response to work-from-home mandates. However, of the 83% of firms that allow conferencing tools, only 22% have established retention and oversight programs for the resulting communications content.
That’s concerning, suggesting a compliance gap exists between company policies and regulatory obligations. As new communication tools continue to proliferate and add new capabilities, firms will begin to rely on them even more, which means this gap is likely to widen.
Compliance teams need to be purposeful in how they approach the oversight in this new era.
There’s an adage in financial services: “Business risk and value can live everywhere.” So, while some firms may not have recorded in-person meetings in the past, everyone should be now. Virtual meetings are a form of electronic record, and having control over those records can mean examining your records retention and governance policies that exist not only to mitigate risk but also to preserve communications data that has value to your business.
Regulatory Lay of the Land
To be clear, regulatory agencies have already issued guidance regarding many of these issues. Keep in mind the following:
- In its February 2021 Examination and Risk Monitoring Program Letter, FINRA specifically noted that firms were not maintaining policies nor did they have sufficient supervisory procedures to identify and respond to red flags in business-related communications, including collaborative apps or “electronic sales seminars” in chat rooms.
- Previous regulatory interpretations regarding instant messaging and social media clarify that it’s the content, not the specific tool, that determines the need for supervision. That means if an affiliated advisor or employee uses a digital platform for business, it’s fair game to regulators.
- SEC and FINRA rules concerning record-keeping requirements do not differentiate between platforms, with both having interpreted that their policies are versatile enough to apply to rapid evolutions in technology. In other words, if firms are waiting for regulators to issue fresh guidance each time a new electronic communication tool hits the market, they are asking for trouble.
- With some survey respondents expressing confusion over what type of communications represent a business record, be mindful that the SEC and FINRA do have rules in place to cover this. In a nutshell, neither agency restricts this requirement to specific forms or formats.
A future in which virtual meetings are the norm was on its way well before the coronavirus moved financial firms to home offices. But remote work forces have hastened that process, and now it’s here to stay. Enabling employees to use their preferred tools with updated compliance protocols and technology will help firms stay connected and productive, today and in the future.
Robert Cruz is vice president of information governance at Smarsh, a global provider of digital communications compliance technology.