At FINRA's annual conference this week, Smarsh, a managed service vendor in secure, innovative and reliable email archiving and compliance solutions, released a report that reaffirms what we know about the compliance industry: It has issues.
Smarsh conducted the research in part because it wanted to understand electronic compliance practices from the perspective of compliance officers. Regardless of how many obligatory regulations exist to mandate compliance, the reality is that the growth of consumer IT has made it difficult to keep pace, exposing companies to both risk and frustration.
The Compliance Landscape
The report illustrates the evolving nature of e-communications: New regulations lead to increased enforcement across a variety of new devices and communication tools. And it’s clear that increased enforcement is shifting the way compliance officers work. Of those surveyed, 70% say that the time and money spent on electronic communications-related compliance has increased, and most expect it to remain that way for the next year.
And it isn’t just priorities that have changed. The report also indicates that regulatory examinations are becoming more complex, suggesting that heightened scrutiny among regulatory agencies such as the SEC and FINRA are requesting more information each year, especially as it pertains to social media and other media channels. Not only does more information make the examination process more laborious, it doesn’t help that compliance practice lags for new messaging channels, which can make the process nearly impossible to evaluate.
The Compliance Gap
When asked, respondents demonstrated an accurate understanding of their compliance obligations related to electronic communications. Yet, there’s a difference between what they need to do to comply and what they are actually doing. The gap is particularly apparent with new communication channels, including social media. Not surprising, companies still don’t have clearly defined policies and systems in place to monitor and preserve messages sent from social networking sites.
Consider this: three-quarters of respondents (75%) acknowledged their regulatory obligation to preserve and monitor social media communications, but less than half (42%) had a policy in place and less than one-third (32%) actually retained and supervised those messages.
As well, compliance officers indicate that they lack the expertise and confidence to accurately assess compliance. According to the report, 87% of respondents were mostly or completely confident in their ability to provide requested email messages within a reasonable time frame. In contrast, less than half (46%) had minimal or no confidence in their ability to provide requested social media and mobile messaging data.
Reports like this one highlight the desperate need for education and training within industries subject to strict regulatory standards. Without it, the gap between what we know and what we do will only get bigger. Just as companies sprinted to implement compliance systems in the wake of the financial crisis, companies will likely need a similar crisis to make them understand the need for policies and systems that oversee electronic communication beyond email.