The financial services industry has faced a number of compliance challenges in recent years stemming from lack of supervisory and control systems to prevent misconduct and conflicts of interest. With revelations about the manipulation of Libor and, more recently, of foreign exchange rates, there is a renewed regulatory focus on and scrutiny of the way electronic communications are being used within regulated firms.
With employees of regulated firms now accessing and using multiple electronic communication platforms within their workday, and with new communication platforms being launched on a regular basis, the electronic communications landscape has never looked more complex. These electronic communications allow employees to send and receive information, in real-time, both within the company and to peers working in other organizations. This creates added complexity for firms that need to manage and control the flow of information for the purposes of managing conflicts of interest.
In recent years, regulators have refreshed or provided new guidance and regulations around the compliant use of electronic communications. Following the investigations into Libor and Forex manipulation, regulators and law courts have demonstrated an appetite for enforcement in the form of expensive fines and criminal charges. For regulated firms, there has never been a more urgent requirement to re-assess if the electronic communications in use within their organizations is being appropriately supervised and controlled.
Here are five areas of consideration for regulated firms when assessing the adequacy of existing compliance controls for their electronic communications:
- Implement controls at a user level. Different departments within an organization use different electronic communication platforms for different business use cases. Some groups of employees, by regulatory standards, are subject to greater supervision than other groups. By defining what particular groups of users can or cannot do within the communication platform, the organization would be able to demonstrate compliance with the regulatory requirement for control.
- Know your users. Where there is access to multiple communication channels, there could also be confusion and difficulty tracing and retrieving all communications authored by a particular employee. A user might choose different user names for their social media or public instant messaging network compared to those communication platforms operated within the corporate umbrella. This could make it difficult for organizations facing a regulatory audit or eDiscovery request to comply with the request within the time frame allocated and could lead to sanctions.
- Apply and enforce appropriate ethical wall policies. With regulators rigorously enforcing the rules for managing conflicts of interest, regulated firms need to ensure that they have effective virtual separation of employees whose activities constitute a conflict of interest. However, many firms have opened up their communication systems to enable employees to connect with their peers in other firms. This might take the form of Bloomberg and Reuters or Unified Communication platforms such as Microsoft Skype for Business or Cisco Jabber. To mitigate the risk of noncompliance, organizations need to put in place policies and technology to extend virtual ethical walls to prevent employees from passing information to their peers in other institutions using electronic communication channels, as happened in the Forex manipulation case.
- Streamline and simplify compliance. Controlling the flow of electronic communications, which take place in real-time, can be challenging for any company, not least of all for the highly regulated firm. In order to make it easier to manage, firms should consider using technology to enable legitimate conversations (for instance, Forex traders connecting with other Forex traders), block illegitimate ones (for example, Forex traders should not be allowed to connect with Forex benchmark submitters) and apply and enforce policies for how employees use all the communication platforms at their disposal, regardless of whether that is instant messaging, unified communications or email.
- Provide the right tools to enable compliant communications. The need for compliance need not stymie the effective use of electronic communications within a regulated firm. Companies can still ensure that their employees are productive, effective and collaborative while meeting compliance requirements. For instance, firms can put in place systems that provide contact directories with user information that would enable community members to see at a glance who they can contact and who they should not, from both within and outside of the organization.