Emerging technologies are complicating compliance for financial services firms. Smarsh’s Robert Cruz, an expert on information governance and regulatory compliance, shares some of the key the challenges they face, as well as a path forward.
For financial firms to stay compliant, they need to meet all the books-and-records and supervisory mandates required by FINRA and the SEC. But the ever-expanding variety of emerging technologies continues to raise the bar for compliance oversight.
For instance, financial crimes can now be masked by conversations that purposely jump across communications platforms, also referred to as “channel hopping.” Likewise, the use of emojis are increasingly carriers of sentiment or emotion, which can easily go undetected with today’s compliance tools. Let’s face it, not many lexicon-based systems will recognize a combination of two chickens, a cowboy hat and a palm tree as a financial risk.
FINRA’s 2019 annual letter states that examiners are focusing on regulatory technology, or regtech, to understand how firms “are using such tools and addressing related risks, challenges or regulatory concerns, including those relating to supervision and governance systems, third-party vendor management, safeguarding customer data and cybersecurity.”
In 2018, FINRA reported $87 million in total sanctions, marking an 81 percent increase since 2010. To avoid getting slapped with such penalties, it’s helpful to think of compliance oversight as a continual journey, not an end state at any one point in time. In other words, successful compliance requires an ongoing effort to adapt and enhance your company’s supervisory policies and to repeatedly review workflows over time. This continuous commitment is the only way to keep pace with all the sweeping regulatory and technological changes transforming the industry today.
Three clear dimensions are shaping this current discussion about risk mitigation. The first one involves all the unique challenges of spotting risks created by new interactive, collaborative technologies. The second one involves the growing interest in regtech, which deploys such advanced data tools as machine learning and behavioral analysis to better identify potential risks. The third one involves an increasingly common approach of viewing risks holistically by combining legal, compliance, security and privacy requirements. Here is a brief summary across each of these dimensions:
The Uniqueness of Collaborative Content
The growth of collaborative platforms can help improve teamwork and productivity. However, this trend is creating new challenges as firms move more of their internal workflows to products such as Microsoft Teams, Symphony, Slack and WebEx Teams. More firms are now wrestling with interactive content, such as managing persistent chats, with tools that were designed for email. Implementing policies to oversee new modalities including voice, video and app sharing is a good first step, but deploying modern technologies to account for today’s dynamic collaborative content is where many firms are headed.
The Mounting Influence of Regtech
All organizations struggle with the volume and variety of advanced technologies, hitting the limits of compliance review via words and phrases. While the fundamental books-and-record obligations will not go away anytime soon, advanced technologies can make firms more effective in spotting unknown risks amongst an increasingly complex variety of communications sources. As a result, many firms today are evaluating how machine learning can complement policy-based review and how advances in behavioral and sentiment analysis can improve risk mitigation. Since the regulators themselves are embracing these approaches, they expect that firms are leveraging regtech as part of their current examination processes.
Moving Toward a Unified View of Risk
Increasingly, IT, security and legal stakeholders are appearing at compliance meetings that previously had been the exclusive domain of individuals dealing directly with regulations. The reason is simple: More firms are looking cross-functionally for solutions that can scan the entire organization for risk. They need technologies to unify data from more than one part of the business and to go beyond the siloed views offered by installed legacy systems.
The best firms view communications as a first-tier business asset that must be protected against all types of exposure. Therefore, the strategic goal should be to increase the effectiveness of mitigating risks across all the different lines of business.
The best tactics for achieving this strategy involve embracing advanced machine learning and natural language processing technologies to complement established compliance workflows and books-and-records procedures. This can be achieved organically by adopting an open, extensible platform that works seamlessly across the whole organization and over its many communication channels to capture, store, archive and search all types of messages. Otherwise, firms will face a clear risk of failing to mitigate their own risk of compliance failures.