Compliance and the Consumerization of IT
Business can be done from virtually anywhere, thanks to mobile and the host of different communications platforms available to most professionals today. Users can easily connect via social media, team collaboration and messaging platforms, text, personal email -- the list goes on. And for many businesses, this "consumerization of IT” is a positive trend from a productivity perspective. It allows for greater opportunity to build relationships with clients and offers quicker communication and collaboration between teams.
However, for companies in highly regulated industries - like financial services - each new avenue of communication also poses a potential compliance risk. Regulatory bodies are taking note; the SEC’s Office of Compliance Inspections and Examinations (OCIE) has recently acknowledged the increasing use of alternative communication methods in the investment advisory business as a potential concern.
Possible Regulatory Risks in Certain Forms of Electronic Communication
Both new and existing communications platforms could accidentally or purposefully be used to circumvent the Investment Advisers Act Books and Records Rule (and analogous SEC, CFTC and international rules). These rules - which serve to create transparency for, and accountability to, customers and the investing community - require regulated entities to keep accurate, unaltered copies of communications relating to securities advice, transactions, performance and marketing, including when that information is delivered in electronic form. Records must also be protected against untimely destruction, and indicate the identity of the sender and recipient of each communication.
To underline the seriousness of these concerns, the OCIE recently undertook an examination initiative for investment advisers which was designed to obtain an understanding of the various forms of electronic messaging used by those firms and their personnel, and the risks of such use. As a result, the OCIE has offered new recommendations, through a newly issued risk alert, on how regulated investment advisers can ensure compliance with the Books and Records Rule and the Investment Advisers Act Compliance Rule with regard to electronic communication tools.
One of the best ways to do this, in full conformance with the OCIE’s risk alert guidelines, is to choose a communications platform that facilitates regulatory compliance from the get-go. And many do not.
Consider platforms like Signal, for example, which allow anonymous communication, or Snapchat, which automatically destroy content after a set period of time. Likewise, services like text, SMS or instant messaging also frequently allow permanent message destruction at the option of the sender, and may not allow third-party viewing or backups of the information. Even though these platforms are known for their security features, these platforms may not fully meet compliance requirements, and so regulated companies may want to reconsider if deploying or using those solutions within their environments.
Symphony Facilitates Compliance with Financial Services Regulation
In contrast, Symphony was built with both security and regulatory compliance top of mind. It is designed to address the types of concerns the OCIE lays out in its alert. To help our customers remain fully compliant, we offer, among other features and functionality:
On top of all this, information in Symphony is also protected by a true end to end encryption model with zero gaps between the origin of a message and its destination, while still maintaining the ability for a company to access, search through and archive its own data, and to perform and maintain all the required compliance checks and controls in real time. This is unique in the market today.
Symphony is trusted by over 400,000 users from the world’s most competitive companies who use our platform to keep the world’s economy humming - and remain compliant at the same time. If your organization is interested in learning more, feel free to contact us or reach out to the team at firstname.lastname@example.org.