-Key trends identified in the 2015 Electronic Communications Compliance Survey
-What these trends mean for users, firms and compliance professionals
-Best Practices for managing social media compliance
RIA Roadshow - Electronic Communications Compliance for Investment Advisors
Smarsh social media trends, insights, and best practices from 2015 compliance survey
1. LIVE WEBINAR
JUNE 30, 2015
Smarsh 2015 Electronic Communications
Compliance Survey Report
THE ARCHIVING PLATFORM
WELCOME! – OUR PROGRAM WILL BEGIN SHORTLY…
2. LIVE WEBINAR
JUNE 30, 2015
Smarsh 2015 Electronic Communications
Compliance Survey Report
THE ARCHIVING PLATFORM
LET’S GET STARTED! - A FEW HOUSEKEEPING ITEMS BEFORE WE CONTINUE…
3. SPEAKERS FOR TODAY’S WEBINAR
TIM SIMONS, CPA, CFA, CIPM, CSCP, CFP
SENIOR MANAGING MEMBER
MIKE PAGANI
SR. DIR. OF PRODUCT MARKETING & CHIEF EVANGELIST
6. THE
ARCHIVING
PLATFORM
• Founded by Steve Marsh in 2001
• Cloud-based comprehensive archiving
PLATFORM provider
• Headquartered in Portland, OR
QUICK FACTS:
OVER 20,000 COMPANIES
TRUST US WITH THEIR MOST VALUABLE DATA
7. CORE FEATURES AND SPECIALIZED MODULES
SUPERVISION DISCOVERY PERSONAL
ARCHIVE
THE ARCHIVING PLATFORM
(SEARCH, POLICIES, CASES + ADMIN & REPORTING)
7
9. • The role of compliance grows
• Greater social and mobile engagement
• Acceptance of BYOD
• Confidence in cybersecurity preparedness
• Regulatory exams
• Conclusions
AGENDA
9
10. • New FINRA and SEC guidance has raised the profile of
compliance and its ability to help prevent real risk by extending
into other facets of the business. An example is the collaboration
with IT and other departments to implement cybersecurity
measures.
THE ROLE OF COMPLIANCE GROWS TO SOLVE NEW BUSINESS CHALLENGES
10
11. • As predicted in previous years, there has been significant growth in the
allowance and acceptance of new communications channels.
• Advisors and marketers have more choice in how, when and on what
device or channel to communicate with clients.
• Compliance officers have watched the scope of e-communication
retention and oversight responsibilities increase.
• For a majority, overall confidence in the ability to manage these
challenges is on the rise.
THE CHANGING LANDSCAPE
11
12. • Archiving solutions demonstrate their value when put to the test –
when requests for specific content must be produced in a specified
time period.
• The issue of data production is under FINRA’s microscope this year,
as they explicitly called out the inability to provide data in the
requested time “unacceptable” in its 2015 Exams Priorities Letter.
• Production has become more complex, and firms manage these
growing pains in different ways.
IS THAT CONFIDENCE JUSTIFIED?
12
13. • Compliance must produce more data more often, and for more
purposes.
• The business value of the data within the archive is being leveraged
in new ways to reduce risk.
• Compliance also has a key role in initiatives centered around
cybersecurity – both FINRA and the SEC issued guidance on this.
• This is encouraging collaboration with departments such as IT,
furthering elevating compliance’s profile and responsibilities.
MORE DATA, MORE OFTEN
13
14. • Advisors need access to the electronic communications channels
preferred by their clients.
• Firms are heeding the call, and compliance is making strides –
though gaps remain – in managing the subsequent retention and
oversight challenges.
FIRMS ENABLE GREATER SOCIAL & MOBILE ENGAGEMENT
14
15. • The success of financial advisors can hinge on how effectively they
communicate with clients.
• These often take place outside the office and via channels other than email
like LinkedIn or Twitter, and often from a mobile device.
• Compliance officers approached new communications channels cautiously,
because the content of the message determines whether it is a record.
• Each new social network or mobile device added complexity and
technological challenges.
• If compliance couldn’t retain and review communication, the customary
practice was to simply not allow it.
• In 2011, just 39 percent of respondents allowed LinkedIn compared to 72
percent today.
COMMUNICATING WITH CLIENTS
15
16. • Today, compliance officers have moved away from fearing the
potential threat from digital channels.
• For the first time in five years, new and emerging channels was cited
as a concern for less than half of the respondents.
• The “big three” social media channels—Facebook, Twitter and
LinkedIn—were all permitted for business communications at higher
rates than last year, with LinkedIn experiencing the greatest increase.
• Firms are not only permitting employees to conduct more social
business, but allowing them to use personal social media accounts
(rather than limiting them to “company pages” only, for instance),
strengthening the relationship between client and advisor.
CHANGING TIMES
16
17. • Firms must retain and monitor content from individual social media
accounts just as they do corporate ones, and employees must
understand that their firm will be supervising their personal accounts
and retaining a record of them.
• An average of 32 percent of firms that allow business communication
through personal social media accounts do not have a social media
archiving solution in place.
• The gap is 45 percent for firms that don’t allow personal channels,
but do allow corporate pages for business communication.
PERSONAL SOCIAL MEDIA ACCOUNTS
17
18. • Since the inception of this survey in 2011, compliance officers have
been steadily moving from prohibition to permission.
• Year after year, the path remains the same: firms institute a policy to
govern usage of these channels, enable usage for business
communications, and implement a retention and oversight system to
enforce policy.
• Since 2011, LinkedIn enjoyed the greatest increase in allowed usage,
at 33 percent, closely followed by Twitter, then Facebook.
CHANGES FROM 2011 TO 2015
18
20. • As allowance of social channels has grown, so has the percentage of
firms with policies to regulate the channels’ use, more than doubling
across allowed social channels.
• In 2011, only 17 percent of firms archived at least one of LinkedIn,
Facebook or Twitter. The next year that grew to an average of 30
percent archiving at least one channel, and today it’s at 61 percent.
• An average of 39 percent of respondents that allow social channels
do not have an archiving/supervision solution in place for social
media.
CHANGES FROM 2011 TO 2015
20
21. • Social media isn’t the only place where firms are becoming more
flexible around advisor needs.
• This year, allowance of personal devices for business
communications is up 17 percent from last year, and 73 percent of
respondents have a policy about BYOD, compared to 58 percent last
year.
BYOD AT MASS ACCEPTANCE
21
22. • The allowance of text messaging for business e-comm has not
reached the level of acceptance of social media, but an
InvestmentNews survey found that:
• Eighty-five percent of investors own and use a smartphone regularly and,
• 20 percent of surveyed investors under the age of 45 expect to be
communicating with their advisors via text in the next five years.
• Over two-thirds of firms that allowed text messaging did not have a
solution in place for retention and oversight, and nearly 60 percent of
those that allowed text messaging had minimal or no confidence in
their ability to produce messages if requested.
TEXT MESSAGING
22
24. • The latest survey indicates text message allowance is up by almost 2
percent, and adoption oversight solutions is less than 5 percent.
• The number of firms that allow text messaging for business
communications but don’t have a system in place for
retention/supervision - is at 64 percent.
• Client communication via text message is only going to increase, and
compliance departments need to find an effective solution to ensure
they are retaining and supervising this content.
TEXT MESSAGING
24
25. • E-comm oversight is no longer just a checkbox “need to have” for
compliance.
• As electronic messaging channels gain more prominence in business
communications, firms are recognizing the value of this archived
data, and the huge opportunity that message supervision presents to
identify risk.
• Seventy-two percent of respondents now believe message
supervision is a critical tool to identify real risk in their organization,
up 13 percent from last year.
• Eighty-one percent believe message supervision delivers valuable
and actionable insights to the business, versus 65 percent last year.
OVERSIGHT
25
27. • Over the past year, as FINRA and the SEC issued guidance on the
need to address cybersecurity risk and preparedness, compliance
continued to evolve its role in helping companies prepare for threats
and develop plans to deal with an attack.
• In the past year, 83 percent of respondents participated in
conversations about risks related to cybersecurity, and 58 percent
expect their role to change as a result of managing those risks.
• The cybersecurity concerns firms are facing – such as data
encryption, breach detection, due diligence of third-party vendors,
and data backup and retrieval – are related to a comprehensive e-
comm retention and supervision program.
COMPLIANCE ROLE EVOLVING
27
29. • The shift in compliance professionals’ top concerns shows that
message supervision is moving from reactive to proactive.
• In 2015, as in 2011, new and changing regulations and increased
scrutiny and enforcement by regulators remained among their top
four concerns.
• But this year, balancing employee privacy considerations with
oversight obligations and cybersecurity threats posed by use of
electronic messaging platforms surfaced as top priorities.
• While firms still have a way to go, more than half of respondents are
mostly to completely confident they are prepared to prevent and
detect key cybersecurity risks.
CONFIDENCE IN CYBERSECURITY PREPAREDNESS
29
31. • The No. 1 problem is the multiplicity of platforms used to retain this data.
• Compliance officers deal with multiple channels and often multiple solutions
for archiving/supervision, and this complexity is compounded by a lack of
understanding of the technology and limited staff resources.
• As compliance officers look to close these gaps, they may want to consider
those attributes in an archiving solution that have been cited as important to
critically important in developing a comprehensive electronic message
compliance program:
• Interface usability—ease of use
• Support for new e-comm channels such as social media and text messaging
• Features designed to improve review efficiency and effectiveness
• Single platform to manage and search messages from various e-comm channels
ELECTRONIC MESSAGE PRODUCTION PUTS FIRMS AT RISK
31
33. • The number of overall FINRA sanctions was down in 2014, but there was
an increase in fines. The number of people who were barred or suspended
increased by 15 percent.
• Regulatory examinations are becoming more intensive. The number of
requested content types is up across the board, with email requests
increasing to 77 percent. Top message types requested are:
• Email
• Website pages (i.e. company sites, RSS feeds, blogs, wikis)
• Instant messages (IMs)
• Bloomberg or Reuters messages
• Social media
• Text/SMS messages
• Proof of supervision, DR/BCP and testing results, and WSP remained the
top three requested forms of related documentation.
THE STATE OF REGULATORY EXAMS
33
35. • This survey illustrates that compliance is becoming more proactive and
prominent in organizations’ overall risk mitigation efforts, including
cybersecurity.
• An overall cybersecurity strategy relies on the contributions of multiple
stakeholders, aligned to tackle an unprecedented level of threat aimed at
data, infrastructure and process.
• With cybersecurity’s prominence in risk conversations, we asked
respondents this year to gauge their confidence levels around preventing
and detecting common cyber threats, such as:
• Traditional account takeover, including the high-jacking of passwords and client
user names;
• Malware attacks, including malicious attacks that infiltrate a network and exercise
command or control with a significant impact that’s hard to trace;
• Insider or operational risks, including rogue employees who penetrate business
systems, or conduct illegal business operations;
• General loss of client information and data, whether malicious or not.
CONCLUSIONS
35
36. • A word of caution, based on our experience and on how similar topics have
scored over the past five years: recognize that you just don’t know what you
don’t know.
• Confidence may not reflect reality.
• In many data breach cases, firms simply weren’t completely aware of all the
risks, and in some instances, firms didn’t even know that a breach
occurred.
• Often, the gaps in security prevention and detection arise because threats
evolve and change rapidly.
• To address this challenging environment head-on, we recommend firms
undergo a third-party cybersecurity risk assessment, which can identify
gaps, shine a light on threats that may be lurking and offer best practices to
manage and mitigate them.
CONCLUSIONS
36
37. • The volume and diversity of communications content that needs to be archived
in regulated industries is growing exponentially year over year and will not stop
• Cybersecurity and managing risk are two HUGE focus areas going forward
• Firms are now realizing the value that archiving technologies and message
supervision can have for identifying risk and providing valuable insights
FINAL THOUGHTS
37
KEY TAKEAWAYS
And as a technology provider, we have continued to diversify our solution offerings to provide multiple deployment options and to account for this incredibly dynamic space. Social networks are evolving, tools used to communicate are evolving, and our challenge is to give clients the ability to use the tools they want, how they want.
We provide more than just email archiving compliance – we also now do email encryption, data loss prevention, instant messaging, text message BlackBerry archiving just to name a few.
We truly provide an end-to-end solution
The Smarsh Management console has become a one stop shop for all your electronic communication archiving and monitoring administration
Smarsh is a managed service provider (Software-as-a-Service) of integrated solutions. Develops its own proprietary archiving, compliance and secure messaging software.
Consolidate. The Smarsh Management Console is your administration destination. There is no need to log into separate applications for your encryption software, another to view your "quarantined" pre-review messages and then another for your email supervision system.
Enforce policy-based encryption. Messages that meet your firm's customized criteria will be automatically sent with smarshEncrypt.
Communicate back-and-forth with clients confidentially within smarshEncrypt. Intellectual property, sensitive client financial information or private health information, for instance, can be transmitted in accordance with emerging state and Federal data protection and data breach mandates and regulations.
Outlook? BlackBerry? iPhone? CRM? No problem. Incorporate encryption and data-leak prevention policy enforcement with any email system and with any tool used to send email.
Track the entire life cycle of an email message through your compliance audit system. Start with the original ("pre-encrypted") message and track all actions taken on it.
In addition to technology, one of the most important parts of our service is the ongoing interaction with an account manager
-training
-education on upcoming compliance issues and how to address them
-we have a dedicated account management team that proactively reaches out to clients to provide these benefits
Re-framed and re-launched
Historically we’ve been great at supervision: team-based review, intelligent policy engine, interface designed for efficiency.
Review Sucks
June we launched the makings of a minimal viable product around e-discovery. Growing market, with huge upside. Legal, IT
Audience is suddenly at the table
Search Speeds, Policy Engine, User Experience matters at the workflow or offering level