We are in the midst of a compliant communication crisis, with regulators and financial institutions struggling to keep up with the pace of innovation, and regulated industries battling to manage evolving industry expectations.
That’s the conclusion of the first annual Compliant Communication Report from Global Relay, our parent company. The report, which analysed the results of an industry survey, as well as the opinions of seasoned compliance practitioners, found that getting employees to comply with rules for electronic communication was seen by firms in regulated industries as their biggest challenge. Over half the survey respondents said they were struggling with monitoring all available compliance channels.
Network of professionals
Survey work for the report was carried out by Global Relay in January 2023, with the company tapping into its network of compliance professionals across a range of regulated industries but primarily in financial services. Responses came from compliance and risk professionals, with around half located in the US and 30% in the UK. The full breakdown of respondent’s industry sector is on the chart below.
Most respondents preferred to remain anonymous, but one person happy to go on the record was Eran Erman, Global Head of Compliance Technology at TP ICAP. He made a key point. “A trader can and will always have the option to use unrecorded applications to conduct business in violation of company policy, so providing a solution (even if not used frequently) to record WhatsApp in a compliant way should not be a ‘nice to have’ but a ‘must have’, even if you are not a regulated investment firm.”
The report also found;
- 59% of compliance teams have banned WhatsApp, WeChat and similar applications in light of regulatory enforcement action – though very few think that these bans are effective;
- 51.9% of firms opt for BYOD over corporate devices;
- 48.8% of firms under UK jurisdiction expect UK regulators to take the next step in relation to compliant communication; and
- 10.3% of those said they will not be ready when any such action is taken.
As Alex Viall, Global Relay’s Chief Strategy Officer, said: “Over the last two years, regulatory expectations have become stricter than ever, with fines for non-compliant communications amounting to over $2bn in the US alone. This is a daunting time for many in compliance and surveillance.”
The report aims to help firms negotiate these tough times, because, says Viall: “Communication is the core component of functioning financial services, but is also a topic that gives compliance officers the most concern. Financial institutions are grappling with regulatory needs from multiple angles, and all the while the channels of communication grow. As people communicate more, there’s more to capture. There’s more data to store. And there’s more information to surveil.”
One particularly interesting finding, and one that illustrates the problem now being grappled with, was that 59% of firms had banned the use of WhatsApp, WeChat and similar apps, but 56% did not think banning was an effective solution. And there was evidence of uncertainty about how to monitor and enforce such bans.
“Communication is the core component of functioning financial services, but is also a topic that gives compliance officers the most concern.”
Alex Viall, Chief Strategy Officer, Global Relay
The report also uncovered evidence to confirm that compliance professionals are aware that they need to demonstrate how to prove they are managing compliant communication channels, and that measures such as setting up lexicon searches for terms such as “WhatsApp” or fostering an environment of open information sharing could all help show a willingness to deliver a viable compliance solution.
It was clear that, while much of the conversation on this topic has centred on what technology exists to ensure communications are compliant, and how to deploy it, the biggest challenge is a behavioral one. The issue of employee buy-in far outweighed any other in responses. As one respondent said: “We’re all playing catch up and fighting the human condition in the process as individuals seek to communicate faster and more broadly than ever before.”
Carroll Barry-Walsh, a lawyer and the founder of Barry-Walsh Associates, said that people don’t break rules because they don’t know about or understand them, but because “it is easier or more convenient to do so and because they think the risk is worth it”. So the answer is to “persuade them that it is better for them, and more professional if they do the right thing”.
Getting senior leadership to set the standard is also key and, says Chip Jones, Executive President of Compliance at Global Relay: “In terms of getting senior leadership buy-in, you just need to look at the fines that have been rolled out to realize the benefits of using compliant technology. They just need to think, would we rather spend money on a compliant solution, or do we want to be all over the Wall Street Journal?”
Responses also showed that BYOD remained the policy of choice, for now. More than 50% of respondents had a BYOD policy of some kind, but the challenge is in knowing which comms are business-related and which are personal. To tackle this problem, some firms have decided to ban the use of certain channels for business communication. But this can prove to be counter-intuitive and restrictive. Interestingly, the use of corporate devices was more popular in Europe than in the US.
UK and US actions
It is clear that the majority of regulatory movement around the recordkeeping of communications has come from US regulators and government departments. UK compliance officers are keen to see stronger enforcement action from the FCA, with one telling a recent roundtable organised by Global Relay that it is difficult to sound convincing when telling employees to behave in their messages when there is little factual backing or precedent to suggest that the regulator will take punitive action if they do not.
There is uncertainty about what the next move by a UK regulator will be, but TP ICAP’s Ermann said: “It’s a matter of time until the FCA fines someone for using off-channel comms.
I think the fine that would be issued would be more aligned to comms and recordkeeping breaches, and the use of personal devices would be one of several reasons for the fine.”
The clearest conclusion to be drawn from the findings is that there is a lack of clarity in this vital area. The report says that “innovation in communication technology is ever-evolving and fast-paced. Over the next year, global regulators will be looking to modernize existing frameworks to cater to emergent risk. Firms will be tasked with decoding these new obligations, while simultaneously attempting to manage the flow of business communication within their organization.”
The full findings can be read on the Global Relay website.