In a rapidly evolving digital landscape, managing compliance risks has become a critical priority for organizations. In a recent Innovation in Compliance podcast episode, I had the opportunity to interview Chris Lehman, CEO of Safeguard Cyber, a compliance and security company, to shed light on the importance of effective digital compliance and the challenges that arise with the shift in communication channels. This blog post explores the key insights from this conversation and offers practical advice on managing risk in the realm of digital compliance.
The manner in which communicate has undergone a dramatic transformation with the rise of smartphones and the increasing use of cloud-based applications and messaging platforms. Today, a staggering 45% of all business communication takes place outside of email, spanning channels like Slack, Microsoft Teams, WhatsApp, Telegram, Line, SMS, iMessage, and even social platforms such as LinkedIn. In addition to this tech side of the communication revolution, there is the generational change, from the way Baby Boomers communicated through GenXers to Millennials to GenZers. Moreover, corporations have not implemented the same level of controls for these new communication channels as they have for email, leaving potential vulnerabilities.
Lehman emphasizes the human factor as the most significant risk in compliance strategies. While technological advancements have enabled agility, innovation, and new ways of engagement, it is crucial to ensure compliance in these digital interactions. Safeguard Cyber highlights the need for organizations to prioritize compliance and good corporate governance, while still allowing employees to be agile and innovative.
To effectively manage risk in digital compliance, it is vital to treat it as a comprehensive risk management process. This involves understanding regulations, establishing robust policies, training employees, and leveraging technology to monitor and mitigate risks. It all starts with a risk assessment, which informs your risk management strategy. From there you must implement effective training and communications, then monitor and upgrade as needed. To do this you also need a tech solution which provides visibility into digital communication channels, enabling organizations to identify potential risks in real-time and take corrective action.
Unfortunately, there is often a tension that can arise between compliance teams and line of business teams. Rather than being seen as a hindrance, compliance teams should strive to be enablers and strategic partners. By providing visibility into the tools and applications employees use, compliance teams can facilitate decision-making on freedom and flexibility while maintaining compliance standards.
The regulators, such as the Securities and Exchange Commission (SEC), Commodities Futures Trading Commission (CFTC) and the Department of Justice (DOJ) have all take notice and have all emphasized the importance of compliance and good corporate governance in these new communication channels. This summer alone, SEC recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the CFTC ordered four financial institutions to pay a total of $260 million for recordkeeping and supervision failures for widespread use of unapproved communication methods. All of this means that companies must identify and assess their risks, implement risk management strategies, and ensure that policies and procedures are not only in place but also effectively trained and followed.
Fortunately, technologies now exist that allow organizations to achieve compliance without becoming overly burdensome through their monitoring function. Safeguard Cyber’s tech solution, for instance, monitors digital communication channels, such as email, messaging platforms, and social media, while ensuring employee privacy through an opt-in system. By leveraging natural language understanding technology, sensitive information can be flagged, and compliance can be maintained seamlessly.
As we move forward, the goal for organizations is to break down the walls between line of business and compliance teams. Technology will play a pivotal role in providing visibility into various communication channels and applications, helping employees stay within boundaries without intentionally breaking rules. Increased regulatory oversight is expected in the future, making it even more crucial for organizations to prioritize digital compliance.
In the modern business landscape, effective digital compliance and good corporate governance are paramount. Managing compliance risks in the realm of digital communication requires organizations to treat it as a risk management process, leveraging technology and establishing robust policies. By embracing technology solutions like Safeguard Cyber, organizations can monitor communication channels, flag potential risks, and ensure compliance without stifling innovation and agility. As we navigate this ever-evolving digital world, prioritizing digital compliance will be a key differentiator for organizations seeking long-term success.