Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 3 – 2023 Evaluation of Compliance Programs: Messaging Apps, Internal Controls and Adequate Compensation

Messaging Apps

There was a significant addition to the language around messaging apps. The ECCP opened this section by noting, “Messaging applications have become ubiquitous in many markets and offer important platforms for companies to achieve growth and facilitate communication.” For any company under investigation or in a FCPA enforcement action, the DOJ will evaluate its “policies and mechanisms for identifying, reporting, investigating, and remediating potential misconduct and violations of law governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications.”

Internal Compliance Controls

Under Section II, entitled Is the Corporation’s Compliance Program Adequately Resourced and Empowered to Function Effectively?  We find the new language, “In this regard, prosecutors should evaluate a corporation’s method for assessing and addressing applicable risks and designing appropriate controls to manage these risks.” This simple sentence packs quite a punch as it requires both appropriate internal compliance controls and then monitoring of those controls to see if they are managing the risks identified in the risk assessment.

Adequate Compensation and Salary/Bonus Review for Compliance

Under Section III, there is a significant new addition to the ECCP. It forces a company to adequately compensate those employees who investigate and pass judgment on misconduct. But it is more than simply adequate compensation, as it also requires a company not to retaliate via low salaries, limited raises, or other compensation for doing their jobs as compliance officers. In other words, if the CEO is being investigated by compliance, that same CEO should not be setting or reviewing the salary of the CCO or those doing the investigation. This mandates that the DOJ review the entire corporate organization on these issues.

Three key takeaways:

1. Communications compliance will be a key issue for compliance professionals going forward in 2024.

2. You must have both appropriate internal controls and ensure they are functioning.

3. In addition to adequate resources, a compliance function must be shown to adequately pay, promote, and protect those involved in compliance investigations.

Categories
Blog

Assessing Communication Compliance: Ephemeral Messaging and Retention

I recently had the opportunity to visit with Alex Cotoia, Regulatory Manager, and Daniela Melendez, an Associate at The Volkov Law Group, on the importance of addressing electronic communications preservation and management in this new age of rapid technological change. They joined penned an article for the Volkov Law Group’s site, Corruption, Crime and Compliance entitled, “Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data.”

Ephemeral messaging, a method of communication that automatically erases content after a short period of time, is becoming increasingly popular in both personal and business settings. Platforms like Snapchat and Instagram offer features that allow messages to disappear, providing a sense of privacy and security. However, the use of ephemeral messaging in business comes with its own set of challenges and legal implications. Additionally, as both Cotoia and Melendez noted “companies have to devote significant resources and attention to information technology and security, electronic communications and business-generated data, and to overall information security and governance.”

The pointed to a recent case involving Google, where the companies document retention policy for ephemeral messaging was 24 hours, yet a Court Order required such messages be preserved. The Court found Google failed to preserve its chat data, despite a preservation order that directed Google to preserve chat records by changing the default settings for the chat system.  The Court found that Google did not effectively emphasize the importance of those obligations to its employees.

The episode highlighted the concerns raised by the Department of Justice (DOJ) regarding the use of ephemeral messaging for illegal activities, leading to more enforcement actions. This poses challenges for investigations, particularly in the corporate sector. They related that at a “fundamental level, the case underscores the criticality of applying document preservation policies to all media used by an organization’s employees to conduct company business. This echoes guidance provided by the U.S Department of Justice in the context of recent updates to its guidelines concerning the “Evaluation of Corporate Compliance Programs.”  The most recent iteration of those guidelines calls on companies to thoroughly understand the various communication channels—including ephemeral messaging applications—utilized by a company’s employees to conduct business.”

The Google case is as an example of the legal liabilities and sanctions that can result from failing to preserve relevant evidence. In this case, Google was sanctioned by a district judge for failing to preserve employee chat evidence relevant to an antitrust litigation. The employees did not follow the company’s policies regarding document preservation, leading to legal consequences.

The implications of the Google case extend beyond commercial litigation and preservation of evidence. The DOJ’s focus on ephemeral messaging applications in their guidelines for evaluating corporate compliance programs sends a clear message to organizations that they need to adopt or refine their data preservation policies in relation to employee communication.

One of the key considerations for companies is to assess their risk profile and determine whether ephemeral messaging applications are appropriate for conducting business. High-risk industries, such as those prone to corruption, should prohibit the use of these applications due to the potential for concealing illegal activities. On the other hand, companies with lower risk profiles may be more lenient in allowing employees to use ephemeral messaging applications for legitimate business purposes.

The DOJ guidelines also emphasize the need for companies to proactively manage authorized communication channels, monitor and preserve all business-related electronic data, and develop specific policies for employee obligations regarding personal devices and document retention. This requires companies to account for all communication channels, maintain data consistently, and constantly monitor content for any evidence of illegal activity.

The Google case serves as a wake-up call for companies accustomed to more lax preservation policies. It highlights the importance of enforcing existing policies and providing comprehensive training to employees on document preservation. Failure to do so can result in legal consequences and sanctions.

Cotoia and Melendez also reported that they observed “an uptick” in inquiries from clients regarding ephemeral messaging policies and the need for guidance in this area. Companies are seeking advice on how to navigate the challenges and legal implications associated with ephemeral messaging in business.

The use of ephemeral messaging in business presents challenges and legal implications that organizations need to address. It is crucial for companies to refine their data preservation policies, consider the appropriateness of ephemeral messaging for their business, and proactively manage authorized communication channels. By doing so, companies can mitigate the risks associated with ephemeral messaging and ensure compliance with legal requirements.

Categories
Blog

Creating a Sustainable Communications Compliance Environment with Technology

This week I have a special five-part podcast series, sponsored by Verint on the Future of Communication in Financial Compliance on the Innovation in Compliance podcast series on the Compliance Podcast Network. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we took a deep dive into the current status of communications in financial institutions; how to be or not be compliant; an analysis and insight into the area; and how to avoid accentuating the negative and the human element in compliance. In this five and concluding blog post, we look down the road at financial institution communications compliance.

In the rapidly evolving landscape of AI and digitalization, the importance of human compliance in regulatory compliance cannot be overstated. We shed light on the need to shift the focus from technology to understanding individuals and their communication channels when it comes to compliance. One of the main challenges highlighted in the episode was the siloed approach to communications within corporations. Many organizations fail to recognize the interconnectedness of different communication modalities and view them as separate entities. However, compliance demands a holistic approach that encompasses all in-scope individuals and the communications they use.

To address this challenge, a compliance communications platform can provide immense value. Such a platform captures, analyzes, and reports on all communication modalities, enabling a comprehensive view of compliance. It shifts the focus from technology to the alignment, visualization, and processing of data around people. By understanding individuals and their communication patterns, organizations can better ensure compliance.

Phil Fry emphasized the importance of data completeness, integrity, and control in compliance. A compliance communications platform should be able to capture and analyze data from various sources, including voice communications, chat, text, and video conferencing platforms like Zoom and Symphony, and even mobile devices. This comprehensive approach ensures that no communication is overlooked and that compliance requirements are met.

The episode also touched upon the role of IT teams in compliance. While IT teams have traditionally been responsible for implementing compliance solutions, the alignment between vendors, IT teams, and compliance teams can be challenging. Compliance teams must be involved in decision-making processes to align technology with risk management goals. This collaboration ensures that technology solutions are not just focused on functionality but also on addressing compliance requirements.

Looking toward the future, the episode discussed the role of technology in simplifying compliance processes and reducing complexity. Generative AI and machine learning are expected to play a significant role in analyzing and understanding compliance data. However, it is important to note that technology alone is not the solution. The analysis, visualization, and control of compliance policies are equally important to ensure proactive management and derive valuable insights from the data.

In conclusion, human-centric compliance in the era of AI and digitalization requires a shift in focus from technology to understanding individuals and their communication channels. Compliance communications platforms that capture, analyze, and report on all communication modalities are essential for a comprehensive compliance strategy. Collaboration between vendors, IT teams, and compliance teams is crucial for aligning technology with risk management goals. By leveraging technology and implementing effective data analysis and policy control, organizations can simplify compliance processes and ensure regulatory compliance in the digital age.

For More Information check out Verint.

Categories
Innovation in Compliance

The Future of Communication in Financial Compliance: Part 5 – Human Compliance

This week, I have a special five-part podcast series sponsored by Verint on the Future of Communication in Financial Compliance. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions, how to be or not be compliant, analysis and insight into the area, and how to avoid accentuating the negative and the human element in compliance. In this fifth and final podcast, we look down the road of financial institution communications compliance.

Phil Fry, the VP and General Manager of Financial Compliance Strategies at Verint, brings over forty years of experience in the financial compliance industry and a deep understanding of the challenges financial firms face in adhering to regulations amidst evolving communication modes. He has a rich background in supporting a global trading floor, giving him a unique perspective on data loss and compliance challenges. His perspective on “human-centric compliance in the era of AI and digitalization” is shaped by his belief in focusing on individuals and their communications rather than separate communication tools.

He advocates for strategic alignment between vendors, compliance teams, and technology, emphasizing the need for data completeness, integrity, and control in compliance communications platforms. Fry sees the potential of generative AI and machine learning in simplifying compliance processes but also acknowledges the complexity of managing and monitoring policies in the digital age. Join Tom Fox and Phil Fry as they delve deeper into these topics on this final episode of the Future of Communication podcast.

Key Highlights:

  • The Importance of Individual Communication in Compliance
  • Creating a Sustainable Compliance Environment with Technology
  • Leveraging Technology for Streamlined Compliance

Resources:

Phil Fry on LinkedIn

For More Information check out Verint.

Categories
Innovation in Compliance

The Future of Communication in Financial Compliance: Part 4 – Accentuate the Negative?

This week, I have a special five-part podcast series sponsored by Verint on the Future of Communication in Financial Compliance. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions, how to be or not be compliant, analysis and insight into the area, and how to avoid accentuating the negative and the human element in compliance. In this fourth podcast, we ask if you must accentuate the negative.

Phil Fry, the VP and General Manager of Financial Compliance Strategies at Verint, brings over forty years of experience in the financial compliance industry and a deep understanding of the challenges financial firms face in adhering to regulations amidst evolving communication modes. He specializes in the voice regulatory compliance capture world, particularly emphasizing the financial industry. He firmly believes in the importance of data quality in financial industry compliance, stressing the need to capture and record all trade-related communications, regardless of the time, place, or platform they occur on.

Fry argues that incomplete or missing data can hinder compliance efforts and investigations and that it is crucial to identify and categorize any gaps in the data to reduce false positives and improve trade surveillance. He also discusses the importance of linking conversations to gain insights into communication patterns and improve investigations. His extensive experience in the field shapes Fry’s perspective, and he is dedicated to solving legacy issues related to third-party identification and linking conversations together for improved investigations. Join Tom Fox and Phil Fry on this episode of the Future of Communications podcast as they delve deeper into the importance of data quality in financial industry compliance.

Key Highlights:

  • Data Gaps and Communication Patterns in Finance
  • Biometric Speaker Detection and Analysis
  • Data Quality: The Key to Reliable Analysis

Resources:

Phil Fry on LinkedIn

For More Information check out Verint.

Categories
Blog

The Importance of Data Quality in Financial Communications Compliance

This week I have a special five-part podcast series, sponsored by Verint on the Future of Communication in Financial Compliance on the Innovation in Compliance podcast series on the Compliance Podcast Network. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions; how to be or not be compliant; an analysis and insight into the area; and how to avoid accentuating the negative and the human element in compliance. In this fourth post, we consider the importance of data quality in financial institutions’ communications compliance.

In the ever-evolving financial industry, compliance is a critical aspect that ensures the integrity and stability of the market. One key factor that plays a crucial role in compliance is data quality. The ability to capture, analyze, and maintain high-quality data is essential for financial firms to meet regulatory requirements and effectively manage risk. Data completeness is the foundation of any investigation in the financial industry. It is not just about capturing the data, but also about identifying and addressing any gaps in data capture and communication. Regulators are particularly interested in the gaps that go unnoticed, making it imperative for compliance teams to pay close attention to these areas. As Phil Fry emphasized, “It’s the things that go under the radar that regulators are most interested in.”

The financial industry operates across multiple channels, platforms, and modalities, making data capture a complex task. Compliance teams must ensure that they cover a wide range of devices and capture all relevant conversations related to trades. However, challenges arise when employees use different devices or when conversations occur on platforms that are not easily captured. In such cases, compliance efforts are hindered, and the risk of missing critical information increases.

To address these challenges, innovative techniques such as Identity Insights are being employed. Identity Insights leverages biometric techniques to detect and isolate different speakers in a conversation, storing this information securely in a searchable manner. This goes beyond traditional identification methods and helps solve legacy issues in capturing third-party identification across various communication channels. By linking conversations together, compliance teams can gain valuable insights into communication patterns and improve investigations.

Data quality is not just about capturing complete data; it also involves the accuracy and reliability of the captured data. The adage “Garbage In, Garbage Out” holds in the financial industry. If the data captured is of poor quality, any analysis or insights derived from it will be flawed. Therefore, it is crucial to ensure that the captured data is structured, properly labeled, and contains all necessary metadata. This reduces the risk of false positives and enables compliance teams to make informed decisions.

Legacy data poses another challenge in maintaining data quality. While capturing and analyzing real-time data is essential, it is equally important to consider the vast amount of historical data that financial firms possess. The quality and structure of this legacy data can vary, making it difficult to extract meaningful insights. However, advancements in technology offer opportunities to enhance the analysis of legacy data and reduce the risk of crucial information being overlooked.

Balancing the tradeoffs involved in data quality is a constant challenge for compliance teams. On one hand, they need to capture as much data as possible to ensure completeness and accuracy. On the other hand, they must also consider the cost and resources required to manage and analyze large volumes of data. Striking the right balance is crucial to optimize compliance efforts and reduce the risk of regulatory violations.

In conclusion, data quality plays a vital role in financial industry compliance. By focusing on data completeness, addressing gaps in data capture, and leveraging innovative techniques, compliance teams can enhance investigations, improve trade surveillance, and ensure adherence to regulations. The importance of data quality cannot be overstated, as it forms the foundation for accurate analysis and insights. As the financial industry continues to evolve, maintaining high-quality data will be crucial in mitigating risks and ensuring a robust compliance framework.

For More Information check out Verint.

Categories
Innovation in Compliance

The Future of Communication in Financial Compliance: Part 3 – Data Analysis and Insight

This week, I have a special five-part podcast series sponsored by Verint on the Future of Communication in Financial Compliance. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions, how to be or not be compliant, analysis and insight into the area, and how to avoid accentuating the negative and the human element in compliance. In this third podcast, we take a deep dive into data analysis and insights.

Phil Fry, the VP and General Manager of Financial Compliance Strategies at Verint, brings over forty years of experience in the financial compliance industry and a deep understanding of the challenges financial firms face in adhering to regulations amidst evolving communication modes. He specializes in enhancing surveillance systems through data analysis and risk management. His perspective on this topic is shaped by his commitment to bridging the gap between what is captured and what is perceived to be captured, with a focus on proactive compliance.

Fry believes that surveillance teams can make proactive and smarter decisions by utilizing early analytics and risk analysis on captured data, focusing on high-risk conversations. He also emphasizes incorporating additional metadata points, such as time, geography, and communication patterns, to enhance surveillance capabilities. Fry’s initiatives, which include plans to add emotion detection and real-time call translation capabilities, aim to provide valuable data and insights to various corporate disciplines. Join Tom Fox and Phil Fry on this episode of the Future of Communications podcast to learn more about his innovative approach to improving surveillance systems.

Key Highlights:

  • Bridging the Gap: Pre-surveillance Insights
  • Improving Surveillance Efficiency through Data Analysis
  • Uncovering Valuable Intelligence from Spoken Interactions

Resources:

Phil Fry on LinkedIn

For More Information check out Verint.

Categories
Blog

Bridging the Gap: Enhancing Surveillance Systems with Data Analysis

This week I have a special five-part podcast series, sponsored by Verint on the Future of Communication in Financial Compliance on the Innovation in Compliance podcast series on the Compliance Podcast Network. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions; how to be or not be compliant; an analysis and insight into the area; and how to avoid accentuating the negative and the human element in compliance. In this third post, we consider the topic of improving surveillance systems through data analysis and risk management.

We highlighted the challenges faced by surveillance teams in managing large amounts of data and identifying relevant information. It also emphasized the importance of proactive decision-making and efficient risk response in the face of ever-expanding regulations. One of the key issues discussed in the episode was the overwhelming amount of data that surveillance teams have to deal with. Fry mentioned that surveillance teams often find themselves looking for needles in haystacks, trying to find the data they need among thousands or even tens of thousands of calls in a day. To address this challenge, early analytics and risk analysis can be employed to provide proactive and smarter decision-making processes. By analyzing captured data, surveillance teams can focus on conversations that raise red flags or are deemed high risk, rather than being overwhelmed by the sheer volume of data.

To enhance surveillance systems, Fry suggested implementing “pre-surveillance surveillance” and adding additional metadata points. This includes considering factors such as geography, time, and the technology used during communication. By capturing this additional information, surveillance teams can gain a comprehensive view of spoken interactions, enabling them to respond to incidents and risks more quickly and efficiently. This approach also aligns with the need for compliance with regulations, as non-compliance consequences can be severe, including hefty fines and even imprisonment.

The episode also highlighted the value of insights derived from spoken interactions. Fry emphasized that conversations are a gold mine of information, and with the right transcription and analytic capabilities, valuable intelligence can be extracted. By combining speech and conduct insights into the core capture, compliance officers can have a single pane of glass view of all spoken interactions within their organizations. This includes detecting changes in sentiment, and language switches, and gaining an overview of conversation topics. The solution discussed in the episode has been trained for the financial domain, making it easier for surveillance teams to perform audio reviews and detect possible compliance breaches.

Furthermore, the episode touched upon the wide range of corporate disciplines that can benefit from this data. It is not just limited to compliance and audit teams but can also provide insights into functions such as Chief Financial Officers, strategic risk compliance, and operations. The data collected can be used to gain insights into how solutions are working and aid decision-making processes across various departments.

In conclusion, improving surveillance systems through data analysis and risk management is crucial in today’s regulatory landscape. The challenges of managing large amounts of data and identifying relevant information can be addressed through early analytics and risk analysis. By implementing “pre-surveillance surveillance” and capturing additional metadata points, surveillance teams can gain a comprehensive view of spoken interactions and respond to incidents and risks more efficiently. The insights derived from these interactions can be valuable to a wide range of corporate disciplines, making it a valuable asset for organizations. Continuous monitoring and improvement of surveillance systems are essential to ensure compliance and mitigate risks effectively.

For More Information check out Verint.

Categories
Innovation in Compliance

The Future of Communication in Financial Compliance: Part 2 – To Be or Not To Be Compliant

This week, I have a special five-part podcast series sponsored by Verint on the Future of Communication in Financial Compliance. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions, how to be or not be compliant, analysis and insight into the area, and how to avoid accentuating the negative and the human element in compliance. In this second podcast, we consider how to be compliant.

Phil Fry, the VP and General Manager of Financial Compliance Strategies at Verint, brings over forty years of experience in the financial compliance industry and a deep understanding of the challenges financial firms face in adhering to regulations amidst evolving communication modes. He believes the shift towards these models has increased the need for digital compliance solutions, as communication and collaboration have become predominantly digital.

Fry emphasizes the importance of capturing data from Unified Communications (UC) tools and enhancing them with AI-based features to support businesses in maintaining compliance. He introduces the concept of “human compliance,” which involves monitoring a regulated user’s interactions across channels and locations to prevent misconduct. Fry’s perspective is shaped by his experience at Verint, where he saw the company’s investment in AI technology to enhance compliance features. Join Tom Fox and Phil Fry on this episode of the Future of Communications podcast to learn more about the need for comprehensive and proactive digital compliance solutions in the context of hybrid work models.

Key Highlights:

  • The Impact of Hybrid Working on Business and Compliance
  • Revolutionizing Communication Capture in the Digital Age
  • Verint’s Comprehensive Financial Markets Website

Resources:

Phil Fry on LinkedIn

For More Information check out Verint.

Categories
Blog

Hybrid Work Models Driving Need for Digital Compliance Solutions

This week I have a special five-part podcast series, sponsored by Verint on the Future of Communication in Financial Compliance on the Innovation in Compliance podcast series on the Compliance Podcast Network. My guest in this series is Phil Fry, VP and GTM of Financial Compliance Strategy at Verint. Over this series, we will take a deep dive into the current status of communications in financial institutions; how to be or not be compliant; an analysis and insight into the area; and how to avoid accentuating the negative and the human element in compliance. In this second post, we consider how to be or not be compliant.

The rise of hybrid work models, driven by digital communications and workplace flexibility, has significantly impacted businesses and financial markets. With the shift towards remote and flexible work arrangements, essential platforms like Microsoft Teams and Zoom have become crucial for business operations. However, this shift has also created a need for compliance capture solutions to ensure regulatory compliance and prevent misconduct in digital communications.

One of the leading compliance vendors in this space is Verint, which has been investing in artificial intelligence (AI) and developing solutions for platforms like Microsoft Teams and Zoom. Their approach, known as human compliance, focuses on monitoring regulated users’ communications across various channels. By shifting the focus from capturing tools or communications to capturing an individual’s interactions holistically, Verint believes they can effectively prevent misconduct within organizations.

The traditional approach to compliance capture involved recording and analyzing messages and calls. However, Verint’s human compliance approach recognizes that focusing on the individual is crucial to ensuring compliance. By monitoring an individual’s communications across channels and locations, both during regular working hours and outside of them, organizations can more easily identify conditions in which acts of noncompliance are more likely to occur. This proactive approach allows for the implementation of automated tools to respond to incidents, rather than passively waiting for problems to be identified.

Verint’s Microsoft Teams compliance recording solution offers features like Conditional Recording and Start Recording, which allow organizations to control recording behavior based on the participation of the interaction. This level of control enables organizations to proactively decide how they monitor and analyze an individual’s interactions, further enhancing their compliance efforts.

The shift towards hybrid work models and the increasing reliance on digital communications platforms have also led to the emergence of new and more complex regulations. Organizations must navigate these regulations while considering the impact on employee needs and behavior. The challenges associated with capturing and analyzing communications in a hybrid work environment, where conversations may involve multiple languages, transfer across different channels, and occur in noisy environments, require sophisticated compliance solutions.

Verint has been heavily investing in AI to enhance its compliance solutions. Their generative AI features, such as multilanguage transcription and summarization, help financial firms speed up audio review processes and make them more efficient. These AI-powered features provide valuable data insights and analysis, enabling organizations to meet their compliance requirements effectively.

In conclusion, the rise of hybrid work models driven by digital communications has created a significant need for digital compliance solutions. Verint’s human compliance approach, focusing on monitoring an individual’s interactions across channels and locations, offers a proactive way to prevent misconduct within organizations. By investing in AI and developing market-leading features, Verint aims to support businesses in their efforts to maintain compliance in the digital age. As organizations navigate the complexities of hybrid work models and evolving regulations, it is crucial to consider the impact on employee needs and behavior when making decisions about digital compliance solutions.

For More Information check out Verint.