Categories
Innovation in Compliance

Messaging Compliance in a Shifting Regulatory Landscape: Part 3 – Regulatory Changes on the Horizon for UK Firms

Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part podcast post series, messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series, I will visit with Chip Jones, Executive Vice President – Compliance at Global Relay;  Alex Viall, Chief Strategy Officer at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennifer Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager, Unified Communications. Over this series, we will consider the US and UK regulatory framework for messaging apps, consider if business innovation is being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app.

In this Part 3, I visit with Rob Mason, Director of Regulatory Intelligence at Global Relay, on the current and upcoming UK regulatory landscape. Rob shares his experience, having worked with Lloyds Banking Group, UBS, and the UK’s conduct regulator. The podcast delves into current UK regulatory priorities, data protection issues, and the importance of operational risk management, compliance, and surveillance in the banking industry.  Hear Rob’s insights on the evolution of the remit of the FCA, the role of monitoring communication effectively without breaching data privacy, Brexit, and data protection issues, and the need for closer monitoring to avoid scandals. If you want to learn how to manage risk and compliance from industry experts, tune in to UK Regulatory Landscape.

Key Highlights:

  • Latest UK Regulatory Priorities
  • Comparison of FCA and SEC Regulations
  • Data Protection and Operational Resilience in the UK
  • Impact of the Merger of Credit Suisse and UBS

For more information, go to Global Relay.

Join us in our next episode, where we examine the Global Relay Report: Compliant Communications in 2023.

Categories
Blog

Messaging Compliance in a Shifting Regulatory Landscape: The Current and Shifting UK Regulatory Landscape

Are you ready to learn how to implement electronic communications capture and supervision in your firm for better compliance and prevention of regulatory violations? Is messaging compliance giving your compliance function headaches. Welcome to a special 5 part blog post series on messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. For this Part 3, I visited with Rob Mason on the current state of UK regulations on messaging apps and where it may be headed.

Staying ahead of the curve when it comes to the shifting UK regulatory landscape is vital for financial institutions and their compliance professionals. Keeping pace with the FCA’s evolving priorities, as well as ensuring ongoing compliance with GDPR and data protection, can have significant effects on the smooth functioning of your institution. Enhancing operational resilience and implementing effective employee communication monitoring are essential steps to take, in addition to exploring resources for regulatory technology solutions. By remaining updated and flexible, compliance professionals in the UK can successfully navigate the complexities of regulatory changes, ultimately resulting in an improved understanding of current and upcoming UK regulations.

Here are some key steps:

  • Understand FCA’s evolving priorities and focus
  • Keep up-to-date with GDPR and data protection
  • Enhance operational resilience in your institution
  • Implement effective employee communication monitoring
  • Explore resources for regulatory technology solutions

 1. Understand FCA’s evolving priorities and focus.

Navigating the shifting UK regulatory landscape as a financial institution can be complex, but a key step is understanding the evolving priorities and focus of the Financial Conduct Authority (FCA). As the FCA shifts its focus towards a broader oversight approach, financial institutions must remain up-to-date with emerging regulations and adapt their internal processes accordingly. This comprehensive understanding of FCA priorities is vital for compliance professionals, as it enables them to mitigate potential risks, ensure data protection, and maintain operational resilience in an ever-changing regulatory environment.

Mason noted the FCA’s increased focus on retail and consumer financial services in addition to wholesale markets, which has led to a broader oversight approach and also highlighted the importance of data protection and the impact that GDPR regulations and Brexit have had on the UK’s regulatory environment.  Understanding the FCA’s evolving priorities and focus is crucial for compliance professionals in the UK, as it allows them to better adapt to the rapidly changing regulatory landscape. Being knowledgeable about current regulations and anticipating future changes can help institutions maintain compliance, safeguard data, and ensure operational resilience in the face of potential challenges. By staying informed and proactive, compliance professionals can successfully navigate the shifting UK regulatory landscape and contribute to the overall success and stability of their organizations.

 2. Keep up-to-date with GDPR and data protection.

With the ever-changing regulatory landscape in the UK, remaining up-to-date with GDPR and data protection is more crucial than ever for financial institutions. One of the significant changes that has come to focus in recent times is the GDPR, which greatly impacts how businesses collect, store, and process personal data. Data protection concerns have now begun to take center stage not only in Europe but also across the globe. By understanding the requirements of GDPR and other data protection laws, financial institutions can adapt to the changes and avoid costly fines or reputational damage.

Mason said that Europe has been ahead of the curve when it comes to data protection concerns, and how new developments, such as Brexit, have further emphasized the significance of GDPR in the UK. He also discussed how monitoring employee communications became increasingly critical for large organizations to prevent scandals. By keeping up with these regulatory changes and understanding the impact they have on organizations, compliance professionals can better equip themselves to face the challenges that lie ahead.  The importance of staying up-to-date with GDPR and data protection for compliance professionals in the UK cannot be understated.

These regulations help build a strong framework that ensures the protection of customer data, which is at the heart of any financial institution. Besides preventing financial and reputational damage, being compliant with GDPR and data protection laws allows organizations to maintain customer trust, demonstrate transparency, and ultimately contribute to the long-term success of their business. For financial institutions, being knowledgeable about these laws is not just a matter of regulatory compliance, but also a vital factor in creating a sustainable, ethical, and client-centric business. As the regulatory environment continues to evolve, staying ahead of the curve will prove indispensable for financial institutions and their compliance professionals.

 3. Enhance operational resilience in your institution.

In today’s rapidly changing regulatory environment, financial institutions must be agile and proactive in order to stay ahead of the curve. Enhancing operational resilience is a key step in achieving this goal, as it allows organizations to effectively manage unexpected disruptions and challenges. A strong operational resilience framework not only prevents potential losses but also helps maintain stability and reputation in the face of adversity. To successfully navigate the shifting UK regulatory landscape, financial institutions must invest in the necessary resources, infrastructure, and skill sets required for effective risk management, business continuity, and crisis response mechanisms. In this context, it is crucial for these institutions to regularly assess their resilience measures and adopt best practices in line with emerging industry trends and regulations.

Strengthening operational resilience safeguards the institution from potential losses and reputational damage, ensuring long-term success in a capricious regulatory landscape. Moreover, addressing operational risks effectively is crucial in mitigating negative consequences on a larger scale, preventing widespread financial contagion. As the UK financial sector undergoes constant transformation, compliance professionals must be equipped to adapt quickly to emerging challenges. By prioritizing operational resilience and staying abreast of the latest industry trends, these professionals will be better prepared to navigate the shifting UK regulatory landscape, protecting both their institutions and their clients from potential adverse effects.

As a compliance professional in the UK, it’s essential to keep up with the shifting regulatory landscape in order to ensure your financial institution can effectively overcome any obstacles. Staying informed about the FCA’s priorities, GDPR, and data protection regulations is key to maintaining a strong compliance strategy. Additionally, focus on enhancing operational resilience, monitoring employee communications, and seeking out resources for regtech solutions. By doing so, you’ll not only stay compliant but also foster a more secure and thriving financial institution.

Join me tomorrow where we review the recently released Global Relay report, Compliant Communications 2023.

For more information on Global Relay, click here.

Categories
Innovation in Compliance

Messaging Compliance in a Shifting Regulatory Landscape: Part 2 – Is Business Innovation Being Stifled by Regulatory Actions?

Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part podcast post series, messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series, I will visit with Chip Jones, Executive Vice President – Compliance at Global Relay; Alex Viall, Chief Strategy Officer at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennifer Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager, Unified Communications. Over this series, we will consider the US and UK regulatory framework for messaging apps, consider if business innovation is being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app.

In this Part 2, I visit with Alex Viall UK regulatory compliance expert, to explore the intersection of regulation and innovation, and in this thought-provoking podcast as they discuss the dynamics between business innovation and regulatory compliance. Discover how the evolution of technology is causing a generational shift in communication and how this impacts businesses in the industry. Hear about the importance of capturing conversations and messages for law enforcement purposes and the need for policies and procedures to manage risks effectively.

Take advantage of expert insights on practical solutions, training, and monitoring policies to stay compliant. Learn why banning communication isn’t the answer and how a proactive attitude can lead to better risk management and regulatory compliance.

Key Highlights:

  • Balancing Innovation and Compliance in Messaging
  • Challenges of Ephemeral Messaging in Business
  • Communications Compliance and Training for Business Conversations
  • Overcoming the Ineffectiveness of Communication Bans

For more information, go to Global Relay.

Join us in our next episode, where we examine the current UK regulatory landscape for messaging apps.

Categories
Blog

Messaging Compliance in a Shifting Regulatory Landscape: Is Regulation Stifling Business Innovation?

Are you ready to learn how to implement electronic communications capture and supervision in your firm for better compliance and prevention of regulatory violations? Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part blog post series on messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. In this Part 2, I visited with Alex Viall on the provocative topic of where regulation stifles innovation in messaging apps.

The ever-increasing use of instant messaging in businesses brings about the need for compliant messaging policies. With proper guidelines, compliance officers and entrepreneurs can ensure that their company’s communication practices are up to par with regulatory standards and that potential risks are minimized. This enhances the overall efficiency and transparency of the business and provides peace of mind for those involved in managing and maintaining these communication platforms.

Here are some key steps:

  • Assess current communication platforms and habits
  • Create clear, transparent messaging policies
  • Implement regular employee training sessions
  • Monitor messaging compliance and address breaches
  • Explore tech solutions for messaging management

1. Assess current communication platforms and habits.

Developing compliant messaging policies for your business begins with assessing your company’s current communication platforms and habits. This critical first step involves thoroughly examining how employees communicate internally and externally and the tools and channels they utilize. You can effectively mitigate potential non-compliance issues by deeply understanding your business’s communication landscape. Identifying areas where innovation and improvements can be made while minimizing impacts on operations and employee experience is crucial. Therefore, it’s essential to keep an open mind and be prepared to adapt to the evolving nature of technology and ever-changing communication trends.

Viall underscored embracing business innovation while ensuring regulatory compliance and risk management. Communication habits constantly change, and organizations must adapt effectively while maintaining auditable trials for every conversation. Proper employee training is critical to fostering change and adopting new communication practices. This training should focus on creating comprehensive, practical policies that everyone can easily understand and adhere to, steering clear of generic policies that merely act as a checkbox.

Remember that senior management is pivotal in setting a positive tone and demonstrating a commitment to transparency and policy adherence.  Understanding and addressing the critical first step of assessing your business’s current communication platforms and habits is vital for compliance officers and entrepreneurs because doing so equips them with valuable insights into potential shortcomings, risks, and opportunities for growth. Organizations can proactively tackle potential compliance pitfalls by developing relevant and practical messaging policies while encouraging innovation and seamless communication. Ultimately, this will result in a more robust and resilient business that can effectively navigate the ever-evolving communication technology landscape and maintain a competitive edge in the market.

2. Create clear, transparent messaging policies.

Effective communication is essential for businesses today, and as technology evolves, so do the platforms and devices we use to communicate with one another. This shift in communication methods has increased the importance of creating clear, transparent messaging policies for companies. While internal and external communication may change, one thing remains constant: the need for proper risk management, regulatory compliance, and corporate hygiene. To achieve this, companies should develop comprehensive, practical policies for instant messaging that employees can easily understand and implement. The goal is to avoid creating generic policies that are simply a box-ticking exercise while supporting business innovation and maintaining auditable communication trails.

Viall noted that effective communication requires changing employees’ mindsets and ongoing training to ensure a secure and compliant messaging environment. Furthermore, senior management must set the right tone, reiterating the importance of compliance with these policies. Companies need to have procedures in place for monitoring, remediation, and promptly addressing any non-compliance issues. As technology continues to evolve, new tools and solutions for managing messaging compliance will become increasingly available, making it more important than ever for businesses to stay ahead of the curve.

Creating clear messaging policies cannot be overstated, particularly for compliance officers and entrepreneurs operating in an instant, ephemeral messaging age. With regulatory compliance and risk management at the forefront of business concerns, having practical, transparent policies can help ensure that a company maintains its competitive edge. This is especially true given the rapid advancements in technology and the potential consequences of non-compliance, which could lead to serious repercussions for businesses, both legally and financially. By focusing on transparent messaging policies, companies will be poised to manage risk effectively and thrive in today’s fast-paced, interconnected world of business communication.

3. Implement regular employee training sessions.

The nature of business is that it continues to evolve and adapt to new technologies, and communication methods are also changing. Gone are the days of only relying on traditional face-to-face conversations or even phone calls to get things done. With the rise of instant messaging platforms, companies now have a fast and effective way to communicate internally with team members and externally with clients. This new, dynamic form of conversation has greatly improved workplace efficiency and speed. Still, it also presents a significant challenge – ensuring that all communication is properly documented and compliant with various rules and regulations.

According to Viall, implementing regular employee training sessions is one crucial aspect of achieving this. These sessions should cover all of the proper procedures to be followed when using instant messaging in a professional setting and the potential risks and consequences of not adhering to these guidelines.  Conducting regular employee training sessions on messaging compliance helps create a company culture that prioritizes open communication, transparency, and, ultimately, accountability. When employees are knowledgeable and confident about what is expected of them, they are more likely to abide by the rules and demonstrate better judgment when faced with challenging situations. This reduces the likelihood of regulatory issues or scandals related to non-compliant messaging for businesses.

As compliance officers and entrepreneurs managing instant messaging in business, staying on top of evolving regulations and ensuring your company is adhering to best practices is crucial. You can significantly improve your organization’s regulatory compliance and risk by assessing your current communication platforms and habits, creating clear and transparent messaging policies, implementing regular employee training sessions, monitoring messaging compliance, and exploring tech solutions for messaging management. Do not hesitate to implement these steps and reap the benefits of a compliant and efficient messaging system.

Join me tomorrow as we consider changes in the UK regulatory schemes regarding messaging apps and compliance.

For more information, go to www.globalrelay.com

Categories
Innovation in Compliance

Messaging Compliance in a Shifting Regulatory Landscape: Part 1 – The Future is Now: U.S. Regulatory Compliance

Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part podcast post series, messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. Over this series, I will visit with Chip Jones, Executive Vice President – Compliance at Global Relay;  Alex Viall, Chief Strategy Officer at Global Relay; Rob Mason, Director, Regulatory Intelligence at Global Relay; Jennifer Clarke, Head of Content at Global Relay; and Raewyn Danvers, Sales Manager, Unified Communications. Over this series, we will consider the US and UK regulatory framework for messaging apps, consider if business innovation is being stifled by regulatory action, preview the Global Relay Report: Compliant Communications in 2023, and look down the road on how to stay Ahead of regulation with the compliant communications in one app.

In this Part 1, I visit with Chip Jones, Executive VP of Compliance at Global Relay, on the current US regulatory landscape for messaging apps and discuss the challenges of maintaining communication compliance in various industries, focusing on off-channel communications, particularly in the financial services industry. Chip shares insights on the recent collective settlement issued by the SEC, which sends a clear message to firms about the importance of adhering to internal communication retention and supervision policies. Learn about how Global Relay is helping firms monitor their communications to detect fraudulent activities and avoid compliance issues. Take advantage of this informative podcast, which ends with a teaser for the next episode on the impact of regulatory action on business innovation.

Key Highlights:

  • The Challenges of Regulatory Compliance in the US
  • SEC enforcement actions on communication violations
  • Monitoring Electronic Communications in Financial Services
  • Off-channel Communications Consequences

For more information, go to Global Relay.

Join us in our next episode, where we ask: Is business innovation stifled by regulatory action?

Categories
Blog

Messaging Compliance in a Shifting Regulatory Landscape: U.S. Regulatory Compliance

Are you ready to learn how to implement electronic communications capture and supervision in your firm for better compliance and prevention of regulatory violations? Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part blog post series on messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. In this Part 1, I visited with Chip Jones on the current US regulatory landscape for messaging apps.

The importance of capturing and supervising electronic communications cannot be overstated for financial services compliance professionals. By properly managing these communications, you are taking a proactive approach to preventing potential regulatory violations and protecting both your personal and professional reputation. Through implementing a robust communication compliance policy, training your employees, and establishing a monitoring process, you can ensure a secure and compliant environment in which your firm can thrive.

Here are the key steps:

  • Understand electronic communication regulations;
  • Choose a reliable communication capture tool;
  • Implement a clear communication compliance policy;
  • Train employees on communication best practices; and
  • Establish a monitoring and supervision process.

 1. Understand electronic communication regulations.

In the ever-evolving world of financial services, electronic communication regulations play a critical role in ensuring transparency, accountability, and compliance. Familiarizing yourself with these regulations is the first essential step in implementing effective Electronic Communications Capture and Supervision (ECCS) processes at your firm. By understanding the governing rules and industry standards, financial service professionals can avoid potential pitfalls and unwarranted regulatory scrutiny.

In light of the SEC’s enforcement actions against large investment banks, it becomes apparent how crucial it is to stay informed of these regulations and maintain proactive supervision. The use of electronic communication tools, enables firms to monitor their internal communications closely and prevent regulatory violations. One effective method is to actively flag specific phrases and keywords that indicate off-channel communications, which in turn draws attention to and helps monitor those potential risks.

2. Choose a reliable communication capture tool.

Implementing electronic communication capture and supervision within a financial firm is essential for ensuring compliance with regulatory requirements and maintaining a transparent and accountable work environment. When choosing a reliable communication capture tool, it is crucial to consider its effectiveness in monitoring and archiving all forms of electronic communication within the organization. This includes emails, instant messages, social media interactions, and any other relevant communication channels. A dependable tool should be able to capture and retain all electronic communications while additionally providing the option to search, analyze, and review the retained data for potential regulatory violations or areas of concern.

One way their solution helps is by tracking phrases and words that may suggest an attempt to shift discussions to off-channel platforms. This raises a red flag, which allows compliance professionals to identify potential violations and take appropriate action. The Securities and Exchange Commission (SEC) is increasingly focusing on individuals within firms who breach regulatory guidelines. As a result, the SEC may impose stronger consequences such as termination or monetary actions to deter similar violations from occurring.  The implementation of a reliable communication capture tool is essential for a firm’s overall compliance efforts, as it helps promote transparency and instills accountability within the organization.

Ensuring that electronic communications are monitored and retained reduces the likelihood of rogue representatives pushing unsuitable investments or engaging in other illegal activities. Furthermore, the use of reliable tools can provide financial firms with a solid foundation for communication compliance supervision, which regulators are increasingly emphasizing. As compliance professionals are likely to face more individual-level enforcement actions, firms must have the right tools and processes in place to maintain compliance and mitigate potential risks.

 3. Implement and train employees on a clear communication compliance policy.

Implementing a clear communication compliance policy is an essential step in ensuring your firm’s electronic communications are appropriately supervised and within regulatory requirements. By establishing a well-structured policy, compliance professionals can effectively monitor and mitigate potential risks, which may result in regulatory violations and penalties. A comprehensive compliance policy should address the monitoring of on- and off-channel communications, identify patterns of misconduct, and establish procedures to escalate and resolve potential issues.

A robust policy should educate employees on the importance of proper communication compliance and the dangers of using personal devices for business communications.  The regulators, including the SEC, are closely monitoring and enforcing communication compliance rules, increasing the potential for individual-level actions, such as termination or monetary penalties, against those violating such requirements.  Understanding and implementing a communication compliance policy is crucial for financial services compliance professionals to mitigate the risk of regulatory violations.

By proactively monitoring electronic communications and capturing data, firms can equip their compliance teams with invaluable information to identify and address potential issues early. Moreover, implementing a robust compliance policy can help encourage employees to maintain transparency in their communications and understand the importance of using appropriate channels for business purposes. In doing so, organizations can effectively minimize regulatory risks, protect their reputation, and ensure the highest standard of integrity in their business operations.

In today’s fast-paced financial services industry, ensuring compliance with electronic communication regulations is more vital than ever. By following the steps outlined in this blog post, compliance professionals like you can significantly reduce the risk of regulatory violations and protect your firm’s reputation. Remember, a well-thought-out communication compliance policy, coupled with employee training and a reliable communication capture tool, can provide the foundation for a robust compliance program. Don’t hesitate to take action – invest in the right tools and processes to safeguard your firm’s future.

Join us tomorrow when we ask the provocative question: Is Regulation stifling innovation?

Categories
Blog

The Week That Was in Compliance – The ECCP: Part 3 – Messaging Apps

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we review another new addition to the ECCP, dealing with messaging apps.

There is not much which seems to excise the regulators in the compliance space as much as messaging apps. The Securities and Exchange Commission (SEC) has brought multiple and very large enforcement actions against regulated industries around their allowing employees to use messaging apps with no corporate oversight. The Department of Justice (DOJ) has been talking about messaging apps for over two years and now incorporated its guidance into the ECCP.

The ECCP opened this section by noting, “Messaging applications have become ubiquitous in many markets and offer important platforms for companies to achieve growth and facilitate communication.” For any company under investigation or in a Foreign Corrupt Practices Act (FCPA) enforcement action, the DOJ will evaluate its “policies and mechanisms for identifying, reporting, investigating, and remediating potential misconduct and violations of law…governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications.” Off the shelf policies will not be sufficient as the company’s management of messaging apps “should be tailored to the corporation’s risk profile and specific business needs.” Not surprisingly the DOJ is also concerned about storage, access and even backups, requiring that “business-related electronic data and communications are accessible and amenable to preservation by the company.” Training and communication of these policies and procedures will also be evaluated and “whether the corporation has enforced the policies and procedures on a regular and consistent basis in practice.”

The Messaging Apps

Under the section entitled “Communication Channels”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What electronic communication channels does the company and its employees use, or allow to be used, to conduct business?
  • How does that practice vary by jurisdiction and business function, and why?
  • What mechanisms has the company put in place to manage and preserve information contained within each of the electronic communication channels?
  • What preservation or deletion settings are available to each employee under each communication channel, and what do the company’s policies require with respect to each?
  • What is the rationale for the company’s approach to determining which communication channels and settings are permitted?

Under this section, compliance must delineate which messaging apps a company uses and why. Is it consistent or does it vary country by country? What mechanism has your organization put in place to manage this risk? Finally, how are the communications preserved and what is your rationale for your system?

Policies and Procedures

Under the section entitled “Policy Environment”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What policies and procedures are in place to ensure that communications and other data is preserved from devices that are replaced?
  • What are the relevant code of conduct, privacy, security, and employment laws or policies that govern the organization’s ability to ensure security or monitor/access business-related communications?
  • If the company has a “bring your own device” (BYOD) program, what are its policies governing preservation of and access to corporate data and communications stored on personal devices—including data contained within messaging platforms—and what is the rationale behind those policies?
  • How have the company’s data retention and business conduct policies been applied and enforced with respect to personal devices and messaging applications?
  • Do the organization’s policies permit the company to review business communications on BYOD and/or messaging applications?
  • What exceptions or limitations to these policies have been permitted by the organization? If the company has a policy regarding whether employees should transfer messages, data, and information from private phones or messaging applications onto company record-keeping systems in order to preserve and retain them, is it being followed in practice, and how is it enforced?

This section presents several areas a compliance professional should look into for their program. Do you have an appropriate set of policies and procedures in place and are they the same for company issued phones and BYOD phones? If not, why not. Do you have a data retention policy in place for messaging apps and their platforms and is it applied consistently (if at all)? Does your organization review business communications through messaging apps or does your organization even have the right to do so? Finally, are messages preserved somewhere?

Under the section entitled “Risk Management”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What are the consequences for employees who refuse the company access to company communications? Has the company ever exercised these rights?
  • Has the company disciplined employees who fail to comply with the policy or the requirement that they give the company access to these communications? Has the use of personal devices or messaging applications—including ephemeral messaging applications—impaired in any way the organization’s compliance program or its ability to conduct internal investigations or respond to requests from prosecutors or civil enforcement or regulatory agencies?
  • How does the organization manage security and exercise control over the communication channels used to conduct the organization’s affairs?
  • Is the organization’s approach to permitting and managing communication channels, including BYOD and messaging applications, reasonable in the context of the company’s business needs and risk profile?

This  final section might as well have been named ‘consequence management’ but I guess that moniker was already taken. Here the DOJ wants to know what consequences recalcitrant  employees faced for failure to follow the appropriate  policies and procedures.  Moreover, did any employee actions around messaging apps hinder or block internal investigations or regulators queries or attendant responses?  Next, is an appropriate level of internal security being exercised for such communications? Finally, are the company’s action reasonable in the context of its business needs and risk management protocol?

Obviously, there is quite a bit in these three sections every compliance professional will have to consider. But the framework already exists which you can adapt. It is risk assessmentrisk management strategyongoing monitoringongoing improvement. It may take some work but your blueprint to handle these requirements exists.

Join us tomorrow when we conclude our review of the 2023 ECCP.

Categories
Daily Compliance News

September 29, 2022 the Banks Continue Behaving Badly Edition

In today’s edition of Daily Compliance News:

  • Banks pay a whopping $1.8bn in fines for messaging apps. (WSJ)
  • New Russia sanctions are coming. (WSJ)
  • Wine competition breaches UK sanctions. (WSJ)
  • Marketers are taking note. (WSJ)