Fines levied by the Financial Industry Regulatory Authority in electronic communications cases have more than doubled, from $2.7 million in 2008 to $6.2 million in 2015.
That number jumped out at me as I was reviewing Smarsh's recently released 2016 Electronic Communications Compliance Survey.
The annual survey found that compliance officers are struggling to align the benefits of "modern communications" with their duties to protect firms against compliance risks, just as SEC and FINRA examiners are increasingly knocking on their doors. At the same time, compliance officers' budget increases aren't keeping pace to grow and modernize surveillance procedures.
Not only are firms overwhelmed by the sheer volume of email they must retain and review, but resources to monitor compliance officers' expanding electronic compliance perimeter — electronic communications channels and devices in use at an organization that require governance policies and retention/supervision solutions — "are growing slowly, if at all," Smarsh reports.
The survey notes that the "current, linear approach of layering new content types on top of the supervision policies and processes originally designed for email is inefficient and ineffective."
If the procedures firms have put in place to identify risk in email are "ineffective and waste time," the survey notes, "extending those same procedures" to other electronic communications compliance content "only exacerbates those results."
Firms must rethink the traditional approach to communications supervision, the Smarsh survey warns, especially considering firms' finite resources and "growing strategic role of compliance in organizational risk management."
So what are compliance officers most worried about? The survey listed five top concerns:
-
Increased scrutiny/enforcement by regulators
-
Balancing employee privacy considerations with oversight obligations
-
New communications channels, like social media and texting
-
Cybersecurity threats posed by the use of electronic messaging platforms
-
Insufficient human resources
That concern over growing scrutiny/enforcement by regulators related to electronic message compliance was the top concern of compliance officers for the third year in a row. There's good reason to be concerned, since 42% of respondents to the 2016 poll reported being examined in the past 12 months, up from 27% in the 2015 survey.
Sixty-five percent of respondents report that the compliance function is responsible for handling requests to produce electronic communications data for e-discovery or other business purposes, bringing compliance into more aspects of business operations.
Resources Not Matching Need for Supervision
The survey listed about 18 rules and regs that can come into play regarding firms' electronic communications compliance. One of the primary rules is SEC Rule 17a-4, which requires firms to archive electronic business communications in non-rewriteable and non-erasable (WORM) formats for at least three years. Others include SEC Regulation S-P, a host of FINRA rules, as well as the Graham-Leach-Bliley Act and state data protection laws.
While the importance of communications supervision is growing, resources are not, the survey found.