Concerns around communicating compliantly
What are the challenges and barriers to compliant communications?
Compliant communications and the monitoring of communication channels across the board is a clear regulatory priority in 2023.
What is not clear, however, is the most effective solution. While technology exists that can enable firms to capture, retain, and monitor their business communications, often the more prominent issue is a behavioral one; how does the compliance team get employees to comply with new rules? If you implement new technology, how do you ensure that employees will use it?
In our survey, the issue of employee buy-in for compliant communications outweighed other challenges including the monitoring of comms, the storage of comms, and the cost.
Behaviors are often built up over time. Prior to regulatory scrutiny around compliant communications, many individuals will have been using SMS, WhatsApp, and other channels to communicate freely with colleagues and customers.
In the wake of company-wide channel bans, it is likely that some will not want to alter their communication behavior away from the channels that they are most accustomed to, and that they have seen to be most effective in conducting business.
Sometimes, this can be explicitly client driven, with clients requesting only to be contacted on WhatsApp, for example. Where employees are unable to meet this request, there is a real risk of fractured relationships or even loss of business.
When asked what their main concern was when ensuring compliance for electronic communication channels, 61.5% of our survey respondents said they were most worried about getting employees to comply.
We're all playing catch up and fighting the human condition in the process as individuals seek to communicate faster and more broadly than ever before.
Anonymous, Investment Advisor
While many are struggling with employee buy-in, some respondents reported more positive experiences:
We have had lots of discussions and training on this with all employees, which given the number of questions back, has shown good engagement and understanding, and we have worked through detailed and specific issues to find solutions that work for each team (particularly around things like urgent issues out of hours).
Anonymous, Hedge Fund
Implementing company-wide behavioral change – often referred to as a “culture of compliance” - is a longstanding battle for the compliance team. This is especially true of senior managers and the C-suite, who are often aware of the relevant policies but fail to comply for myriad reasons.
The hardest task is persuading people to change their behavior. They don't break the rules because they don't know or understand them.
They do it because it is easier or more convenient to do so and because they think the risk is worth it. So once you've explained the rules, you have to show them an easier way and persuade them that it is better for them, and more professional if they do the right thing. It is partly appealing to professional vanity and partly showing them, through examples, what the risks are to them personally if they cut corners: not just the risk of fines but the embarrassment of a senior manager being under investigation and having to explain why they did not take simple steps to protect themselves and the organisation they lead from harm. No-one, especially senior managers, enjoys that.
Carroll Barry-Walsh, Lawyer, Speaker, and Founder at Barry-Walsh Associates
In the previously referenced FINRA enforcement of a high-profile investment bank for off-channel comms, the regulator found that senior managers “routinely exchanged text messages about firm business with each other on their personal cellphones outside of the firm’s approved communication platforms”. These senior managers were each fined $15,000 for their wrongdoing and were suspended from association with any FINRA Member in all capacities for 30 days.
Earlier in 2022, the SEC banned a CCO from acting in a supervisory capacity for five years and issued him with a $15,000 fine because he was aware that the company’s compliance program was “inadequately implemented” but failed to take steps to fix it.
In the U.K, the Financial Conduct Authority took aim at senior executives in a number of instances, most recently against three execs who “failed to conduct business with integrity”.
All of these actions broadly echo the wording of the U.S. DOJ’s Acting Principal Deputy Assistant Attorney General, Nicole Argentieri, who said in a December 2022 speech that the “involvement by executive management in misconduct” would be seen as an “aggravating factor” and could lead to increased penalties where non-compliance is uncovered.
The main thing when trying to alter human behavior is the ease of use.
If you’re trying to get the corporate office to adopt some new tech and it’s difficult to use, then it won’t take off. It’s easy to text and use WhatsApp. Telling reps to use something restrictive is difficult. The solution here will be training and to guide employees on how to use new technology or new apps. You have to educate them, to tailor your training programs to their specific use cases. After all, we’re all creatures of habit. In terms of getting senior leadership buy-in, you just need to look at the fines that have been rolled out to realize the benefits of using compliant technology. They just need to think, would we rather spend money on a compliant solution, or do we want to be all over the Wall Street Journal?
Chip Jones, Executive Vice President of Compliance, Global Relay
Second to concerns about getting employees to comply with communication policies, 53.8% of survey respondents said that they were concerned about the difficulties surrounding monitoring all communication channels.
The mode of communication has outpaced the capture, storage and monitoring solutions available.
The challenges here lie at the intersection of time and innovation; new methods of communication are created rapidly, leaving regulators, compliance teams, and compliance technology vendors struggling to keep pace with innovation.
It is going to continue to change, so proactivity is vital.
Anonymous, Bank
If we look at social media channels such as Twitter and Instagram as an example, regulators have only recently started to consider the implications of SMS and personal phones for business purposes. Complying with communication channels will likely be a constant evolution.
I suspect there will be greater use of non-mainstream communication channels, i.e. alternatives to WhatsApp, that are not widely known about.
If these predictions prove to be true, which is likely, then the regulatory burden of monitoring all communication channels for compliance will increase, as will the challenge of keeping up with the pace of innovation.
Technology that captures and stores communication data is now well-developed and relatively mainstream for most large, regulated firms. Despite this, 23.1% of respondents said that they face difficulties when capturing and storing communications data.
The cost of compliance technology can be a cause for concern for compliance teams, especially when it comes to proving return on investment (ROI) to those who have ultimate budget sign-off. For firms that have not had visits or interactions from the regulator, this is especially true; how, or why, should a firm invest in costly compliance technology when they are compliant at best – or have avoided regulatory attention at least?
When considering the cost of compliance technology, consideration of regulatory fines is a good place to start. The SEC’s enforcement results for 2022, for example, showed that the regulator issued $4.2 billion in regulatory fines, of which $1.235bn was made up of “cumulative penalties paid in connection with recordkeeping violations”.
The cost of compliance technology is minimal when compared to regulatory fines, and even less than the remediation costs, which dwarf everything.
As well as this, firms should be looking at the long-term cost benefits of future-proofing compliance programs by investing in technological solutions that are flexible enough to evolve as the technological and regulatory landscape for electronic communication advances.
I do think there is a limit on the return on investment for compliance and surveillance controls.
When you factor in how easy it is to bypass certain controls (hello burner phone), it does make you reconsider the cost of automating, the complexities of natural language processing, including foreign languages, industry slang and cultures etc.
I think about striking the right balance between technology investment and building/sustaining a strong culture.
Anonymous
