These past weeks, companies around the world have experienced, for the first time, the complex and challenging world of at-home work setup. Regulated entities, in particular, still face obstacles in adopting the new setup, particularly in the areas of mobile archiving compliance and data security.
With most of the workforce in the regulated sectors being asked to work remotely in varying degrees, compliance concerns inevitably arise. On top of the IT and productivity challenges that come with at-home work setup, regulated entities will also have to make sure that their communications supervision and retention policies can still be implemented, as regulators are showing no signs of relaxing their market monitoring requirements.
- S. SEC – “The agency is actively monitoring our markets for frauds, illicit schemes and other misconduct affecting U.S. investors relating to COVID-19—and as circumstances warrant, will issue trading suspensions and use enforcement tools as appropriate.”
- ESMA – “If firms, under these exceptional scenarios, are unable to record voice communications, ESMA expects them to consider what alternative steps they could take to mitigate the risks related to the lack of recording.”
- FCA – “Firms should continue to take all steps to prevent market abuse risks. This could include enhanced monitoring or retrospective reviews. We will continue to monitor for market abuse and, if necessary, take action.”
New Challenges Presented by Coronavirus and Work from Home Setup
- Use of “New” Communication Channels
As traders, wealth managers, and private bankers are forced to work from home, they are using non-traditional communication channels to continue their engagement with their existing clients.
Traders, for instance, usually use a specialized telephone know as a “turret,” which is equipped with preprogrammed keys to connect with valuable clients and trading partners. While there are modern solutions that would allow traders to use a turret-like system in their home, many have simply looked up the numbers of their clients and used their cellphones to connect with their clients.
Channels such as text messaging and instant messaging apps such as WhatsApp are being used more than ever by traders as they are readily available, easier to use, and allow for faster communications with the clients. Such channels present more compliance challenges for regulated entities that don’t have any existing mobile communication policy in place.
- Volatile Markets
The crisis the world face today causes the financial market to become extremely volatile. This means that investors are communicating more frequently with their advisors. This increase in activity makes it more challenging for companies to spot unusual behaviors of their employees and clients and to effectively monitor all communication channels being used.
- Data Security and Privacy Threats
Regulated entities usually have robust data protection policies and systems within their premises; however, not all have a readily available version of those programs for times of crisis. Many employees are now using their private devices and accessing online business systems and records through non-secured networks, which then exposes the company to new cybersecurity and data privacy threats.
- Ensuring Best Execution
Financial advisors, traders, and managers must be continuously monitored to ensure that they are implementing the practices for best execution as mandated by the regulators, but extremely challenging in the new work-at-home environment.
How Can Regulated Entities Cope with These Challenges?
- Audit All Communications After the Crisis
Companies that are required to compile a report for compliance reasons should ensure that all relevant business records produced throughout the crisis are captured and retained. Such business records include all the text messages, voice calls, instant messaging (IMs), and other mobile communications of the remote employees with the clients and co-workers.
Having the capability to capture mobile messages can be extremely valuable not only for record retention compliance purposes but also in monitoring employees’ activities. By having a mobile archiving solution with a real-time archiving feature, companies will not only be able to have complete business records to audit and analyze after the crisis, but also access to real-time communications which they can monitor for possible threats of insider trading and misconducts.
- Protect Sensitive Communications Through Encryption
Companies with remote employees living in areas with less travel restriction may find those employees working in public places with free Wi-Fi access such as coffee shops and libraries. Public Wi-Fi introduces significant security risks, and companies should be able to help their employees mitigate these risks through the employment of encryption technology.
The simplest way for employees to protect mobile communications from hacking is by using encrypted messaging apps such as WhatsApp. Now more than ever, WhatsApp and other secure messaging applications play an essential role as employees work remotely for the first time. With these apps, they can send and receive sensitive information more securely – whether they use their own mobile carrier data connection or a public Wi-Fi connection.
For regulated entities, these apps should suffice in complying with relevant data privacy laws, but at the same time, could expose their company to a wide range of record retention laws if they fail to capture the encrypted work-related communications of their employees. As such, allowing employees to use WhatsApp and other encrypted messaging apps should also come with the capability to capture those messages in real-time to remain compliant with the mobile archiving laws of SEC, FCA, ESMA, and other regulators.
){kind=link}