© 2020 Arizent. All rights reserved.

Advisor compliance in the age of the emoji

Register now

In the past, advisors met their clients in person, made a phone call or maybe sent an email, but now clients and brokers can communicate anytime across a far wider variety of mediums. Text messages, Facebook, WhatsApp, Twitter, Skype, WeChat, Instagram: All these channels can be used to conduct business. They can also be used for other nefarious activities, presenting financial services companies with the daunting task of ensuring that all staff interactions meet compliance obligations.

It’s a challenge not many firms have conquered yet, said Marty Colburn, former executive vice president and chief technology officer for FINRA. As firms embrace new networks to connect with clients, the technology they use to help track and store electronic communications hasn’t kept pace with the way they work, he said at the RegTech 2018 conference in New York. The conference was hosted by Financial Planning’s sister publication, American Banker.

“I see firms still using the technology they acquired 15 years ago to supervise, and because of that, they’re spending too much time focusing on email because that’s what they’ve always done,” Colburn said. “There is a reluctance to deal with other communication sources.”

“But those intent on wrongdoing are going to go where they think you aren’t,” he added.

Regulators won’t be lenient either when it comes to dealing with your firm’s surveillance weaknesses.

“What’s proven to be important to regulators and the courts is the content and context of the messages — not the particular messaging channel. The same rules apply to whatever device people are using,” said Robert Cruz, senior director of information governance practice for Smarsh, an archiving and compliance software company that was also a sponsor of the conference.

“If they find it, they will fine you,” added Colburn.

Rather than trying to limit the communication forms clients and brokers or salespeople can use, firms need to think about how they want to conduct business and how they’re going to communicate, and then ensure they can govern that by expanding their supervisory circle, Cruz said.

“You need to be sure you can extract historical information from the messaging channels you use so you can show regulators, ‘here’s how we capture info and prove supervision.’ You need to have that plan in place before you allow the use of any new network,” Cruz said.

The best way to ensure you’re meeting regulatory requirements is to invest in the right vendor to provide surveillance and storage of all digital messages, Colburn added. Although he did not recommend any specific vendors, he did issue a word of caution about some legacy providers.

One company, for example, originally operated as an email archive service but later struggled to make the transition to tracking a broader array of digital communications.

“When social media exploded, they had to outsource the collection and storage of that data. It creates a bifurcated process,” he said. He added that because of this outsourcing, the information is searched and files flagged, which breaks the chain of custody on that record, meaning those records will not survive litigation. “You never want messages changed by tech,” says Colburn.

“You want a tech system that will ingest data from any platform and regulate it the same way,” says Colburn.

Legacy tools only address known risks, he added, before stressing the importance of using a tech system that has the flexibility to understand and find new patterns. As an example, he noted that conversations could be coded entirely in emoji, with two palm trees and a coconut meaning a stock downturn.

Behavioral and sentiment analysis are the keys to understanding conduct, Cruz said. And those advanced analytics must have fast, reliable access to supervised content sources.

To judge the quality of a tech vendor, Colburn recommends looking at the product’s life cycle.

“Ask how they innovate, where are they investing their money. As all these messaging channels and technology change, you want to see them investing in that same tech. If you’re not seeing that, then you’re with the wrong vendor,” says Colburn. “You want a company that lives and breathes this.”

There’s one more way firms can keep regulators off their back for social or mobile messages; make training explicit by clearly defining what communications are acceptable and prohibited in each job role, Cruz said.

“Individuals need to know what they do with each channel they can access,” Cruz said. “As new networks are employed, policies need to be updated and terms of use defined before mistakes are made.”

For reprint and licensing requests for this article, click here.