Many organisations—including highly regulated companies such as financial services firms—have relied heavily on digital communications during the pandemic to conduct business. That trend isn’t likely to fade in a post-COVID-19 work environment. So, it’s a good bet that electronic communication will remain an examination priority for regulators, like the Financial Industry Regulatory Authority (FINRA).
FINRA Rule 3110(a) requires a member firm to establish and maintain a supervisory system to monitor the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations and FINRA Rules. And an effective supervisory system includes monitoring the content of messages sent by employees.
That’s why you can expect the examination of electronic messages to part of any inquiry from FINRA. This sentiment guidance is reinforced in Regulatory Notice 20-16, Transition to Remote Work and Remote Supervision, in fact. FINRA has also identified it as a priority in the 2021 Report on FINRA’s Examination and Risk Monitoring Programme.
Two cases that underscore the risk of supervisory gaps
So, when it comes to supervising digital communications, financial services firms will want to make sure they have “all their ducks in a row”—as the saying goes. Not organising those “ducks” appropriately can lead to costly outcomes: A review of FINRA’s recent disciplinary actions shows that excluding communications can result in reputational damage and monetary fines for regulated companies.
For example, in one case, a financial services firm was fined for failing to monitor the communications of several business heads involved with approving transactions. While investigating an unrelated matter, examiners determined the company had excluded senior management from the supervisory review process outlined in the firm’s written supervisory procedures (WSPs) for several years.
The procedures indicated that senior management’s electronic messages would be retained but were not included in the lexicon and random percentage reviews. FINRA noticed the financial services firm had failed to establish a separate process to monitor these messages from senior management containing potentially “sensitive information”. So, the company had been excluding these employees from their surveillance programme for years.
In another FINRA disciplinary action case, FINRA cited an “unreasonably limited review” of emails that were flagged as the “violative conduct” that resulted in a fine for the firm and its chief compliance officer (CCO). FINRA cited their “unreasonably limited review” as a reason the CCO did not uncover unreported outside business activity by an associate of the firm. During this period, the CCO had reviewed a very small number of emails. And in that review, there were messages that should have alerted the CCO of the unreported activity.
A solution to improve digital communications monitoring
How can you ensure your business is monitoring employee activity effectively when your teams send and receive thousands of emails, texts and other digital communications daily? Proofpoint Intelligent Supervision is one way to work smarter, not harder, when monitoring digital communications.
As we’ve outlined in previous blogs, the Compliance Risk Dashboard provides a real-time snapshot into the risk activity uncovered by the Intelligent Supervision platform. Supervisors receive relevant statistics to ensure monitoring activities are current and complete. In the below dashboard, the Monitored Employees pane allows you to quickly identify when monitored staff are added or removed from Intelligent Supervision, so no one is excluded from your reviews.
Figure 1: Proofpoint Intelligent Supervision Compliance Risk Dashboard
Intelligent Supervision also supports a variety of digital communication types—any content that you can capture with Proofpoint Content Capture and retain in Proofpoint Enterprise Archive—to broaden your review to include other types of chat and social media conversations. A comprehensive suite of reports supplements the Compliance Risk Dashboard to complete your audit-ready supervision plan.
More resources to help close the gaps
Regulators like FINRA recognise that many firms had to pivot fast to remote work during the pandemic and adjust supervisory practices to monitor their remote staff—and that this may have resulted in supervisory gaps in digital communications. So, they’re on the lookout for these gaps.
Proofpoint’s team of Professional Services Consultants can partner with you to ensure you’re using all the features of Intelligent Supervision effectively and help you close any potential supervisory gaps. We can also help you improve performance and reduce noise, so you’re reviewing the items that matter.
We also share best practices to help you create a solid surveillance programme to strengthen your overall supervisory system, so you’re prepare for your next audit. As one of those consultants, I’d like to share a few best practices right now for identifying and closing supervisory gaps:
- Make sure your WSPs for electronic communication surveillance are current and cover all employees.
- Ensure your reviews are not limited to emails and cover all communication methods used by your employees.
- Don’t “set it and forget it”. Schedule regular rule refinement and business risk evaluations to confirm your reviews apply to your current business model.
- Use resources like the Proofpoint Intelligent Supervision Consulting team, who can partner with you to get the most from your surveillance tools.
For more information, visit the Proofpoint Intelligent Supervision page