Insider Threat Management

Remote (Work) Control: Best Practices for Compliance Monitoring in 2023

Share with your network!

First of three parts.

More than three years after sending workers home at the start of the pandemic, the financial industry has accepted remote work as a regular feature of modern business. Workers like the flexibility; employers love the increased productivity.

But this shift has also created new challenges for the sector. That’s especially true when it comes to compliance monitoring. Even as regulations evolve, financial firms must find ways to ensure that remote employees comply with new and evolving rules.  

 (A recent example is SEC rules that went into effect in October 2022 that govern how investment advisors can advertise and solicit funds.)

As long as finance sector employees are working remotely, electronic communications records compliance is bound to be a top concern. Today’s workers do their job over a variety of channels: email, instant messaging, video and more. Monitoring and archiving it all in a way that follows FINRA, SEC and FCA and other mandates is growing trickier by the day.

In this blog post, we explore best practices for compliance monitoring in a remote-first environment. We’ll show how financial firms can keep employees compliant and productive no matter where or how they work.

Step 1: Implement a comprehensive electronic communication policy

The first step in ensuring compliance with electronic communications rules is a robust, comprehensive policy. It should outline:

  • What types of electronic communications are allowed
  • What channels can be used
  • Rules for employee conduct

The policy should also cover how their electronic communications will be monitored and archived—and the consequences for not following the guidelines.

Step 2: Provide training on the policy and regulations

Once the policy is in place, you must ensure that all users are aware of and understand what’s expected of them. Training sessions, online courses and other forms of employee coaching are just some of the ways to achieve this. Also important are regular reminders about the policy and any changes as regulations change.

Step 3: Use effective technology to monitor electronic communications

For remote workers, getting the right technology to monitor electronic communications is more critical than ever. Think about what tools you need to cover every channel employees use. A few core requirements include:

  • Archiving communications
  • Monitoring instant messaging
  • Recording video calls

At a minimum, these tools should capture all electronic communications in a way that meets regulatory mandates. They should also help to spot potential compliance issues before they grow into a larger problem.

Step 4: Conduct regular audits

Regular audits can help to ensure that your monitoring tools are working as intended and that your employees are complying with policy. Reviewing samples of electronic communications can help verify whether everything that should be captured is indeed being captured. It can also detect any areas of noncompliance.

In recent years, AI-powered solutions such as Proofpoint Supervision and Proofpoint Automate have emerged that can effectively sample employee communications. These technologies help automate key tasks that have long been labor-intensive and prone to human error. In our experience, these advanced solutions can reduce the workloads of human audit and supervisory staff as much as 86%.

Step 5: Encourage reporting of potential compliance issues

Employees should feel they can—and should—report any potential compliance issues. Consider a hotline or an anonymous reporting system that makes the process safe. Many Proofpoint customers use Microsoft Teams channels to set up a private policy-bound chatroom as a reporting hotline. Employees should feel empowered to report, assured that they won’t face any backlash for doing so.

Step 6: Regularly review and update the policy and procedures

Finally, regularly review and update your electronic communications policy and procedures. Ensure that they stay up to date with the latest rules and industry best practices. Assess your policy and procedures at least once a year; increase that cadence when regulations change or market conditions call for it. And be sure to include your compliance technology vendors and corporate compliance committee members in this process. (Stakeholders often include compliance, IT/messaging, security and legal teams.)

Remote work has created a bevy of new challenges for compliance monitoring in the financial services sector. The struggle is especially acute when it comes to electronic communications. But you can ensure that remote employees are complying with regulations. Here’s a summary of best practices:

  • Implement a comprehensive policy framework
  • Create robust policies
  • Provide training
  • Deploy effective monitoring technology
  • Conduct regular audits
  • Encourage users to report potential compliance issues
  • Review and update policy and procedures on a regular basis

You can rely on Proofpoint Intelligent Compliance to achieve all of these. Learn more about how we can help you empower remote work at proofpoint.com/us/solutions/enable-intelligent-compliance