Compliance: Hope Is Not a Plan

By

Why Avoiding Communication Compliance Quandaries Puts Your Organization At Risk

Fifty-four percent of compliance professionals expect their personal liability to increase for compliance failures of their firms, according to the Thomson Reuters Cost of Compliance 2018 Survey. With recent fines for Financial Services firms with oversights in compliance supervision for electronic communications ranging upwards of $32 million, it is no surprise that compliance teams want to limit communication types and channels at their firms. In Part One of this three-part series, we discussed some of the internal tension between business and compliance teams when it comes to implementing new communication technologies. In this blog post, we’ll examine why hope isn’t an effective compliance plan and layout key considerations for organizations to pursue as they modernize their digital communication arsenal.

Imbalance Brings Risk

As previously established, internal misalignment between compliance and business teams can lead to major problems for organizations seeking to implement new digital communication technology.  If the compliance unit shuts down the adoption of video or social technology in order to prevent risk and avoid potential fines, the organization faces an opportunity cost and leaves the door open for more progressive and innovative competitors.  Specifically, as mentioned in Part One, using new communication channels like video marketing and personalized sales videos can improve key sales and pipeline metrics by 30 percent.  Not adopting such a clear benefit due to compliance pushback paves the way for competitors to grab market share. 

Similarly, an organization driven solely by business considerations runs the risk of compliance and regulatory mishaps, potentially leading to fines or loss of consumer trust.  Facing a $2 million fine for not properly supervising communications could be the outcome of not properly implementing new tech with compliance.  Worse yet, organizations can swing from one perspective to the other, increasing risk with each extreme position taken.  This can create a vicious cycle where lack of innovation stemming from excessive compliance roadblocks leads to less growth and less profit.  Then, the slow growth and business pressure leads employees and organizations to take too many risks that may violate regulations and hurt customers.

Mitigating Regulatory Risk

It’s important for organizations to understand the regulatory perspective as technical complexity increases.  New technology brings new communication channels which are avenues for conducting business, but can lead to rules violations, especially when the pace of growth exceeds specific regulations.  Regulators expect companies to make a good-faith effort to understand and uphold the requirements for monitoring any communication channel used to conduct business; ignorance is not an excuse for non-compliance.

It is a new era of personal accountability for compliance professionals where the regulations increasingly include expectations of knowing what is communicated and taking steps to protect sensitive information in communications.  Organizations can no longer perform “check box compliance” – simply going through the motions of recording and storing the information without a thorough review.  The modern expectation is that organizations must know what’s included in their communication and take action if they notice a risk.  In this new environment, there are fundamental measures that each company should undertake to lower their compliance risks and adhere to industry standards.

So, how can organizations strike a balance between adopting new technologies and avoiding compliance catastrophes?  We’ve identified three key measures any organization should implement to lower risk.

Striking a Successful Balance

Key Measure #1: Create a Policy Framework for New Communication Channels

When adopting a new communication channel like personalized sales videos, video marketing, video conferencing, and other video interactions with customers, organizations should have a high-level framework for conduct requirements on that channel.  For example, some basics that should be consistent across phone, email, social and video communication are clear identification of who you are, who your company is, what you are discussing, and maintaining simple, clear references to disclaimers and disclosures.  In fact, newer channels like video provide more scenarios to leverage this framework onscreen and in spoken content.  Creating this as a template for communications and disseminating it clearly sets a consistency expectation for communications that helps avoid basic mistakes and sets a baseline that can prevent regulatory mistakes – regardless of the information channel.

Key Measure #2: Train Team to Implement and Adopt New Technologies Compliantly

Building on measure one, training teams on that policy framework as well as the new communication channel itself should be the obvious next step.  As new technologies emerge, organizations should train team members on how to properly adopt and implement the new tools.  This training can be costly upfront in both time and money but is increasingly important.  Deloitte found that 76 percent of Chief Compliance Officers listed compliance training as a top priority.  Luckily, for new communication technologies like video, there is an obvious cost benefit for creating training content using video itself for rich training content that has relatable examples of do’s and don’ts.  Further, in a highly regulated environment, good training increases accountability and reduces the likelihood of careless compliance errors.

Key Measure #3: Implement RegTech Solutions

Finally, it’s crucial to build processes that can scale.  Organizations need to enforce policies, both for what gets communicated and for monitoring communications.  With the broadening of communications channels and the exponential increase in communication volume, a non-scalable solution leads to significant risk.  Unfortunately, it’s a common instinct to think that many aspects of the compliance process are manual-based review efforts on a scale that’s unwieldy, slow, cost-ineffective, and prone to inconsistencies that lead to oversights.  In reality, organizations can implement RegTech solutions to ease the communication capture and analysis process, increase accuracy in detecting risks across more media types, and allow for scale in the volume and type of communications handled.  We’ll explore how to best implement and get the most out of RegTech technology for communication compliance in our next installment.

Recap

Tensions between the business and compliance teams are to be expected, but left unchecked, can cripple growth efforts that center on adopting new communication technologies.  Companies must work to accommodate modern communication technology adoption and compliance requirements to balance topline growth opportunities while effectively managing regulatory risk.  To do this, organizations should start with the straightforward steps of implementing a clear policy framework, investing in training their team, and adopting modern RegTech Solutions.

In the final part of this three-part series, we’ll examine RegTech Solutions – what they are, how to implement, and why they’re critical in the expanding digital ecosystem.

About the Author: Devin Redmond is the CEO and Founder of Theta Lake. He has more than 2 decades of experience in enterprise risk and compliance and is a frequent speaker on AI-based RegTech for video communication compliance. The former CEO and Co-Founder of Nexgate, a pioneer in social and digital media compliance and security acquired by Proofpoint (PFPT) in 2014, Devin also held executive and leadership roles at Check Point, Neoteris, Websense, and more. In addition to living in 7 countries and speaking 3 languages, Devin is a frequent public speaker that is passionate about modern digital risk and compliance technology that helps businesses gain a competitive advantage.




Edited by Erik Linask


SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More