The forbearance of regulators as the pandemic took hold provided much-needed flexibility for organisations, so they could prioritize the delivery of services by work forces that had become remote almost overnight. Employers moved fast to roll out collaboration tools like Zoom, Microsoft Teams and Webex to keep staff connected and productive – and with the overriding need for business continuity, oversight was sometimes more of an afterthought.
Fast-forward eighteen months, with collaboration tools now integral to the modern workplace, the focus is firmly back on supervision – and the compliance and security risks associated with platform usage. Organisations must now turn their attention to ensuring oversight and accountability in virtual environments mirrors that which we expect in physical ones.
In Autumn 2021, there’s no longer room for excuses and in the case of financial services, regulators around the world have been clear in that they expect regulatory obligations to be met, says Stacey English, Theta Lake’s Director of Market Intelligence.
“Now this much time has passed, regulators in every market are expecting that the compliance controls are as robust in remote working as they are in the office,” she explained. The latest expectations set out by the FCA reminds firms that ‘any form of remote or hybrid working adopted should not risk or compromise the firm’s ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them’. With 91% of organizations surveyed in Theta Lake’s latest research having between 2 and 6 collaboration platforms deployed, it’s no surprise that 83% have restricted usage of valuable features as they grapple with the complexity and challenges of meeting compliance, security and privacy requirements.
Principle-driven regulatory standards
Acknowledging that technology moves fast in a changing world, some regulators have cautioned that while the precise details of regulatory rules might not keep pace with technological developments, the intended outcomes relating to record keeping and supervision still apply.
“Regulators, like the FCA in the UK or The European Securities and Markets Authority (ESMA) have been clear that the ‘how’ might have changed but the ‘what’ hasn’t, and technology itself doesn’t excuse lapses. The onus is on firms to ensure new tools support capture, archiving and supervision, if they’re going to use it in a regulated environment”
Indeed, some of these outcome-driven standards emerged from the financial crisis over a decade ago, and they’ll continue to apply even when we’re having our investment sales calls using holograms or metaverse avatars… “It’s about putting the focus back on conduct and mitigating risks outside a tightly controlled physical environment. So that people don’t mis-sell or abuse or behave inappropriately in any professional context, and that if they do, it can be remedied fast.”
As English pointed out, supervision tools like Theta Lake have application beyond financial services regulation, to privacy, security, and HR issues like bullying and racism. Any communications on collaboration tools can be shared and recorded through screenshots or native recording functionality, and traditional methods of supervision simply can’t protect the organisation from this kind of risk. “Take misconduct or data leakage in chat, they’re persistent, they never go away – so it’s essential to have tools like Theta Lake deployed across all your communications so that you can pinpoint and remedy when this happened,” she continued.
Beyond immediate crisis, to sustainable standards
In times of business stress, misconduct on every level unsurprisingly escalates, as English pointed out.
“When you have a stressful environment with markets all over the place, people working from anywhere, you can more easily end up with people behaving in the wrong way just to get things done.
“And there are more accidental breaches, like people sharing the wrong screen with sensitive data or responding to phishing attempts, just because they’re tired and burned out.”
Regulatory compliance is not about being superhuman, but about ensuring risks are identified and dealt with. “Everything is now more data driven, and with regulators moving that way it’s clear that in the future firms will need to have data and records ready to share, to comply with supervisory requests and investigations,” she warned. “It won’t be acceptable to say you don’t have the records or can’t supervise your systems, you have to have a way of monitoring and managing risk.”
This is where Theta Lake can help, providing the same robust oversight of conduct and security risks across collaboration platforms, whether in or outside of a tightly controlled physical office. This includes detecting the sharing of confidential information through to collusive, aggressive or bullying behaviour. The solution continues to evolve to capture the most current risks organizations are concerned about from cryptocurrency conversations to managing information barriers across multiple collaboration tools.
Theta Lake provides complete integrated compliance, security and archiving support, for collaboration channels and platforms – so you can meet your responsibilities in any market, and comply with all regulatory requests with confidence
Learn more and request a demo at: https://thetalake.com/request-a-demo/
