As technology providers create new ways for workers to communicate over their smartphones, laptops and online forums, compliance professionals are facing the challenge of archiving all the various electronic messaging channels for regulatory purposes.
The number of electronic messaging channels firms allow employees to use for business purposes has nearly doubled in the past three years, from an average of 3.6 channels in 2011 to 6.7 in 2014, according to the Smarsh 2014 Electronic Communications Compliance Survey.
Smarsh surveyed nearly 300 compliance professionals, over half of which (63 percent) represented registered investment advisors such as private equity firms.
The survey found that around one in three respondents allow employees to use social networking sites like LinkedIn and Facebook but do not have a written policy governing its use or prohibiting access. Even fewer have policies in place around text messaging.
“Business communications are subject to regulatory requirements for retention and oversight, regardless of the medium,” the survey said, noting an increase in examination activity of registered advisors by the US Securities and Exchange Commission.
Nonetheless, emails remain by far the most requested message type during such examinations, the survey found. Following that are website pages, instant messages and to a lesser extent social media pages.
Accordingly a large majority of CCOs have already put in place new systems to archive traditional electronic communication channels like email and instant messaging, an informal poll of delegates at the PEI Private Fund Compliance Forum 2014 earlier this month found. However, 29 percent of delegates said that their firm has yet to take this action.
Additionally, “written supervisory procedures” was the most requested supporting document among those examined, “emphasizing the importance of having solid policies and supervisory processes in place,” the Smarsh report said.
Roughly half of delegates polled at the PEI conference admitted their employees have not been provided clear directions on how to securely share confidential and sensitive data with outside parties, an indicator that formal guidance on electronic communications is not yet a widespread industry standard in all areas.