Since the early days of the COVID-19 pandemic, communicating remotely has been a necessity for financial services professionals. As a result, regulators have taken note and increased scrutiny of that activity. A series of high-profile enforcement actions with respect to electronic communications has prompted compliance leadership to reconsider resource allocations, but constraints are driving firms to mature in their approach to risk mitigation.
But what makes a compliance team mature in the financial services industry? Maturity refers to a program’s sophistication and comfort around systematically addressing compliance issues and concerns throughout the organization. This can mean leveraging existing resources and transforming them into scalable models, as well as partnering with internal stakeholders to guide decisions while still managing risk appropriately. Strategically applying technology is also imperative to overcoming compliance challenges, particularly as compliance teams are stretched thin, while also being asked to oversee new communications channels.
Not Quite There … Yet
One of the most exciting technologies to evolve in recent years has been artificial intelligence, and many expected it to have an enormous impact on compliance reviews in financial services organizations—particularly in terms of moving the prereview of social posts and text messages to post-reviews. It could conceivably save time and manual labor, enabling electronic communications to proliferate at an even faster rate to positively affect customer relations and, ultimately, the bottom line. This is not happening yet. Why?
Regulation follows innovation, and in the case of AI, regulations have not caught up. Current rules say certain types of electronic content still must be prereviewed by a registered (human) principal. That doesn’t mean that AI is without value to finserv compliance teams; it’s just being used differently than envisioned—at least until the regulations support its application for prereview.
Many mature and forward-thinking organizations are using AI-based solutions to create suggested content versus advisor-generated content. These solutions can help guide potential posts upfront, before manual review, which can increase workflow and get content into registered representatives' hands much faster.
Additionally, natural language processing technology can also be quite valuable in terms of factoring in the context of specific words used within posts or messages. This type of technology can reduce the items in a work queue that would flag a simple lexicon review, routing forward only the pieces that require a closer look, ensuring that the right alerts are being directed to the right queues at the right time.
In fact, the recent NAVEX Global survey found that automated workflow routing is a main focus area for compliance teams to increase efficiency. These improvements are an indication that compliance teams are—by necessity—becoming more mature in their efforts to handle their regulatory obligations. Additionally, NAVEX indicated that 41% of compliance programs in the financial services industry are planning to automate over the next 12 months.
So, while it is still early in the game to fully maximize these very advanced technologies to move content from the prereview stage to post-review, where content is more interactive, mature compliance teams are using them to significantly expedite the process and alleviate some of the strain. With fewer items in the queue, content often can get a more diligent review as well, which goes a long way in mitigating a firm’s risk.
Not All Communications Channels Are Created Equal, but Mature Organizations Have a Compliance Strategy to Deal With Them
Mature organizations make reaching out to their registered representatives a crucial part of their supervision model. They are asking their people what digital channels they are using for business purposes and what they’d like to use, so that they can adapt to modern channels.
Much of the evaluation of how to deal with a given communications platform comes down to the data and how much compliance teams have access to. Most communications technologies were not designed specifically with financial services in mind, which means the industry’s regulations have not been a factor in building their business. A platform such as LinkedIn that was built for business has been much more open to sharing its APIs than, say, Snapchat, which has not adapted for business usage yet. As such, it makes it exponentially harder to document to the requisite level for compliance.
There are, of course, workarounds. In the case of TikTok, for example, a compliance team could require a script or that anything that will be recorded gets prereviewed. The rep interested in doing the video could write out exactly what they're going to say, prerecord it and send it in for review. Then, after it posts, someone from compliance watches the video and ensures it aligns with what was anticipated—and that all of these steps are documented. While this takes away some of the spontaneity of TikTok, it shows that it’s still possible to use this channel and do supervision accordingly.
Mature Compliance Teams Move Away From a Checkbox Mentality
With an evolving regulatory environment, mature teams know that they can’t just check a box and move on. They have to instill processes throughout the organization that document all potential types of communications; they have to have controls in place to provide evidence of review, and it has to be explainable to regulators. Otherwise, they are looking at large fines and an overhaul of compliance operations. The last thing firms want is to be caught not monitoring something.
Mature firms are initiating proactive compliance, going out and trying to determine what regulatory changes are coming and how they will impact the firm. With so much shifting across the landscape, compliance teams are investing not only in learning more about how new communications technologies can be used but also what technologies can help automate and document supervision processes. With increased regulatory burdens, companies must find the tools to stay ahead, and perpetually test that they will pass controls and enable them to monitor communications in more efficient ways than ever before.
While this sounds like a complicated process (because it is), it is the cost of doing business today. What is clear, though, is that the most mature firms have invested in technology and taken on a proactive compliance role. These firms have been insulated from larger negative industry trends, and this should be proof that the effort pays off.
Bill Simpson is the compliance principal at Hearsay Systems.