Back to Insights

Insights  |  August 17, 2020

Compliance and Technology: 4 Key Takeaways From a Supervision Survey of Industry Professionals

This post was originally published by Smarsh

FINRA and SEC-regulated industries are required to review business-related electronic correspondence to ensure compliance. However, there aren’t standardized supervisory procedures as the methods are left up to the firms and businesses.

Smarsh recently conducted a joint survey with Elinphant, a financial services risk management and compliance consulting firm, to learn more about the supervision of electronic communications. A broad mix of FINRA and SEC-regulated professionals including RIAs, broker-dealers and insurance advisors responded and provided insight on:

  • The policies and procedures firms are evaluating
  • What methods are being used to evaluate policies and procedures
  • Common supervision practices
  • Trends and concerns related to supervision
  • Technology-based compliance

Here are four key takeaways from the survey:

1. Avoid the “Set it and forget it” approach to supervision

The most-reported approach to supervision was “set it and forget it.” It is common for firms to implement policies and procedures but rarely update those policies — despite the continuing evolution of communication technology and practices in the workplace.

“It appears that once lexicons, exclusions, policies and procedures are set, the firm will operate for years without adjusting them,” said Elin Cherry, Elinphant founder and CEO. “It’s essential for [compliance] technology to evolve as business objectives and regulations evolve, so there’s significant risk to ‘setting and forgetting.’”

However, this approach goes beyond exclusions and lexicons. It also includes:

  • Frequency of review
  • Percentage of content reviewed
  • How to perform reviews

“Unfortunately, the ‘set it and forget it’ model will most likely continue until regulators begin fining firms,” said Marianna Shafir, Smarsh Regulatory Advisor. “But this doesn’t need to be the case. The technology used for archiving and reviewing electronic communications makes it easier for firms to implement new tools to stay updated on policies and regulatory changes.”

2. Review the process and document written supervisory procedures

FINRA-regulated firms are required to test and verify supervisory procedures for electronic correspondence. The survey results show that many firms don’t follow this guidance:

  • 23% of those surveyed have never reviewed their supervisory process, or do not have a set timeframe for a review (Figure A)
  • 42% of those surveyed said they only do an ad hoc lexicon review (Figure B)

Supervisory compliance processes

Failure to review the supervisory process itself puts firms at risk for penalties. And firms are frequently fined for this misstep. In fact, some of the largest regulatory fines are for failing to implement supervision.

Cherry said that a solid supervisory process review should consider the following:

  • Is the firm reviewing and implementing new releases or patches from their archiving vendor or service provider?
  • Are lexicons up to date?
  • Are exclusions up to date?
  • Is there documentation of the supervisory review process?

Additionally, the SEC’s Regulation Best Interest (Reg BI) went into effect on June 30 of this year. The new regulation is designed to bring legal requirements and mandated disclosures in line with reasonable investor expectations while preserving access to a variety of investment services and products.

“Reg BI is a perfect example where you want to avoid the set it and forget it approach,” said Shafir. “You don’t just leave your lexicons alone. You need to update the lexicons and implement new keywords into the supervision process to show regulators you’re complying with the latest rules.”

3. The frequency of reviews and the quantity of communications reviewed should be adjusted

One interesting insight from the survey was that firms, depending on their size, review content differently. Smaller firms (those with 1-5 employees) can be more efficient by following the approaches of larger firms, that review a smaller percentage of email (Figure E), but they do it more frequently (Figure F).

Frequency and Quantity of Reviews

Smaller firms tend to review 100% of all electronic correspondence while larger firms are reviewing 0.05% to 2%. However, while they are reviewing 100% of the content, small firms don’t review frequently enough.

“Just because you’re small and don’t have much electronic correspondence, you can’t wait once a month or once a quarter to review your electronic correspondence,” says Cherry. “It really needs to be timely. If something happened in that electronic correspondence, you can’t wait a month to act on it. Regulators will have an issue with that.”

Reviewing messages in a timely manner reveals what’s going on in the firm and gives them the agility to adjust processes and reduce supervisory fines. They can leverage compliance technology to narrow in on messages that require reviews.

Unfortunately, 39% of those surveyed suggest that they have a manual process to review electronic correspondence, which can be risky. Regulators expect to see a proper system in place — especially as more people work from home.

4. Use archiving and supervision technology to stay agile

Archiving and supervision technologies have come a long way and can help firms review content more efficiently. With an increasingly remote workforce, it’s critical to have a supervision process that allows for the review of a high quantity of content more quickly.

“FINRA recently indicated that it’s gotten approval to adopt advanced technologies to use in their exam process,” said Robert Cruz, Smarsh Vice President of Information Governance. “I think FINRA’s expectation will be that firms are doing the same.”

Using modern technology to help your firm retain, supervise and review electronic communications is key.

“It’s likely you won’t remember every message you’ve reviewed a year from now,” said Shafir. “If there’s an audit and the regulator asks, ‘Did you review this message?’ you can confirm and provide the documentation.”

This blog is based on the recent webinar, “Compliance and Technology: A Supervision Survey from Industry Professionals.” You can watch the full webinar here. Get the survey report here

More Resources:

Smarsh and Actiance Complete Merger, Combine Forces to Redefine Archiving Under the Smarsh Brand
Smarsh Named a Leader in 2018 Gartner Magic Quadrant for Enterprise Information Archving for Fourth Consecutive Year
7 Tips to Save IT Resources in Times of Need