How RegTech Can Adapt to the Modern Working World

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise tech. In this feature, MirrorWeb‘s COO Harriet Christie offers commentary on how RegTech can adapt to the modern working world.

While communications surveillance has become a more pressing requirement in recent years, the truth is that most of the current generation of platforms was built 20 years ago. Society has changed a lot since then, both in terms of our technological capabilities and the ways in which we communicate. It’s important that compliance tools keep up with the world they are built to regulate.

This piece will analyze the traditional methods associated with communications surveillance, where (and why) these approaches are no longer suitable, and how platforms can evolve to better serve the modern workplace.

The Regulatory Landscape

A Word on ‘Communications Surveillance’

The surging demands on compliance platforms are perhaps best exemplified by a shift in terminology from ‘communications archiving’ to ‘communications surveillance’. Archiving refers to the procedure of capturing and storing appropriate data, and most vendors are certainly capable of this. Many platforms are too – Slack has an internal archive, Zoom SMS has litigation hold, and RingCentral can store all call data.

Surveillance is the difficult piece, but one that modern compliance vendors simply have to offer in the current regulatory climate. Non-compliant interactions must not only be recorded, but flagged and acted upon. Surveillance and archiving used to be separate terms, but have now become inextricably linked as communications channels and the regulations governing them have diversified.

There is now a great deal more digital territory to monitor across workforces, to an increasingly rigorous standard. As a result, vendors have a responsibility to develop product features which aid compliance teams in uncovering malpractice.

Mobicomms

Since COVID-19 expedited a global shift to remote work, organizations have struggled to persuade staff to move away from the prevalence and convenience of mobile platforms. Exchanges like those occurring through WhatsApp and other ‘off channel’ mobile platforms are far more difficult to monitor and capture than email, for example, and so vendors have not always had the ability to do so.

In the last year, mobile communications have come under the spotlight for SEC & FINRA-regulated firms, with record fines being handed out to some of the industry’s largest players. Failing to have a policy for mobile communications is no longer an option, and many firms are looking for a way to completely unlock the transactional advantages that come with opening up the prospecting channels available to staff.

Modern Compliance Concerns

iMessage

Surveillance vendors have a responsibility to keep pace with regulatory developments, and so have developed technology to capture data from apps like WhatsApp, WeChat, Signal and Telegram. For most vendors, however, iMessage remains a real source of frustration.

iMessage is prevalent amongst financial professionals for a variety of reasons. These include the devices’ ubiquity and ease of use, and the status attached to Apple devices. The conversations carried out by iMessage aren’t typically recorded, though, and capturing this metadata is difficult because Apple encrypts those conversations end-to-end.

The iPhone has a market share of 58 percent in the US in 2023, so iMessage capture is a critical requirement for firms that wish to ensure compliance. Even in the event of a channel ban being implemented, it’s unrealistic and even naïve to expect it to be upheld by staff that have come to rely on the convenience of texting.

Group Chats

Many surveillance vendors also struggle to capture group messages across mobicomms platforms. Quite simply, group chats are often used to discuss business matters; an adviser’s PA might message a client on their behalf, and advisers may share marketing information in group chats with multiple clients – there are many scenarios in which group messaging can occur.

If group chats aren’t being captured, then compliance cannot be proven, and so it’s essential that vendors find a way. Banning group messages outright isn’t really a viable option and could be very limiting from an operational perspective.

Virtual Meetings

Another consequence of the shift to remote work was a surge in virtual meetings, a necessity that eventually became established as a highly convenient plan B, or even the preferred option, for many workers. This change applies to both internal and client-facing meetings, and so the ability to monitor, capture and store communications from applications like Zoom is essential to ensure compliance with FINRA, SEC, FCA, MiFID II, and other regulatory mandates.

Transcription tools are hugely beneficial to compliance teams reviewing the content of meetings, allowing them to read through at their own pace, bypassing the small talk and pauses that make up a large proportion of virtual conversations. This can be enhanced by employing lexicon policies to point the compliance officer in the right direction quickly and help them prioritize the data they’re reviewing.

Transcription software is already very common, so it makes sense for surveillance solutions to build it into their product or to build an integration with existing software.

Only Part of the Picture

One of the most important elements of communications surveillance is the ability to show the full context in which a conversation occurred so that meaning, and therefore conduct, can be fairly evaluated. Tools like lexicon policies help to provide that context and pick up on misdemeanors more quickly. Traditionally, this could mean compliance teams flagging emails containing the word ‘guarantee’ or phrases pertaining to communicating privately through another channel.

Those ‘off-channel’ platforms are now under scrutiny themselves and bring their own challenges. With mobile communications, there is a clear lack of context associated with captured messages. Right now, the industry standard is to convert mobile messages (from WhatsApp, WeChat etc) to email threads, with system messages (somebody exiting or entering a chat, reactions) adding to the noise by generating their own separate email.

When you start introducing gifs and emojis, things become even more complicated. Some surveillance vendors currently convert these dynamic elements into URLs, meaning that an extra layer of interpretation is required. This makes it difficult to piece conversations together and results in a poor, disparate review process that could allow non-compliant behaviors to go undetected.

As compliance becomes a more mainstream concern, surveillance platforms have a duty to provide a more streamlined user experience and one in which staccato email analysis is a thing of the past. A clearer, more visual representation of the conversational journey is vital, one in which the communications being assessed are displayed in the same format that they were originally sent. This will accelerate the compliance process significantly, unburdening the stress of piecing together an intricate puzzle.

Too Much Noise

To continue the theme of inefficiencies in the review process, surveillance platforms need to continually find new ways to unclutter the content being flagged by lexicon policies. Filtering that data down to the essentials will satisfy compliance teams, as they spend less time wading through information that clearly satisfies compliance criteria.

Substandard Support

No matter how intuitive a product may be, support and training will have a sizeable impact on the impression it makes on a user. The mastery of a platform will almost always require outside assistance.

Traditionally, communications surveillance has a reputation for below-par customer service. This could mean anything from slow response times to poor connection rates, and the inability to speak to a human when the issue at hand isn’t easily categorized. This is an area where significant improvements can clearly be made.

Communications surveillance software is technical, and its implementation across a wider team can be a complicated process. It’s also a requirement rather than a luxury, and so vendors will need to make a concerted effort to build out this department to a high standard to establish peace of mind for their clients in an increasingly hostile regulatory environment.

Banish Limitations

From compliance teams to the wider workforce and indeed, customers, outdated communications surveillance impacts every part of a business.

Compliance staff need tools that allow them to work through expanding data sets efficiently, while other departments should be enabled to use technology that helps them hit targets. Most importantly, customers will gravitate toward vendors that allow them to communicate in the ways they prefer. This means that modern channel capture is essential.

With the volume of regulatory change expected to increase in the coming year, it’s highly recommended that financial services institutions evaluate their surveillance solution carefully. There are a variety of different boxes that can be ticked, with mixed degrees of importance depending on a firm’s individual priorities. The principal requirement, however, should be a solution that is adaptable.

It’s not beneficial to settle for antiquated methodologies, and financial firms need to move with the times. By considering their vendor carefully, they can flip the ‘compliance is expensive’ narrative on its head and create long‑term value for their organization.