Connect with us

Hi, what are you looking for?


Privacy & Compliance

Financial Compliance: Problems are Changing, Solutions are Not

The sixth annual survey from Smarsh on financial services communications compliance issues shows that regulatory scrutiny and compliance difficulties are increasing while resources and solutions are not.

The sixth annual survey from Smarsh on financial services communications compliance issues shows that regulatory scrutiny and compliance difficulties are increasing while resources and solutions are not. Enforcement and retention gaps remain high, leaving companies open to undetected fraud, errors and regulatory penalties.

The survey polled 221 financial services professionals with compliance supervision responsibilities. Less than one-in-ten of the respondents expect to receive any significant increase in resources at a time when BYOD and social media are increasing their difficulties.

One of the main problems is that the compliance perimeter (that is, the communication methods and devices that require regulatory overview) is expanding beyond the organization’s security perimeter (that is, the systems with direct company security and overview control). This is primarily caused by increased use of personal devices and social media, which often go hand in hand. Even where a company has a defined BYOD policy it is difficult to know which messages need to be retained by the company.

It is the content of a message that determines whether it falls under compliance regulations. However, even within the traditional security perimeter 5% of respondents still feel they do not have an adequate archiving or supervision solution in place for email via corporate email accounts. This rises to 68% of respondents concerned about SMS/text messages even where company policy allows them. Forty-six percent are concerned about the lack of control over LinkedIn messages, and 44% over Instagram, Facebook and public IMs such as Skype.

The general lack of oversight capabilities leads to specific risks recognized by the compliance professionals. These include an inability to provide evidence of supervision (32%); failures in policy enforcement (29%); inefficiencies of the supervision process (28%); difficulties in fine-tuning supervision processes to find real risk (27%); inability to produce data upon request (26%); and policy creation (21%).

All of this is happening at a time when regulations and regulatory scrutiny are increasing. Regulations governing electronic communications can be found in SEC rules, FINRA, Federal Rules of Civil Procedure, Gramm-Leach-Bliley, FCA rules, State Data Protection laws and more. And it’s getting personal. In September 2015 SEC warned that compliance officers could be charged for negligently conducting their duties. In the same month it fined Securas Wealth Management’s chief compliance officer $30,000 for failing to implement the policies and procedures that would have caught stock manipulation fraud.

The problem, suggests Stephen Marsh, CEO of Smarsh Inc, is that the nature of the problem has changed, but the solutions have not. This has resulted in three main approaches by compliance officers: ‘prohibition’ (simply prohibit communication through BYOD and social media); ‘head in the sand’ (ignore the problem and respond to regulators, ‘not in my knowledge’); and ‘extend what’s in place’ (that is, increase what already doesn’t work very well). 

Advertisement. Scroll to continue reading.

“Creating a sustainable, scalable and holistic approach needed for effective electronic communications supervision today can’t be done overnight,” he says, “but it can be done. It requires the coordination of the right processes, technology and human capital across stakeholders from IT departments, compliance, legal and marketing units.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...