Creating Effective Supervision Policies for Instant Message and Collaboration Platforms

November 14, 2019by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

The modern workplace is more connected than ever, and as new digital channels emerge, employees face a mountain of messages across screens every day. For companies in regulated industries that are required to monitor their employees’ electronic communications for compliance, managing every channel is already a daunting task.

Instant messaging and collaboration platforms for business, such as Slack, Microsoft Teams and Zoom are the latest tools to transform how people interact at work. Within the last five years, these tools have steadily risen in popularity and taken away email's position as the preeminent business communications tool.

Slack and Teams pose new challenges for compliance teams. They are integrated communication platforms that connect to many other applications, which extends their potential but covers a lot of content ground: voice and video calls, calendar scheduling, and collaborative editing of shared documents, to name a few.

Additionally, conversations on IM and collaboration platforms will move from desktop to mobile or vice versa. This can create gaps in data review unless all message types are captured and indexed with all metadata intact.

All these layers of complexity contribute to a high volume and assortment of data. They require nuanced supervision tactics and modern tools with granular capabilities for managing the process.

Random sampling and lexicon policies

Regulated organizations can enact a couple different methods of supervision including random sampling and targeted lexicon policies. Random sampling involves viewing a sample of communications from a specified time period, to check for protected information that may have gone under the radar. Proactive lexicon policies target specific words and phrases.

Collaboration channels enable a high rate of interaction, which means a lot of volume to monitor. There’s a balance to strike between identifying regulatory (and potential business and operational) risks, and casting such a wide net across your entire archive of communications data that supervision becomes unwieldy and inefficient.

This is especially true if your organization is at the enterprise level, where a random sample without narrowly defined parameters can be overwhelmed with white noise and high percentages of false positives. Enterprises are uniquely impacted by the large number of employees being supervised across all the various messaging platforms.

Internal and external communications

Though instant messaging and collaboration channels are mostly used internally, those online conversations pose just as much risk as — if not more than — external conversations.

In the case of a confidential or proprietary information leak, for example, if there is discussion about a company’s upcoming IPO, and that information is shared inappropriately it could introduce any number of legal issues.

But Slack, Teams and Zoom are useful for communicating with third-party users as well. Ensuring that brokers, advisors and executives can easily share information with clients and other outside partners is crucial.

One step to managing these concerns is to implement communication guidelines for internal and external interactions that specify which employees can use each channel. Another safeguard is to develop supervision policies with lexicons that support modern communication terms and outline the types of data that cannot be shared. Finally, review policies and escalation plans for violations with employees on a bi-annual basis.

How to develop, implement, and refine policies

To put a laser focus on what you’re capturing to meet compliance obligations, keep the following practices in mind as you build your policy framework to reduce noise, enable productivity and enact effective supervision policies:

  • Determine a hierarchy of supervision for individuals and groups within your organization. Allow classified stakeholders to discuss confidential transactions on electronic platforms, and limit high-stakes visibility through the appropriate work supervisory policies (WSPs) that outline how applications may or may not be used

  • Develop a lexicon policy with your determined parameters to capture relevant terms. Make sure to account for common misspellings and conversational jargon

  • Work with your compliance team and internal resources to identify potential risky terms and phrases. An optimized lexicon is concise enough to capture variations in syntax, but not too broad to introduce too much “white noise”

  • Avoid the use of high-risk terms and domains by excluding them from the company’s approved lexicon. Exclusion policies in Pro Archive and Enterprise Supervision can provide an extra line of defense in the regulatory process

  • Bolster ongoing policy performance with targeted exclusions and regular, diligent random sampling. Don’t just set it and forget it. Schedule a standing meeting with stakeholders to check in on performance

Whether it be for internal purposes or to satisfy regulatory requirements, organizations need well-tuned policies to enforce their supervision process. Proper policy setup is essential for efficient, intuitive message reviews and other workflows.

Policies can be custom-created, or built from templates provided by your solution provider, and should be fine-tuned on a regular basis for maximum performance and efficiency. Training and educating employees bring the cycle of policy-tuning full circle — making compliance highly efficient even as new platforms emerge.

For more on building policies for compliance, check out The Financial Advisor’s Guide to Social Media Strategy & Policy.

Share this post!

Smarsh
Archiving and Compliance Blog

Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.