Actiance: communications and the key to compliance - David Oates
The financial services industry has recognised the need to make more of its communications applications, be they for internal collaboration or customer interaction. It is also aware that every communication carries a risk, most obviously in external channels such as social media. We spoke to David Oates at Actiance, a leading provider of compliance systems, about the risks and how to mitigate them.
In an industry that is increasingly competitive, every financial institution has grasped the importance of communicating with customers through their preferred channels, which increasingly means engaging with them in the digital space. Among the digital channels quickly gaining traction are social media networks, which are increasingly seen as the forum in which banks can put a human face on their brands.
Equally important to banks is the ability for internal teams to collaborate more effectively, not least to provide a consistent set of services to customers across different channels of interaction. With these internal and external channels, however, comes a regulatory burden. Banks must tread carefully to ensure that internal messaging, as well as communication through social media networks, is compliant with an evolving set of regulations.
As the industry strives to build trust, having seen it severely eroded in the last five years, it is vital to not underestimate the risks to reputation of getting communications wrong.
"Our main focus is the compliant use of emerging electronic communications networks," says David Oates, vice-president international at Actiance, a leading provider of compliance systems. "This can be unified communications systems and social platforms, whether they are for internal collaboration or external communications, as with Facebook and Twitter. Banks know they need to know about social media, but they fear it in terms of compliance.
"In terms of reputational risk, stock prices and regulatory compliance, this is a sensitive area," he continues. "The regulatory threats are massive, as the fines are getting larger. Social media is part of regulations like the Dodd-Frank Act in the US and many equivalents. The size of the sanctions is escalating and banks need to mend reputations that have never been lower."
Actiance is a multinational provider of platforms that enable the secure and compliant management of unified communications, web 2.0 and social media channels. Oates is responsible for the company's business outside the Americas, which focuses mainly on financial centres in the EMEA region. Through this work, he has come to recognise among clients the urgency and the risks, especially around external social media channels.
"Banks know they need to use these channels, but they are not sure how," explains Oates. "Most people know how to use sites like Facebook, but we may not understand the impact of what we are putting up there. For instance, if someone sends a tweet from a board meeting before financial results are published then it could impact stock prices, in which case it would effectively be a pre-announcement of financial results and, therefore, a breach of SEC regulations.
"It might not have been done maliciously, but it is still a breach of regulations, so part of what we need to do is educate people about what they can say. For instance, you cannot use the term 'guarantee' if you are selling stocks or policies. And you can't quote stock prices in communications. Technology is, of course, part of the answer, but it is not the only tool."
Safe and sound
Actiance has supplied its platform to some of the largest and most heavily regulated financial institutions in the world, and is helping them to manage communication, collaboration and social networking in strict compliance with all relevant rules laid down by bodies such as the SEC and FINRA in the US, Canada's IIROC and the PRA/FCA in the UK. Its clients include eight of the top ten European banks, the top ten US banks and the top five Canadian banks.
The Actiance solution controls access to applications, determining who can say and do what and with whom, as well as monitoring content within and outside organisations to ensure their brands are protected and their data remains secure. It also captures conversations and interactions in context so that communications can be traced and their meanings fully understood, and can search all captured content quickly to ensure that legal holds and eDiscovery are easier and less costly. Everything that is captured is also archived to long-term storage solutions for full compliance.
"We automate the compliance process by blocking inappropriate communication, and capturing and archiving content," says Oates. "That gives a high level of security to the banks that use our systems. When it comes to external social media, we are helping banks to communicate with their customers in a more personal way, without jeopardising compliance.
"Forty years ago, bank managers were respected members of the local community because they had fewer customers and they could get to know them personally. Now, relationship managers may have 5,000 customers, so they can't know them all individually, but banks are nevertheless working hard to make their customer contact more personal. Customers are accepting of digital channels and they expect companies to get social media right, but the risks banks face through these external channels are bigger."
Compliance is key
Banks have largely recognised that they must adopt a consistent approach to communications across all channels. In doing so, they must also take a coordinated approach to compliance and governance, which should be at the top of the list of priorities.
"Banks should treat internal and external channels the same," says Oates. "Every email or communication, even when it is between colleagues, is part of the electronic record. It reminds me of the poster that was put up during World War II, which said 'loose lips sink ships'. We have to educate financial institutions with respect to the risks they face and also evangelise around social media.
"Banks' compliance departments understand the importance of internal and external channels because they 'get' cybersecurity," he continues. "With our technology, they have a platform that evolves as regulations do. We can help them keep in step not only with the changes that regulators make but also with the changes that are made on the fly by sites like Facebook, which have thousands of updates every year and often don't announce them. Ensuring compliant communication is a very complex challenge, but our solution changes all the time so that our clients do not have to worry."
Recognising the need for a solution that ensures compliance in all electronic communications is the first step that banks should take. The next is to choose a provider of that solution in a market where there are many competing offers. The key criteria will be the performance of the solution as well as the ease with which it can be deployed. In his two years at Actiance, Oates has become convinced that it has the track record and the necessary domain expertise to meet the needs of the financial services sector, which is among the most heavily regulated of all industries.
"We offer a single platform that covers all networks, whether they are internal collaboration networks, instant messaging applications, unified communications or external social media," explains Oates. "We give organisations a single pane of glass through which to view all their electronic communications, and we work closely with the regulators, which makes a big difference.
"We also have strong relationships with LinkedIn, with technology developers like IBM and Microsoft, and with secure archive providers like Symantec. Our platform is also easy to implement, and it has very strong identity management capability."
The relationships Actiance has give it a unique insight into the workings of not only the financial services industry but also the regulators that govern it. With this understanding, it is able to recognise the requirements of a technology solution, and also the need to educate employees about how to use communications networks in a compliant way. A compliant bank is one that recognises the importance of both training and technology.