On April 13, the US Cybersecurity and Infrastructure Security Agency (“CISA”) and several other global cybersecurity agencies issued a practical roadmap for technology product design called “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.” The document provides a clear articulation of CISA’s cybersecurity expectations, which signals a emerging paradigm shift noting that “[m]anufacturers are encouraged to take ownership of improving the security outcomes of their customers.” This transition finds CISA focusing more on software developers as responsible for consumer security as opposed to the governmental or private sector users of these applications.  

Generative AI refers to a set of technologies that produce new data based on the information they have been trained on–these applications “generate” new information like text or images based on their training data, hence the “generative” monniker. The most popular uses of generative AI, or “GAI,” have been as part of interactive chat applications like Open AI’s ChatGPT and Google’s Bard, image generating applications like Stable Diffusion, Midjourney, and DALL-E, and code generating systems like Copilot. 

The U.S. Securities and Exchange Commission (SEC) and the Commodities Futures Trading Commission (CFTC) have fined three firms, two in the same group for ‘widespread and longstanding’ failures by the firms and their employees to maintain and preserve electronic communications. To settle the SEC charges, both firms acknowledged that their conduct violated recordkeeping provisions and agreed to pay penalties of $15 million and $7.5m, respectively. In related actions, the CFTC brought cases against two firms in the same group for failing to maintain, preserve, or produce records, and failing to diligently supervise matters related to their businesses. The firms were fined $15 million. The CFTC also fined a firm $30 million regarding recordkeeping and supervision failures for the widespread use of unapproved communication methods.

We’ve been on an innovation roll lately at Theta Lake and it's exciting to announce that we now support Asana, the work management tool used by millions around the world. With this new integration, Theta Lake and Asana joint customers will be able to streamline their workflows, manage tasks more effectively and ensure their compliance needs are met.

The demise of multiple crypto firms has prompted regulators around the world to undertake in depth investigations into the governance, risk management and compliance arrangements in place at firms such as Binance. 

If you’re following Theta Lake on social media, via our collateral or newswire you may have heard about “Smart Capture” for communication compliance, archiving, and record keeping and wondered, what is this, what does it do, and do I need it? Before we answer these questions and define what we mean by “smart” it's important to understand the roots of compliance capture for communications and the historical context.

What's The News?

With our latest release, Theta Lake is fully supporting Microsoft's Viva Engage platform through capture of content, AI-based detections for risk and policy violations and archiving support. Microsoft Viva Engage (formerly Yammer) is a widely used digital experience platform designed to help employees feel more connected to their work environment, improve collaboration, and increase productivity.

The UK Prudential Regulation Authority has censured a bank for wide-ranging significant regulatory failings between December 2016 and May 2020, which spanned breaches relating to large exposure limits, capital reporting, governance and risk controls and PRA Own Initiative Requirements (OIREQs) and, for the first time, failure to capture and retain WhatsApp messages. The seriousness of the breaches justified a fine of £8,515,000, however, since the bank is in wind-down the PRA imposed a public censure as a warning shot to the industry more broadly.

When is a rocket ship not a rocket ship? When it is cited in a legal casealleging a firm and its control person violated U.S. securities laws by offering for sale to the public certain non-fungible tokens (“NFTs”) without filing the required registration statement with the Securities and Exchange Commission (the “SEC”).

The use of emojis was specifically called out as meaning there was an expectation of profit for the NFT issuance, which was then deemed to be an investment contract (*known as the Howey Test).  Although the literal word “profit” was not used in any of the organization's Tweets, the “rocket ship” emoji, “stock chart” emoji, and “money bags” emoji were included and, objectively, mean one thing: a financial return on investment.

With Spring comes the arrival of a long slate of in person events for Theta Lake. Last week we attended Enterprise Connect 23in Orlando, FL, the preeminent event for unified communications users, providers and partners. We had a memorable event meeting many new and familiar faces and made some news of our own at the event. Many of our discussions were variations on “I didn't know Theta Lake supported all of these modalities” and “we have had to turn off UC features for compliance reasons and would like to understand how we can compliantly turn them on”. These are discussions we were glad to have. Here’s a rundown of some of the trends and happenings at this year’s show: