2023 was an eventful year for digital communications governance. Hundreds of millions in additional fines were imposed in the U.S., with the regulatory focus expanding from banks to include broker-dealers, investment advisers and credit rating agencies. The U.S. wasn’t alone with the UK regulator sanctioning a bank and its energy regulator fining a firm for failing to capture trading communications.
“Digital Communications Governance solutions provide methods to monitor and enforce corporate governance and regulatory compliance across a growing number of communications tools available to employees”
New Gartner market category, July 2023
|
Last year’s crystal ball was remarkably accurate with unified communication and collaboration (UCC) tools cementing their position in the fabric of the modern workplace, communications compliance becoming a board level priority and the recordkeeping fines imposed expanding beyond U.S. banks.
For 2024, Theta Lake has again looked into its crystal ball, and considered its exclusive industry and regulatory insights, to predict what firms can expect in the coming year:
- Regulatory focus will widen to encompass all aspects of communications compliance. The $2.6bn+ in fines imposed in the last couple of years were mostly for a failure to capture communications. There are already signs that regulators are widening the supervisory net with fines imposed for wrongly deleted data, an inability to find data and poor supervision. Firms need to be prepared to enhance all aspects of information management and communications compliance, including specifically the ability to respond to regulatory requests for information.
- It’s not just a WhatsApp issue. The consequences of unmonitored communications will continue to plague firms with 74% of firms saying it's likely that employees are still using unmonitored communications channels. But it’s not just unapproved channels. Regulators will be scrutinizing all communication types. Being able to capture all channels, from voice to in-meeting chat, as well as the context like emojis, GIFs, reactions, deletions etc, will be a priority for firms.
- The death of the desk phone - that is, the single function desk phone for calling. The industry will continue its rapid shift to cloud-based UC ‘phones’ where voice, SMS as well as broader chat, video, and collaboration feature sets are available seamlessly across any device type in any location. In parallel that will accelerate the updating of compliance approaches to drive centralized capture, search, and supervision including a shift from disparate recording and archive tools designed solely for either voice or email.
- Compliance archives will become increasingly unified. The compliance pain and incompatibility with UCC of existing archiving tools is evident with 98% of firms dissatisfied with their existing archiving tools. Siloed archiving and voice recording systems will continue to struggle: Mis-timed, uncertainty in records capture, the challenges of finding records in a timely manner, and an inability to show complete records that span multiple integrated modalities like chat, video, email and voice will trigger even more recordkeeping fines. This will drive firms to unify their archives enabling the critical supervisory need to see the relationships between staff across platforms and follow conversations across modalities.
- Senior individuals will be hit with sanctions. Firms and their senior management should be under no illusions - the fines for communications compliance failures are NOT over. The regulatory rhetoric is now exceedingly blunt citing both ‘zero tolerance’ and a spotlight on the C-suite to embed the required compliance. Firms themselves have already taken action against senior individuals with clawbacks, demotions and dismissals. In 2024 communications compliance will take center stage in the boardroom. The vast majority of firms are revisiting their communications compliance with 40% already having made it a board level topic. The issue needs to be assessed urgently at the highest level before a review is mandated or required by regulators.
- Generative AI will power workplaces. Eighteen percent of firms consider generative AI to be the future and use it all the time. That will grow exponentially as real-world use case(s) deliver substantial cost savings and efficiencies. Wider use of generative AI will create new ‘channels’ of communication and require more communications capture. The promise of productivity gains for the summarization of conversations as well as the creation of content will, in turn, create more content and communications with new requirements for retention, search and supervision.
- Adoption of AI will enable better detection, surfacing and review of risks. The mainstream adoption of AI will enable firms to find risks and more easily navigate the increase in communications beyond the abilities of traditional lexicon and regex rules. With rising regulatory expectations for transparency and explainability, likely reinforced by legislation, those benefits will only begin to materialize if firms can demonstrate transparent oversight and explainability of AI models and outcomes, including a human in the loop.
- Reconciliation will become a key compliance priority. Being able to prove that you have not only captured all relevant communications but that you actually have the up- and down-stream evidence to validate complete and accurate records will be critical in demonstrating compliance to regulators. It will also provide assurance to the 74% of firms facing challenges in searching and retrieving communications.
- The unintended consequences of disabling UCC features will be increasingly expensive. The practical reality is that many firms have chosen to disable core UCC features as their existing tools can’t capture them &/or make them searchable for detecting and reporting risks. The unintended consequences of disabling productive features in approved UCC platforms is not only the perpetuation of staff being driven to unmonitored communication channels, but also a profoundly diminished ROI in the UCC tool(s) themselves with firms paying for features they aren’t using so employees aren’t able to maximize their productivity.
- ‘Data is the new oil’. Organizations will demand control of all of their data to unlock its inherent value. There are issues around the consolidation of data, economies of scale, and the need to eliminate concepts like migration costs and data being held ‘hostage’ by third party solution providers. With direct firm control, AI tools can access data to gain invaluable insights - without it firms will be unable to fully leverage their most valuable asset.
How Theta Lake can help
Backed by the investment arms of Cisco, RingCentral, Salesforce, and Zoom, Theta Lake’s multi-award winning product suite provides patented compliance and security for modern collaboration platforms, utilizing hundreds of frictionless partner integrations including RingCentral, Webex by Cisco, Microsoft 365 and Teams, Slack, Zoom, Movius, Box, Mural, Asana and more.
Theta Lake empowers organizations to safely, compliantly, and cost-effectively expand their use of unified communication platforms by enabling capture, compliant archives, and acting as an archive connector for existing archives of record across video, voice, and chat collaboration systems. Customers benefit from:
- Searching instantly across participants, all modes of unified communication and collaboration tools, meshed conversations, and timelines in an easy to navigate search system that covers and provides full replay for voice, video, chat, email, images, emojis, files, whiteboards, and more.
- Patented AI & ML to detect, surface, and enable actual response for regulatory, privacy, and security risks in an AI assisted review workflow with remediation and patented UCC security control integrations for protection across what is shared, shown, spoken, and typed.
- The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors and regulators. For example, chat messages can be viewed in their native format over the entire history of the conversation, with full context retained including images, GIFs, emojis and reactions.
- Theta Lake’s risk and compliance suite provides an advanced security and privacy architecture named STAR3 (Secure in Transit, Access, in Redaction, Remediation, and Removal), which is SOC2 Type II certified with ISO 27001 mapping, PCI DSS certified, 17a-4 and audit trail attested, BAA supported, and undergoes regular penetration testing so our customers, partners, and regulators worldwide are confident in That Lake’s data and system security, integrity, and privacy.
Ways to learn more
- Theta Lake’s Digital Communications Governance, Compliance and Security Report 2023/24 can be downloaded here
- Visit: ThetaLake.com | LinkedIn | X at @thetalake
- Join a weekly 30-minute demo webinar here or request a bespoke demo today from the friendly Theta Lake team here
- Keep up to date with regulatory perspectives from Theta Lake here