The UK Financial Conduct Authority (FCA) has published a ten point checklist for firms to consider ahead of the Consumer Duty coming into force on July 31, 2023. The Consumer Duty is a significant shift in regulatory expectations and will apply to new and existing products and services that are open for sale or renewal.
From the ten point list, two are specifically aimed at communications:
- How are you testing the effectiveness of your communications? How are you acting on these results?
- How do you adapt your communications to meet the needs of customers with characteristics of vulnerability, and how do you know these adaptions are effective?
In addition other points ask:
- What data, MI and other intelligence are you using to monitor the fair value of your products and services on an ongoing basis?
- What assessment have you made about whether your customer support is meeting the needs of customers with characteristics of vulnerability? What data, MI and customer feedback is being used to support this assessment?
- How have you satisfied yourself that the quality and availability of any post-sale support you have is as good as your pre-sale support?
What is crystal clear is that the FCA has put communications compliance at the heart of how it expects firms to have built their strategic approach to the Consumer Duty.
|"Firms need to not only have robust recordkeeping in place for all relevant communications but also the capacity to comprehensively evidence surveillance and the basis for follow up actions."|
Indeed, firms would be very well advised to enhance their focus on all aspects of communications compliance in support of the Consumer Duty - as the FCA put it ‘Once the Duty is in force we will prioritise the most serious breaches and act swiftly and assertively where we find evidence of harm or risk of harm to consumers.’
The challenges are not to be underestimated. Dynamic unified communications (UC) tools such as RingCentral, Zoom, Cisco Webex, Slack, and Microsoft Teams are an essential part of the modern business environment. One can imagine scenarios where UC-powered consumer interactions encompass screen shares displaying prospectuses and marketing materials, financial plans including whiteboard diagrams and collaboration, and the use of chat, polling, and Q&A to vet investment strategies and preferences. With that enabled hybrid working environment and customer engagement capability comes a huge amount of data, the sheer magnitude of which outstrips the capacity of individuals to review manually.
Practical reality is that firms need to preserve an ever widening range of content including emojis, GIFs, and edited and deleted messages, given the expectations around retrieval and surveillance, records need to be captured and preserved in their native context. Native context preservation is essential to allow content to be retrieved in its original state and properly surveilled to provide not only the evidence regarding the effectiveness of communications, but also to form the results upon which a firm can take action.
AI can help
Robust, comprehensive recordkeeping is a prerequisite for the use of AI. The use of AI enables vast volumes of communications to be analyzed. Critically, it also enables organizations to detect risks and breaches at scale, provides alerts at significant speed and can help prioritize what to review. It is this capability that has risk and compliance functions exploring the possibilities and benefits of artificial intelligence (AI), machine learning (ML) and natural language processing (NLP).
There are a range of options for consideration as compliance functions refine and develop their use of AI. The applicability of the options will depend on the nature of the business undertaken but in terms of evolution many firms are likely to be working towards the use of industry specific detections to increase line of sight to potential risks and the qualitative elements of the Consumer Duty.
|"Transparency into selling conversations taking place across UC platforms, and leveraging all UC features, will be key for demonstrating compliance with the FCA’s Consumer Duty expectations."|
The deployment of purpose-built, pre-trained AI-based risk detections which focus on specific conduct, compliance, or security risks has many potential benefits. The models can be trained to detect specific the display, discussion, or disclosure of confidential or personal information including account numbers, email addresses, and birthdates, sensitive documents like customer lists or applications that are shown such as trading screens, HR or finance systems. These targeted detections use high quality expert sources and domain expertise, which means that the burden does not fall to individual organizations to train the AI models or verify the results.
Specifically, it is AI's ability to understand specific risks in context that reduces both the number of false positives or alerts, as well as risks that would otherwise be missed because audio or transcript are unclear. Context is all important. Well trained AI can use all elements of a communication to take a full context view with regard to, say, compliance with the Consumer Duty.
With the right solution, the use of AI enables organizations to find the risks across its communications at speed as well as benefiting from significant efficiencies and cost savings.
How Theta Lake can help
Theta Lake’s multi-award winning product suite provides patented compliance and security for modern communications utilizing over 100 frictionless partner integrations that include RingCentral, Webex by Cisco, Microsoft Teams, Slack, Zoom, Movius and more. It is exactly the kind of technology investment referenced in one of the firm’s own remedial actions to facilitate compliant communications.
- Theta Lake captures and compliantly archives communications including videos, voice, chat, screen share and file transfer from mobile messaging platforms to SMS and WhatsApp to enable compliance with relevant recordkeeping and other requirements. It also acts as an archive connector, enabling existing archives and data storage to be utilized without disruption.
- AI-enabled automated detection of potential or actual misconduct requiring reporting to the risk committee or regulator. Identified risks are surfaced in an AI-assisted review workflow providing an efficient and effective review process for compliance teams. Theta Lake has more than 85 risk detections which are pre-trained and ready for customer use with customers able to provide feedback and training on the classifiers.
- The ability to ensure that all aspects of messaging can be preserved, and a full audit trail provided to supervisors, regulators or prosecutors. For example, chat messages can be viewed in their native format over the entire history of the conversation with full context retained together with in-meeting communications and images, GIFs, emojis or reactions that change meaning and context.
- Theta Lake’s compliance suite is SOC2, Type II audited and maps controls to ISO 27001 so confidential, privileged or sensitive data can be automatically redacted to meet data privacy and other legal obligations.
Ways to learn more:
- You can find further regulatory perspectives from Theta Lake here.
- Get our guide: “Smart Compliance Capture Considerations for Unified Communications” which outlines a buyer's checklist to use when evaluating recordkeeping and capture solutions.
- Join a weekly 30-minute demo webinar showing Theta Lake’s Smart Capture solution by registering here.