Theta Lake has published its fourth annual survey report on modern communications compliance and security, highlighting the complex challenges faced by those tasked with maintaining compliance, security and data privacy. The report is based on the views and experiences of more than 500 compliance and security professionals from the heavily-regulated financial services, healthcare and government sectors across the U.S., the U.K. and Canada. It provides a snapshot of how communication platforms are being used and the issues organizations are struggling with, enabling them to benchmark their own practices and expectations against the wider industry, identifying any gaps or areas of exposure they may have.

How to Comply With the New CMS Communications and Marketing Requirements for Medicare Advantage and Part D Conversations

New recording, disclosure, and compliance rules

New electronic communications recording, disclosure, and oversight rules from the Centers for Medicare &Medicaid Services (“CMS”), effective 1 October 2022, highlight the heightened scrutiny around the sale of complex healthcare products, to promote transparency and protect consumers.  In a digital age where prospects are bombarded with telemarketing calls, online advertising, social media, and promotions from celebrities and influencers, it’s more important than ever that they receive accurate information about sophisticated products.  Clarity is particularly critical when it relates to the purchase of essential healthcare services.

The new CMS rules can be viewed as part of a broader global trend toward increased disclosure for complex healthcare, financial, or insurance products directly marketed to customers.  Complaints about misleading advertising and sales of Medicare Advantage (“MA”) plans and Part D were the key catalyst for the CMS regulatory updates.  In the one year period between 2020 and 2021 the number of complaints submitted to CMS soared from less than 16,000 to over 39,000 – a staggering increase.

With a series of enforcement actions totaling about $1 billion in fines from the five biggest US investment banks, the SEC has made it clear there will be significant financial consequences if firms don’t start policing the use of communications channels, specifically the increasing use of SMS text and messaging apps, like WhatsApp, in their workforce.The seismic shift towards heavier enforcement comes after a warning was issued last October by the SEC that firms "need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps."

Clearly regulatory bodies have served notice - and the race is on to not only comply, but balance productivity gains with increasing regulatory scrutiny. How can firms avoid the worst case scenario of fines and sanctions (and resultant bad PR) while also not disrupting their mobile workforce and lastly, minimize complexity in their mobile/IT infrastructure?

IT: Caught in the middle between business and compliance requirements

Recent regulatory enforcement efforts describe only part of the story when looking at the current state of governance and the hybrid workplace. Two years after the start of the COVID-19 pandemic, it's clear that “work from anywhere” is here to stay for the foreseeable future. Like many industries, financial services firms have been looking at ways to more effectively engage and support their clients on their preferred channels, which includes SMS and WhatsApp. The real-time communication has enabled increased productivity and richer interactions but has come at a cost. Those firms are now grappling with how to provide WhatsApp, and related services, but in a controlled manner and balanced with a strong focus on compliance, security and corporate IT standards. Users have also made it clear that they will alternate the personal use of technology with their work efforts. The days of carrying two different mobile devices, like cowboys with two holsters, are in the rearview mirror.

Legacy approaches to supporting sanctioned WhatsApp usage do not fit the current hybrid workplace. Tools that can’t capture the full spectrum of WhatsApp services – WhatsApp Voice, SMS and Mobile Voice, while also protecting the fidelity and context of the conversation for compliance purposes, can add more complexity, and another set of challenges to the ones firms are already facing today. For mobile communications compliance, the challenge is having a comprehensive capture solution for all employees’ mobile and modern communication platforms and archiving them in one central location. This solution also needs to be able to be deployed across all users effectively and efficiently at an administration level, while ensuring personal communications are separated from business communications.

The need for mobile productivity with integrated compliance and security are not oppositional- and shouldn’t require making tradeoffs. It's clear that we can’t ask users to retreat and sacrifice productivity gains that will put the organization at a competitive disadvantage.

Introducing our partnership with Movius

Digital transformation has been a fundamental enabler for financial services firms. It is hard to underestimate the opportunities and regulatory benefits firms can derive from the implementation of technological solutions but maximising their potential can present challenges. Thomson Reuters Regulatory Intelligence's sixth annual survey and report on fintech, regtech and the role of compliance explores these challenges, particularly in the context of corporate governance and risk management.

The last two years have brought tremendous change, forcing us all to adapt and adopt technology, processes, and initiatives to stay connected virtually in an era where live interaction has been mostly restricted. The communication and collaboration market was front and center in making this possible.

To say that cryptocurrency has been a hot topic in financial services of late is a massive understatement. Coinbase announced (via Twitter, natch) that it submitted an application for registration as a Futures Commission Merchant under NFA and CFTC rules. However, the enthusiasm around Coinbase’s FCM announcement was likely offset by the withdrawal of its proposed interest-bearing Lend product after concerns about its security-like features prompted preliminary interest from the SEC. In other regulatory developments, the emergence of technologies for vetting and tracking digital assets for anti-money laundering and know your customer purposes are advancing rapidly. Look no further than MasterCard’s acquisition of CipherTrace as evidence of an increasing focus on transactional activity tracking and the lightning fact evolution of more mature AML/KYC processes for blockchain-based and other digital currencies.

It’s clear that the flexibility regulators including ESMA, the FCA, FINRA, and the SEC offered financial services firms around the relatively unfettered use of modern collaboration and chat tools like Zoom, Microsoft Teams, and Webex by Cisco during the pandemic has come to an end.  No action relief issued at the outset of COVID-19 has expired, and regulatory missives in the second half of 2021 indicate a marked change of tone and expectations for firms using dynamic communication platforms.

If you didn’t have a chance to attend Zoomtopia this year, there’s still time to watch the sessions as all are available on-demand. Theta Lake was a sponsor of the show and is a long-time partner of Zoom, offering its users the ability to leverage every aspect of the platform and have full coverage for security and compliance across those communication channels.

Collaboration tools like Microsoft Teams, Zoom and Webex Teams, RingCentral and Slack have become integral to how we work.  With multiple ways to communicate and collaborate they’re vital for keeping workforces and customers connected whether remote, hybrid or office based.  And with less and less physical in-person interaction, users are making use of the rich features to liaise and share information.  Not least by adding personality and emotion with emojis, reactions and GIFs.  But modern communications create compliance challenges when it comes to providing evidence and proof that is so often required for regulatory, HR, litigation or complaints resolution issues.

As enterprise communications technologies have evolved, the related challenge of managing business rules for groups permitted to use them and communicate with one another have become more complex. In financial services, business information barriers prohibit communications between specific groups to mitigate the risk of misuse of material non-public information (“MNPI”) to prevent market abuse and insider dealing. Information barriers requirements are spelled out in FINRA Rules 2241 and 2242, Section 204A of the Investment Advisers Act, in FCA’s SYSC 10.2 Rule as well as the SEC’s Exchange Act Section 15(g), which requires broker-dealers to: