Mastering Digital Communications Governance: Common Questions Answered

Regulators require financial firms to capture and archive their business communications so they can be reviewed to confirm good compliance habits, or find potential risk areas. But regardless of how much guidance regulators provide, there are still a number of questions around books and records requirements and how to establish an effective and compliant communications governance program.

Here are answers to some of the top questions we frequently get asked to help you establish and maintain a successful communications governance program.

What constitutes a business communication?

Business communications include any interactions related to the business’s operations, decisions, or client engagements. These can occur over various channels, including email, mobile, collaboration tools, social media, financial platforms, and phone conversations. In the financial industry, firms are responsible for capturing and retaining records of these communications to ensure compliance with regulatory bodies like the Commodity Futures Trade Commission (CFTC), UK Financial Conduct Authority (FCA), U.S. Securities and Exchange Commission (SEC), Financial Regulatory Authority (FINRA), or Monetary Authority of Singapore (MAS).

All conversations that involve business communications typically need to be captured, especially when using firm-issued devices or approved channels. Firms often record business-related calls and messages on both firm-owned devices and, in some cases, personal devices used under a Bring Your Own Device (BYOD) policy. Regulatory requirements around conversation capture vary by business and/or location, but tend to be strict for communications with clients, transaction orders, or any discussions that could impact market integrity. The key is ensuring all business-related conversations, regardless of medium, are logged, monitored, and stored in compliance with applicable regulatory standards.

Personal vs. BYOD phone usage? How to capture just business communications?

For personal and BYOD usage, the primary challenge is ensuring business communications are captured while respecting employee privacy.

• Segregate business and personal use: Firms can use mobile device management (MDM) software to segment business and personal activity on BYOD devices, capturing only the business-related communications as defined by firm policies.
• Enforce clear policies: Clearly define in your policies what constitutes business communications and the approved methods and apps for such communications. Employees must understand that any business communication, even on a BYOD device, may be subject to capture and monitoring. Many firms employ a periodic attestation process to underscore the importance of business-related communication policies.
• Enable channel-level capture: Limit approved channels on BYOD devices to only those that can be monitored effectively (e.g., business email, approved messaging platforms). Disable or prohibit business use on personal messaging apps or social media accounts that aren’t part of the company’s compliance capture capabilities.
• Use consent-based controls: Seek employee consent for the capture of business communications on BYOD devices, and ensure that device settings align with privacy regulations to protect non-business communication from capture.

By employing policies, consent-driven solutions, and MDM, firms can balance regulatory compliance with privacy for personal and BYOD devices.

How do you check for off-channel communications?

Off-channel communications, or interactions conducted outside approved business channels, are a priority focus area for regulatory bodies. To detect these, firms should implement the following strategies:

• Training and awareness: Regularly train employees on what constitutes approved and prohibited channels, emphasizing the risks of using personal or non-captured apps for business communications.
• Monitoring high-risk keywords: In captured communications, look for language indicative of off-channel discussions, such as terms like “take it offline”, “hit me up on…” or “switch to personal.”
• Employ specialized technology: Surveillance platforms can detect unusual patterns in captured data that may indicate off-channel activity. These tools may flag messages containing certain keywords, or sequences indicative of off-channel planning, for compliance review.
• Certifications and attestations: Require periodic attestations from employees affirming that they are only using approved channels for business interactions. Frequent certifications help reinforce compliance standards and reveal any discrepancies in usage.

Regular checks for off-channel communications and robust policies and training requirements that make employees aware of consequences for off-channel activity are essential to maintaining compliance and reducing risk.

Best practices for developing effective surveillance searches.

Effective searches in communications surveillance require a tailored approach. Here are some best practices to consider:

• Identify high-risk keywords and phrases: Use keywords associated with potential market abuse, insider trading, or off-channel activities. Keep this list updated to reflect new industry risks.
• Segment by channel and language: Customize searches for each communication channel, considering the specific type of risk associated with email versus chat or voice. Also, if multiple languages are in use, employ language-specific searches or multi-lingual capabilities.
• Use risk-based criteria: Employ parameters such as frequency of communication, trading patterns, or unusual activity alerts to help focus on high-priority communications.
• Refine searches regularly: Surveillance parameters and keywords should be revisited periodically to ensure they reflect the current risk landscape and market conditions.
• Automate for efficiency: Where possible, use automation to flag potential risks without manual oversight on every message. This saves time and allows compliance teams to focus on areas where human judgment is most valuable.

These practices, when used together, allow firms to balance comprehensive monitoring with efficiency and precision in search results.

Watch our webcast

Do you have more questions about communications governance? Watch our on-demand webcast for more information about aligning your communications governance program with regulatory expectations, including a demo of our eComms solution that can help you capture, archive, and surveil business communications.

Watch on demand

How We Help

ACA’s eComms Archive and Surveillance Solution provides seamless, end-to-end capabilities for capturing, archiving, and surveilling communications across a wide range of platforms. Key features include:

• Capture: Ingests communications from a variety of connectors, such as Microsoft, Gmail, Bloomberg Chats, iMessage, WhatsApp, LinkedIn, and more.
• Archive: Delivers rapid search and export functions, accelerating responses to regulatory inquiries.
• Surveillance: Utilizes AI-driven tools to monitor high-risk activities with precision, offering robust data curation and risk detection features.

By integrating advanced technology with our deep regulatory expertise, our solution enables firms to meet the increasingly complex demands of digital communications governance. With enhanced archive features designed for efficient research and extraction, and AI-powered surveillance tools for precise content curation, we help firms enhance compliance effectiveness and efficiency.

We also have an experienced Managed Services team who can help you parse through your surveillance results and streamline the review process. With specialized expertise, they can save your team valuable time and resources.

Contact us today to learn how we can transform your communications compliance program and help you launch, grow, and protect your firm.