It will take approximately 10 minutes to read the following article.
During that brief interval, a co-worker down the hall will send a
suggestive e-mail to your assistant, an employee upstairs will send
an insider stock tip to his sister, while another staff member will
accidentally send a list of prospective customers to a distribution
list that includes competitors.
Whether it’s a violation of regulatory or corporate policy (such as
inappropriate employee conduct or improperly distributing
intellectual property), violations are constantly occurring within
the walls of an organization. Studies show that an average of .5
percent of all messages sent within an organization are policy
violations, which means 5,000 potentially damaging messages are
circulated throughout the business daily. Every 10 minutes, 105
instances of harmful communication are being sent, recorded and
stored for discovery by regulators.
Who is to blame? Do you blame the employee for being unaware of the
policy? Do you blame your compliance team for not monitoring
communication closely enough?
Following the rash of high-profile scandals, U.S. corporations face
an ever-increasing number of regulations, increasing the pressure on
compliance personal. For example, NASD Rule 2711 prohibits non-
research personnel in financial services firms from accessing
research before it is published. Compliance officers must facilitate
all communication between research and non-research departments. An
e-mail sent to a “dirty” distribution list, one containing both
research and non-research personnel, can result in allegations of
insider trading—a crime with hefty penalties.
With employees sending a million e-mails daily, monitoring outbound
electronic communication for countless regulations is an impossible
task. Assuming that the average compliance officer reviews 40
messages an hour, it would take 3,125 full-time reviewers to screen
all outbound corporate
e-mail. Imagine if you added IM, blog and chat room postings or Web-
mail!
To ease the burden, regulators have suggested firms review between
one and five percent of all electronic communication. To examine just
one percent of messages, 10,000 messages must be randomly selected
and reviewed, making the job of a compliance department a tedious and
arduous task; not to mention extremely inefficient as a high
percentage of those emails are compliant while damaging messages slip
by unnoticed.
In a recent report, analysts from Radicati wrote, “Companies publish
policies on proper electronic communication usage in employee
handbooks with the hope that individuals will recall them when it
matters most (i.e. as they are composing the electronic
communication). Given the large amount of policies and the speed at
which people work, this approach rarely works.”
As employees use e-mail to rapidly send messages to co-workers,
customers and prospects, it is difficult and timely to remember all
of the dos and don’ts contained in the policy manual.
Recently, Orchestria, software provider for active policy management
(APM) initiatives, surveyed U.S. financial services firm employees on
the threat to intellectual property posed by electronic
communication. Supporting the theory that most policy breaches are
due to a misunderstanding of policy rather than malicious intent, few
respondents have knowingly sent electronic communication that was in
violation of policy, while over 75 percent of survey respondents
stated that they have received inappropriate communication at work.
“The impulsive nature of electronic communication presents an
increased potential for inappropriate messages to be sent without
consideration of consequences,” said Matt Bienfang, TowerGroup
analyst. “Many employees just aren’t aware that what they are sending
is even against policy.”
Recognizing the absurdity of the expectations bestowed on corporate
compliance departments and employees, businesses are turning to
technology providers to ease the burden and decrease the risk for
employees. Utilizing an active policy management approach,
corporations can use technology to
accurately classify communications to prevent non-compliant messages
from being sent, stored or posted, while educating users on policy
and preserving business workflow.
According to Radicati, active policy management “allows reviewers to
focus their efforts on electronic communications with a high
probability of violation, ultimately deterring users from committing
future violations.”
An effective active policy management program can accurately detect
inappropriate communication and route it to the compliance
department, eliminating the need for random review and ensuring
violations are caught before becoming a smoking gun in corporate
archives.
While corporations cannot decrease the number of regulations, the
cost associated with compliance can be minimized by investing in
efficient communications management technology where workflow is
preserved and review time is not wasted on meaningless messages.
Compliance officers can breathe a sigh of relief, as they are no
longer living in fear of what squeaked by on their watch. In
addition, employees can operate with knowledge that an e-mail, which
mistakenly violates corporate and/or regulatory policy, will be
prevented from leaving the server.
Ten minutes have passed and your
archives remain clean and free of potentially harmful messages.
Active policy management has prevented a staff member from
accidentally sending a customer list to competitors; the employee was
immediately notified and took action to correct the situation.
Meanwhile, compliance officers can review a record of the transaction
as needed, decreasing the quantity of e-mail needing immediate
review. Through an APM approach, companies can minimize the risk
associated with electronic communication as well as dramatically
decrease the cost of compliance. 
|
