This week we welcome Marc Gilman, General Counsel and VP of Compliance at Theta Lake for a Q&A on a key topic for compliance, operational risk, and security leaders – ensuring that robust controls are in place for regulatory, cybersecurity, and privacy of collaboration platforms. With hybrid work becoming the norm in financial services, collaboration platforms and BYOD communication channels have become a vital part of the operating model at financial institutions.
Theta Lake’s solution helps security and compliance teams quickly scale their risk detection and the workflows for communication security, data loss protection, archiving, and supervision of modern video, chat, voice, and unified collaboration systems. They are a Cisco Investments portfolio company and a Cisco Solutions Plus partner which enables financial institutions to procure Theta Lake’s platform directly from Cisco.
What are the biggest compliance challenges that financial service firms face with collaboration tools?
The biggest challenge facing financial service firms is the exponential increase in the adoption of collaboration tools and their rich features sets. Collaboration tools like Webex constitute critical infrastructure for firms operating in a hybrid work environment. Ensuring that every aspect of these complex communications from screenshares and webcams to whiteboards and chat can be appropriately captured, archived, and supervised to meet SEC, FINRA, FCA, CFTC, and other global regulatory requirements is crucial. Organizations are looking to purpose-built supervisory technologies like Theta Lake to unlock productivity and comply with relevant rulesets. Meeting the compliance challenges of the new work from anywhere world is top of mind at financial services firms.
We’ve seen in the news about the biggest Wall Street firms being hit with fines over client communication occurring outside of approved channels. Why is this still occurring, how can it be prevented, and is it only a Wall Street or trading issue?
These enforcement actions continue to occur because firms are challenged by the ever-expanding use of new messaging technologies and must be extremely nimble to implement compensating compliance controls. Firms can avoid these fines by exploring new approaches to archiving and supervision like we’ve developed at Theta Lake as well as examining written supervisory policies and procedures to ensure that onboarding of new messaging systems and acceptable use are clearly described.
While the use of unmonitored platforms has proliferated in financial services, organizations of all stripes must be vigilant about messaging systems in the hybrid work world. Since collaboration and chat platforms like Webex Messaging and Meetings are being used for everything from customer support and healthcare to college classrooms and official state and local governmental business, understanding the conversations occurring on them is critical. Every organization must protect the confidential and sensitive information transiting these communication tools. Additionally, ensuring that employees are not engaged in inappropriate or offensive behavior that would violate Codes of Conduct and create HR issues when communicating internally and externally is extremely important. The reputational consequences of negative customer conversation going viral would be extremely damaging for any organization.
Chat seems to be a big focus for compliance, risk, and security teams, can you expand on how you are helping customers using solutions like Webex App Messaging or WhatsApp?
From a foundational perspective, our use of API-based integrations to capture chat data is a game changer. An API-enabled approach allows Theta Lake to capture and ingest all of the dynamic elements of chat including reactions, emojis, GIFs, and files transferred during a conversation. This includes the ability to examine the contents of exchanged files be they voice, video, text, documents, or spreadsheets. Our regulatory, security, and privacy detections examine all of that content in context and allow for the seamless and accurate identification of potential risks.
Our breadth of integrations extends to over 40+ chat, voice recording, and video content management platforms, and we are constantly expanding and improving integrations. A great example of this is our recent Webex Meetings e-comms archive integration, which allows customers to selectively capture and archive content from Webex Meetings such as the chat or transcripts elements. This is a game changer for organizations that want to incrementally unlock the benefits of specific Webex features to fit a specific situation.
Using the Theta Lake platform is simple—our expert field technical services team has provisioned customers over a weekend, so the platform was set up to analyze conversations on Monday morning. We have tons of intuitive, interactive workflows so that organizations can sample content based on risk score, platform, date, or region and route conversations to the appropriate review teams. We think carefully through platform design and user experience and have several patents issued around these visual elements of the system.
Seems like a lot of your capabilities are not just compliance, but security focused. When you are speaking with CISO’s, what is top of mind for them?
Speaking with CISOs we’ve noticed an emerging set of concerns stemming from regulatory change and the current global security threat landscape.
The SEC’s recent cybersecurity guidance mandates baseline security controls for investment advisers and registered investment companies to protect investors and their data. These new control requirements are in addition to existing SEC cyber requirements and frameworks like the NYDFS’ Cybersecurity Regulation. Moreover, mandates for Board of Directors’ involvement in cybersecurity program design as well as incident reporting requirements are promoting broader conversations about risk tolerance and remote work strategy at the senior management level. The increased use of collaboration platforms, while providing immeasurable benefits for firms, have increased the risks of data exposure and the corresponding need to secure conversation channels that might include discussions about MNPI, trade secrets, and confidential information. As a result, CISOs and senior management are carefully considering how to deploy collaboration and chat tools to securely support hybrid work.
I’ve heard compliance teams are struggling to supervise and manage compliance for the growing volume of UC content, what are some pain points?
There are some clear pain points related to the expanding use of the visual components of UC platforms such as webcams, whiteboards, and screenshares as well as the interactive portions of chat like reactions, emojis, and GIFs. These new features challenge compliance teams as legacy tools cannot capture and retain these interactions, which is a clear barrier to deployment. Since regulators are increasingly focused on features like polling, chat, whiteboards, and application shares, compliance teams must be creative and responsive to ensure that supervisory technologies meet these emerging demands. At Theta Lake, we use artificial intelligence and machine learning to examine video, voice, chat, and file transfers for compliance, security, and privacy risks. These AI techniques, like our TranscriptionRN capability, allow us to identify content in context as well as accurately detect risks even where a video, voice, or chat transcript includes a typo or error. So, for example, if a voice transcript includes the phrase “Let’s talk on what’s up,” Theta Lake’s platform considers the broader context of the conversation flags it as a mis-transcription of “Let’s talk on WhatsApp.” These AI detections coupled with the flexible workflows and seamless user management described above, reduce compliance headaches and make supervision more efficient and effective.
How does Theta Lake help financial institutions address those pain points and what has been the biggest “a-ha” moment a client has reported?
The pain points we help with, and “a-ha” moments come in a few flavors. One very simple, tangible way we help customers is with our Chat Archive Connector. Theta Lake can then capture and ingest those interactions only across chat channels or in-meeting chat, without recording the meeting. The Archive Connector allows firms to deploy the essential video, voice, chat, and other key features of Webex and either retain the content in our platform in 17a-4 compliant storage or send it to a customer’s legacy archive for long term storage. The Archive Connector allows firms to collect and examine interactive collaboration content and extend the lifespan of existing archives without disrupting related supervision and eDiscovery processes.
Another great “a-ha” moment is when a customer deploys our visual-based risk detections to identify sensitive data displayed over a screen share or flag the presence of a particular logo or object through a webcam during a Webex meeting. Our patented video supervision technology is very much on the cutting edge of these visual risks, so seeing positive reactions to that is always exciting.
You’ve worked in financial services and are a lawyer by trade. What is the biggest risk financial services companies are taking by not properly supervising electronic communication?
Enforcement risks and fines are very meaningful and likely top of mind for Chief Compliance Officers, particularly given recent SEC activity in the area of messaging supervision. However, in the hybrid work world, cybersecurity, privacy, and reputational risks should also be key areas for deploying improved communications controls. Security risks related to everything from sharing of malware links to unauthorized sites or applications can compromise firm systems and expose them to dangerous ransomware—a debilitating operational prospect, particularly in a distributed work scenario.
The risk of exposure of sensitive personal data is also a key concern. Given capabilities to easily display and send spreadsheets and documents through collaboration and chat platforms, the ability to detect potentially problematic distribution of data is essential to protect firm information and align to relevant regulatory requirements. Moreover, the ability to search, retrieve, correct, and delete information to respond to DSARs is crucial. Theta Lake’s purpose-built capabilities manage all of these risks—from our AI-enabled detections that encompass screenshares, webcams, and file transfers to our search, retrieval, export, and case management features to support privacy compliance.
The ever-expanding spectrum of collaboration and chat risk coupled with the new normal of remote work makes compliance, security, and privacy critical across senior management and the Board of Directors—such issues are no longer relegated to compliance alone.
Many thanks to Marc Gilman for the contribution to Cisco’s Financial Services blog. You can view more details of Theta Lake’s integration with Webex by Cisco here or reach out to your local Cisco sales representative to arrange a solution demonstration.