Throughout 2021, Cisco Financial Services will continue to examine how ‘Connect, Secure, and Automate’ – our strategy for helping customers accelerate their digital agility – enables financial institutions to deliver digital-first customer engagements that capitalize on a hybrid work operating model.
This week we welcome Anthony Cresci, VP of Business Development and Operations at Theta Lake for a short Q&A on a key topic for operational risk and security leaders – ensuring regulatory and audit compliance of collaboration platforms that are a vital part of an evolving operating model at financial institutions.
Theta Lake’s solution helps security and compliance teams quickly scale their risk detection and the workflows for communication security, data loss protection, archiving, and supervision of modern video, chat, voice, and unified collaboration systems. They are also a Cisco Investments portfolio company and a Cisco Solutions Plus partner which enables financial institutions to procure Theta Lake’s platform directly from Cisco.
What are the biggest compliance challenges that Financial Service firms face with Collaboration Tools?
It has been over a year since the pandemic began and firms have gathered multiple data points that point to a “Work from Anywhere” future—from increased business productivity to reduced operational costs and employee preference for hybrid work models. Moreover, it has become clear that employees have their own preferences for specific communication channels and the ways they share information, with the predominant modes being video conferencing and collaboration chat.
Chat and video conferencing represent the two most significant risk vectors in this new work from anywhere environment. Managing the risks related to data leakage (both intentional and inadvertent), employee misconduct, data privacy, and regulatory risks pose challenges to organizations of all shapes and sizes. In addition to this evolving risk landscape, firms’ existing compliance tools struggle to identify risks in unified communications across what is being said, shown on screen, shared, or written. These collaboration and chat risk gaps result in inconsistent compliance and security controls for FIs’ fastest-growing communication channels. In addition, firms have tried to solve this by turning off features such as in-meeting chat and whiteboarding, but that only reduces employee productivity and the value of the UC platform.
Chat/messaging seems to be a big focus for compliance, risk, and legal teams, can you expand on how you are helping customers using solutions like Webex App Messaging?
For FI’s there are long-standing regulations mandating the preservation and supervision of electronic communications, such as SEC Rule 17a-4 and FINRA Rule 3110 in the US and MiFID II and SMCR obligations in the UK and EU. One aspect of these mandates that gets overlooked is ensuring that vendors provide capture capabilities for the rich feature sets of collaboration and chat systems, including messages (including Webex Meeting chat), file transfers, emojis, audio and video files, content displayed through web cams or screen shares, reactions, and GIFs. Retention is also key and vendors must comply with the SEC’s WORM archiving requirements and offer flexible rule-based retention features. Theta Lake is helping Cisco customers capture all messages and content communicated in Webex App Messaging (including Webex Meeting chat), plus stitch them together in a native chat viewer so that compliance teams see messages, files, images, and emojis displayed in-line the same way they appear in the applications themselves. Our joint customers value the ability to seamlessly scrolling through content across multiple days and channels in one system, which is vital to understanding the context of the conversations and related risks.
The other important aspect to chat is supervising the communications for misconduct. Theta Lake’s deep-learning-based policies detect regulatory, conduct, and compliance risks across voice, visual, and text-based content (messages and files) to provide a more holistic view of risk for the organization. Theta Lake identifies risks like customer complaints, risky and coercive behavior as well as flagging conversations that contain promissory language that would fall afoul of FINRA or FCA investment recommendation standards.
Seems like a lot of your capabilities are not just compliance, but Security focused. When you are speaking with CISO’s, what is top of mind for them?
Data leakage, malicious content or URLs present in collaboration, and the security controls of UC platforms. Cisco provides best-in-class security across Webex and offers a lot of functionality to better secure meetings and recordings like end-to-end encryption, meeting passwords, and waiting rooms. Knowing what security controls are available across multiple UC platforms and monitoring them to detect changes is an increasingly difficult task, which is why we offer a single pane of glass through our Safety Configuration and Validation Enforcement Reporting, or “Safety COVER,” capabilities.
CISOs flag data leakage and information protection as the most critical risks related to the use of collaboration and chat platforms. Protecting data to meet cybersecurity standards articulated by the SEC, FINRA, and NYDFS as well as adhering to privacy obligations under GDPR and CCPA are essential.
Security professionals understand that confidential and sensitive information can be shared across messaging apps and through desktop sharing, whiteboards, and even webcams in video conferencing sessions. Existing security and privacy technologies don’t cover these new and nuanced risks, so CISOs must deploy modern platforms like Theta Lake that cover all the new communication features of modern collaboration and chat platforms like Webex Meetings and Webex Teams. Security and privacy strategies that omit these new threat surfaces won’t pass muster with regulators, auditors, or consumers.
Lastly, phishing and malicious URLs are established attack vectors that allow bad actors to compromise an organization and open up avenues for data exfiltration and account takeovers. Theta Lake detects the presence of potentially problematic URLs across content shown on screen, within documents shared in chat, or written in messages to enhance oversight processes and prevent security incidents.
I’ve heard compliance teams are struggling to supervise and manage compliance for the growing volume of UC content, what are some pain points?
The firms that we have seen be the most successful are the ones who understand that they need a security and compliance suite built for modern collaboration instead of trying to adapt legacy platforms built for email. Most existing platforms can’t ingest audio or video recordings or display chat in its native format, which must is a baseline functionality in this work from anywhere environment. Organizations are forced to rely on random spot-checking and manual reviews, which don’t scale and are cost-inefficient.
Firms typically contact Theta Lake at this inflection point—when they realize their existing tools aren’t architected for dynamic communication platforms, and they must up-level their compliance and security technology framework.
How does Theta Lake help financial institutions address those pain points?
Theta Lake’s security and compliance solution for modern collaboration platforms uses patented artificial intelligence to detect risks across video, visual, voice, chat and document content with seamless integrations across Webex Meetings, Webex Teams, CMS, and other leading video conferencing and collaboration tools. This helps regulated organizations address risks including data exposure, phishing, account compromise, acceptable use and regulatory compliance risks all while addressing archiving, eDiscovery, and supervision requirements through one platform.
Many thanks to Anthony Cresci for this week’s contribution to Cisco’s Financial Services blog. You can view more details of Theta Lake’s integration with Cisco here or reach out to your local Cisco sales representative to arrange a solution demonstration.