Compliance risk mitigation is arguably the most important strategic priority for banks, insurers, and wealth management institutions.  Hybrid work is not a “one size fits all”, as organizations balance the appropriate mix between brick and mortar, remote work, or both.  The impact of digitization and hybrid work on business communications compliance is increasingly relevant in response to ongoing U.S. regulatory actions by the SEC and CFTC (Commodities Futures Trading Commission), with fines issued over $2B and climbing to 12+ financial institutions for lack of supervision of unapproved communication methods.

Compliance challenges include:

  • Smartphone and tablet use by consumers and employees
  • Increased use of collaboration platforms
  • Regulated employee activity in work from home offices
  • Cost of storage and archiving

Industry reactions include:

  • Shift back to corporate-owned devices
  • Turning off features, including record, chat, screen-sharing
  • Burdensome oversight / mandating return-to-office
  • Scaling back versus modernizing

With increased sense of urgency to digitize processes, financial institutions must record, monitor, and supervise customer-facing and customer-related internal conversations concerning its products and services – including all forms of electronic communications, with retention periods varying from three to seven years.  Regulatory-driven corporate compliance obligation best practices which directly relate to communications fall into three primary categories: record-keeping, storage, and supervisory review.

There is increased industry compliance pressure to maintain a reliable audit trail of everyday business practices, whether audio, video, or chat, to quickly detect potential compliance risks in visual, spoken and written content with internal and external customers.

Cisco has a solution

Marc Gilman, Theta Lake
General Counsel and VP of Compliance

Cisco Investments portfolio company, Theta Lake provides UCC compliance and security solutions to address this immediate industry problem, including the potential financial implication of doing nothing.

“Financial institutions must navigate an increasingly rigorous regulatory environment while managing a complex set of communications technologies. Regulators across the globe expect firms to capture, retain, and supervise communications on any platform used to discuss financial products and services, regardless of where or when the interaction occurs. Theta Lake solves this problem by providing seamless integrations with Cisco’s full suite of collaboration platforms allowing firms to capture every video, voice, and chat communication and the dynamic components of those discussions like emojis, reactions, file transfers, whiteboards, and screen shares. Theta Lake helps firms every step of the way–from capturing core features of communications like chat, polling, or Q&A, to providing search and e-discovery capabilities across those conversations, even across different collaboration applications, and offering strategic supervision and long-term data retention capabilities using our multi-patented, AI-driven risk detections and smart workflows.” Marc Gilman, Theta Lake General Counsel and VP of Compliance.

What are next steps

While this has focused largely on the trading desk of global commercial banks, something financial institutions should not do in response to the SEC’s orders is to treat the issue as a one-dimensional problem. Buying a tech solution is not sufficient for most banks to solve the problem of understanding and monitoring how their employees communicate; banks also need competencies in how to handle the data they get from monitoring conversations.

Communication compliance also applies for financial institutions overall, including insurance, e.g., state insurance department claim standards of performance audits, potential adverse lawsuit from miscommunication on policy coverage terms and monetary limits.

There are many challenges to monitoring employee communications. One is sorting out who owns the data taken from employees’ communications and how stakeholders like the CTO and CRO want the data handled. Another is leveraging the data collected to find value efficiently.

For any financial institutions, there is assuredly a lesson from these fines, and inaction for these firms is not an option. Are you proactive or reactive?

We welcome the opportunity to talk further.

Why Cisco for Financial Services?


Tom Filep

Cisco Financial Services Lead for Americas Industry