Partner Insight: Exclusive interview: Proofpoint's Michael McGrath on compliance in the age of modern digital communication
With the rise of remote working and the influx of new digital channels, employees now have many ways to collaborate with colleagues and interact with customers.
As of October 2020, the number of daily active users on Teams reached 115 million, with Slack's daily active users currently at 12 million. From these figures, it is clear that workers are flocking to email alternatives. When other platforms such as Facebook, Twitter and WhatsApp, are brought into the mix, compliance and record-keeping becomes increasingly complex.
In order to stay competitive, organisations must meet users, both employees and customers, on their platforms of choice, and this has only been accelerated by the COVID-19 pandemic, with individuals conducting a growing proportion of both their work and personal lives online.
Computing spoke to Proofpoint's Dr. Michael McGrath, Snr. Director EMEA Compliance & Digital Risk, about how organisations must adapt to compliance beyond email:
"Very few people today have an expectation that they will meet their banking needs by going into a branch and producing a passbook," says McGrath. "We don't do that; we do it on an app, or we may make a call. So, there's an expectation that your bank that will be where you want it to be.
"It's the choice for every bank or platform who they support and where they'll do business and where they will socially interact with their customers."
Multiple channels, multiple challenges
While embracing omni-channel communication has a number of benefits for both productivity and customer satisfaction, complying with industry-specific regulations and corporate governance policies is a must. Organisations must have the ability to capture, retain, supervise and review content across multiple platforms. They must ensure social media use complies with industry regulations. And they must have an unalterable audit trail in case they are audited or investigated.
In this context, many organisations may find that their current compliance solution is not up to the task.
The sheer volume of content and ever-changing regulations are creating new challenges for those responsible for compliance and record-keeping. As a result, organisations must develop a way to capture and manage the growing volume and diversity of business communications, not just for compliance purposes but also to better inform business decisions.
For starters, is important that organisations have a comprehensive understanding of the communication tools that are being used within their business. Without visibility across all platforms, it is difficult to ensure compliance. This extends beyond platforms that are internally managed, such as Slack, Zoom or OneDrive, to include social media channels, as employees are engaging with customers on these platforms with growing frequency.
They must be able to capture content across these different communication channels comprehensively and efficiently, and downstream services, the systems that receive the data, must be able to cope with an increasing volume of information.
When it comes to the communications themselves, messages must be easy to search and supervise and it must be easy to find messages from specific employees, a specific time period and about a specific topic. Furthermore, communication now extends beyond text, so capture solutions must be equipped to deal with this.
All of this variety and volume of information is driving cost for compliance too. Companies need a strategy that not only addresses the regulatory and business to client needs but also addresses the rising cost that this brings with it. Firms need solutions that a unified, eliminating duplication of work, performant, eliminating wasted time and intelligent freeing users to make fewer but more valuable decisions.
More than compliance
However, a good compliance solution should not only capture content, but enable analysis that can lead to greater business insights. These must be easily accessible by those across the business in order to generate the most value. If data is easy to search and supervise, it will not only reduce IT teams' workloads, but also encourage more employees to engage with the system.
"Every time you use these systems is when you get the value" says Mcgrath. "Every time you do a search is when you get the value from your compliance system. If you make it easier to use, people will use it more and so the company gets greater value."
The factors mentioned previously will determine how an organisation performs in the event of an audit. They must be able to produce a paper trail when investigated and ensuring there are no gaps or service disruptions in their compliance programme is crucial.
In McGrath's view, it's all about trust. "When it goes wrong, you've got to answer a number of really fundamental questions from the regulator. Firstly, you're presenting your version of the case, is this the whole version? Is there anything missing? Do you know you've got everything? And if you can answer that, the next question is do you know if it has been altered? How can I prove that what I've stored is the message that was sent and it's not been tampered with, accidentally or just corrupted? And then the other thing is what are you doing with it?"
He explains that in order to have all the necessary information to hand, an audit mechanism is essential.
"You absolutely have to have some kind of audit mechanism. It's got to capture enough to be actually useful and the audit method itself must be beyond being tampered with. It needs to be immutable, just as the data needs to be immutable."
What does a good compliance solution look like?
The right compliance solution must be compatible with different formats and equipped to deal with new types of content, as well as identifying compliance violations at speed should they arise.
The solution must be able to reliably capture, manage and retain content from multiple channels in one place that can then be received by downstream services such as repositories and supervision tools.
McGrath maintains that good compliance solutions have a number of key characteristics.
"Firstly, it has to capture everything. Assuming you've done that, it needs to be able to normalise and allow you to handle the data together…It must be very performant because this data is often time critical and waiting for data is just wasting resources.
"And it's got to be very easy to use, it's got to be built for humans to perform on it. That doesn't mean it needs to look pretty, it just needs to work really, really well."
To find out more about compliance in the age of modern digital communication, read the report
This post was funded by Proofpoint