As a growing number of financial services firms allow employees to bring their own mobile devices to work, compliance officers are scrambling to mitigate risks to their firms, according to a new survey from Smarsh, a provider of email archiving and compliance solutions.
More than half of firms now allow iPhones, iPads, Android phones and tablets on the corporate network, Smarsh reported in its second electronic communications compliance survey report.
Last year, FINRA issued Regulatory Notice 11-39, stating that firms are required to retain, retrieve and supervise business communications regardless of whether they are conducted from a work-issued device or personal device.
Archiving and supervision practices governing communication from these devices, however, lag behind those in place for laptops and desktop computers, according to the survey of 209 compliance officers.
Today, the majority of compliance professionals (65 percent) said they would have minimal to no confidence in their ability to produce text messages during examinations.
Asked about their main concerns relating to electronic message compliance, 63.4 percent of respondents named new communications devices such as smartphones and tablets. Over 81 percent said their biggest worry is new and changing regulation.
Personal devices are a particular worry for compliance officers: according to the survey, 65.5 percent said they had minimal confidence that their firm is capturing and archiving communications on personal Android devices; 63.3 percent said they are not confident that they are archiving communications on Windows Phones; 59.7 percent fear they are not archiving communications on personal BlackBerry devices and 53.7 percent worry about personal iPhones.
According to IDC’s Worldwide Mobile Phone Tracker, Android and iOS mobile operating systems accounted for more than eight out of ten smartphones shipped in the first quarter of 2012.
Meanwhile, firms have been taking a formal compliance stand regarding social media use.
Nearly eighty percent of respondents of the survey indicated they have written policies to address the use of LinkedIn, Facebook, and Twitter. Last year, less than half the respondents had a policy in place.
Respondents indicated that website content was the second most requested communication type during regulatory examinations, second only to email. At the same time, 41 percent of respondents said they had minimal to no confidence in their ability to produce website content during an examination, and only 35 percent reported having an archiving and supervision system in place for websites.