Information barriers have always been a challenge for organisations to manage, monitor and control. As a result, many firm have historically banned home working and previously only enabled access to files, folders, and other information on-site.
Along comes the Covid-19 pandemic, and suddenly all rules needed to be readministered to facilitate the new remote working conditions – forcing firms to completely rethink how they manage the exchange of confidential information between employees.
So, how can compliance officers monitor and control information barriers in a remote working environment?
Traditionally, these functions have been heavily dependent on manual processes. And whilst there is high long-term cost and risk associated with this legacy set-up, many organisations continue to rely on it. The risks include human error, not being able
to adapt to changing conditions quickly enough, and of course financial implications. Falling short of safeguarding information can ultimately lead to conflicts of interest and loss of income.
To ensure the successful implementation of information barriers, compliance officers need to follow actions beyond just the physical separation of the departments. This includes:
Defining an information policy which covers on-site and remote working, and ensuring that everyone has an in-depth understanding of what it entails
According to a recent IBM survey, 45% of people working remotely supported that their firms provided no appropriate training
on securing devices at home. Compliance teams need to understand and educate individuals on what the information policy looks like, how it adapts depending on the location of employees, and how it can monitor for breaches in either scenario. Of course, this
is much easier if everything and everyone is in one place and is complicated in remote working conditions.
Monitoring interactions between segregated groups without having to manually review communications
Reading all emails and listening to all voice calls is just not a feasible assumption. Firms need to deploy technologies that can actively transcribe, analyse, and monitor communications – flagging any suspicious behaviours or activities that meet specific
criteria. The role of surveillance needs to move away from reactive monitoring to proactive rule creation, where risks are identified, managed, and mitigated before information breaches, misconduct, market abuse or other risks have occurred.
Overlaying both structured and unstructured data
There are significant advantages in using a single platform to overlay structured data (such as transaction or order details) alongside unstructured data (such as communications). When this information is overlaid on a single platform, compliance teams can
gain additional insight to detect siloed and combined breaches of market abuse, information barriers and other risks. A data-centric approach to compliance enables
truly holistic oversight and proactive identification of risks. Regulated firms are already capturing transaction details, documents, communications, meeting minutes and more as part of their record keeping obligations. Integrating these pieces of information
into a system that uses rules and policies to actively monitor across all the data sets, helps to reduce the risk of missing key breeches set around ethical communication walls. With all the information in one place, it becomes easier for firms to apply sensitivity
labels to classify confidential data and set up customised alerts based on the access.
Actively monitoring for breaches
Your policies surrounding active communication monitoring and information sharing should also include relevant workflow and case management tools. Who should be alerted? How will you act on the details? How proactively should you use the information collected
to enhance future rules and policies? These are all questions that you should be considering on an ongoing basLooking ahead
As the ability to work remotely becomes accepted across the industry, digital communications will increase. Compliance officers cannot prohibit information sharing in its entirety but need to use efficient systems that enable employees to share information
according to the organisation’s policy.
Whilst there is a plethora of intelligent and highly automated solutions available in the market today that enable effortless compliance, many organisations continue to rely on legacy technology. A common objection to upgrading processes or deploying new
systems is the initial capital outlay and effort required. However, as regulators across the world continue to work together to ensure markets preserve the highest standards of integrity, perhaps this no longer is an option? Lockdown hopefully has made it
clear to organisations that they need to prioritise their compliance processes, focus on their data, and modernise their technology.