“Knock knock” jokes can be funny, but if the regulator knocked on your door today, would you be smiling?
If you were asked to prove exactly what an individual customer saw and did on your website, at a specified moment in time, could you? How long would it take, and how confident are you that the results would be indisputable?
What if the activity in question occurred several years ago? Does your digital interaction record-keeping go back that far, and could you produce undeniable evidence within the statutory timescale?
Food for thought. You may think you have digital compliance covered already, but it is unlikely.
Oftentimes, financial institutions already use an e-commerce analytics solution (Tealeaf being the most commonplace) to record website visitor activity. These systems do a great job analyzing customer experience and behavior, and it would be easy to assume that the digital record-keeping provided by these solutions is sufficient to satisfy regulatory requirements. It’s not. They are not complete or accurate enough to satisfy the regulator.
Digital is the new norm
For many years, financial services firms have recorded phone calls, paper-based documents and email correspondence for regulatory purposes. However, digital channel control remains a compliance blind spot for many, despite the fact that digital business is the new norm. In recent years, the volume and complexity of financial services business conducted via digital channels – other than email – has sky-rocketed. From communicating with advisers, to comparing funds or executing financial transactions, many customers are now choosing online, mobile and social platforms to manage their financial affairs.
The law requires you to have a regulatory risk management solution in place that safeguards your clients, and all of your digital channels, by recording every digital interaction. Penalties for non-compliance range from hefty fines to jail sentences, so it is imperative that your processes and technology keep pace if you are to mitigate risk, safeguard corporate reputation and avoid legal sanctions, with success.
Anything less than 100% capture is not compliant
Our financial services customers tell us that anything less than 100% capture of all digital activity is non-compliant – simple as that. Several were unable to deliver necessary evidence with their legacy system. Capture rates of 84%, are acceptable in retail or e-commerce environments, where the focus is on user behavior and trend analysis, and there is no special requirement to retain the identity of the visitor or archive the data for many years. However, if the vital piece of evidence that will keep your financial services executives out of jail lies in the 16% of information you are failing to capture, you have a big problem.
Industry regulators are growing tired of firms that go part-way on compliance, and if you cannot produce indisputable evidence when asked to do so, your business (and your bosses) are at risk.
Could your legacy system prove your innocence?
To check whether you could withstand the scrutiny of the regulator, these are the questions to ask. If you (or more likely your IT team) are unable to answer a resounding “yes” to all of them, your business is at risk.
1. Can you record 100% of all digital activity, 24/7, including every user’s digital journey, and the personalized web experience or custom content displayed to them?
2. Can you play back any digital interaction, with any individual, with just one click?
3. Can you see exactly what the customer saw, without any requirement for log file analysis, or reconstruction of back-end system data?
4. Will you still be able to retrieve any digital interaction, instantly, for as long as the regulator requires it (3 to 10 years in most cases)?
5. Can your compliance team view these records, without asking IT for help?
If you answered “no” or were uncertain about the answers to any of the above, now is the time to review your own compliance status – before it’s too late.
What to do next?
Download free white paper Think you have digital compliance covered? Think again
Article originally published on Qumram