By Shira Rottner, Business Development Manager, Shield FC
The EU’s e-Privacy regulation, which is expected in 2019, is set to be the next major piece of legislation designed to protect the privacy and security of personal information. A step on from GDPR, e-Privacy protects meta data (as well as voice and email data) and will oversee and regulate privacy in ‘Over the Top’ eComms channels (i.e. social media and messaging) – something which many younger traders are already relying upon to do business.
Naturally, people in the finance sector are no different to those in any other industry. We all know there is a pronounced generation gap when it comes to using communication channels, with many younger people preferring to use the likes of Twitter, Instagram, LinkedIn and WhatsApp (and associated IM solutions) over more traditional emails or phone lines.
Legislation for the real world
There is nothing inherently wrong with this, communications have always evolved. However, legislation written even a decade ago is struggling to cope with protecting privacy on these new platforms.
To some older professionals it may look like the new e-Privacy law is one step ahead of trading trends by capturing all eComms data (including metadata). However, the truth is that financial firms are actually often a step behind in implementation and enablement of eComms and protection of the eComms data. Its time for the financial sector to think ahead!
There are good reasons why many traders have turned to newer eComms and messaging channels.
These channels are fast to use, instantly connecting with the right person in virtually any location via a personal device. Unlike waiting for an email response for example, they offer visibility of the message being received and a reply being sent. In a highly time-critical environment this makes perfect sense.
Understanding the potential benefits and pitfalls
One approach (albeit a very short-sighted one) is to clamp down on the communications channels used by traders. Most firms have their business emails and on-site voice communications securely stored and monitored in case of a discrepancy or investigation.
It would be very easy to insist no other channels are used – but the reality is that the traders will use these channels for communication and firms need to align with that.
The opposite approach can be just as damaging. Unregulated and uncontrolled use of social and mobile communications can leave the firm at serious risk of data breaches and subsequent regulatory scrutiny/punishment.
The fines can be eye-watering. Figures from Eversheds Sutherland [i] show that in 2017, FINRA (the Financial Industry Regulatory Authority) reported $8.3 million in fines for electronic communications cases. In the largest single case, a firm was fined $2 million for failing to implement a reasonable supervisory system to review emails. Unregulated and unmonitored communications are too big a risk to ignore.
The threats can be even harder to control if the organisation allows traders a degree of BYOD (bring your own device) flexibility in their role. How can a financial firm protect against data or privacy breaches on a platform and device it doesn’t directly control?!
Embracing digital transformation
Clearly neither banning eComms use or turning a blind eye to its use by traders are realistic approaches for any modern financial firm. The sensible approach is to embrace this digital transformation and to take ownership of it.
Many young traders and customers want to use the latest eComms to suit their preferences, so firms need to ensure this is enabled but also that devices and eComms channels are properly monitored and regulated. Ensuring all eComms data is properly collected, securely stored and available for investigation and reports at a moment’s notice ensures any breaches (or potential breaches) can be addressed immediately.
Meeting new e-Privacy Regulations
This approach will be even more important once the new EU e-Privacy Regulation comes into force. Interestingly though, the new legislation will also cover the privacy of the traders themselves, as well as customers and the firm.
Fines for non-compliance will on the same levels as GDPR (up to €20 million or up to four percent of worldwide annual turnover, whichever is the highest) – significantly serious enough to cause firms financial hardship as well as reputational damage.
Giving the people what they want
The next generation of traders are already shaping the future of the financial sector and the legislation is rapidly catching up too. There are considerable benefits to be gained from embracing change and savvy financial firms always understand this.
It is vital to first understand the evolution of eComms and then to employ the right RegTech solutions to ensure your business stays at the front of this change, rather than being left behind by it.