Information Management Chaos in Financial Services

March 24, 2015
Robert Cruz

Walking through downtown Palo Alto for lunch last week I noticed something a bit strange. Restaurants and cafes were strangely quiet. VCs, techies, and students were all focused on the big screens. Not watching a Cardinal game or talk show or The Price is Right. No, they were watching Janet Yellen, and parsing every word that could swing financial markets globally. Yes, hypersensitivity of financial information has returned. And yes, for the first time since the Great Recession, #FinServ was trending worldwide.

Now, within this hypersensitive climate, put yourself in the shoes of one tasked with protecting and delivering information within a global financial services firm. The volume of information you must manage with continues to grow at an unstoppable rate, and now you must also deal with an exploding number of tools that your advisors are using to collaborate, from Salesforce Chatter to Jive to all major social media platforms. You must keep apprised of a staggering number of regulatory mandates in all markets that you operate – as well as the sometimes severe consequences of missteps. And you must extend the life of current technology systems given pressure to remove costs, while also protecting sensitive information assets against an unprecedented level of cybersecurity threats.

All of which puts many firms in Information Management Chaos. Consider the following:

So, how can firms more effectively manage this state of chaos? For some, significantly ramping up regulatory tracking efforts and growing compliance staff are the first steps. Beyond these, firms should consider the following in order to regain control over information:

1) Adjust policies to reflect emerging communication channels: Acceptable use policies should be extended to reflect all authorized communication channels in use by the firm – in all markets that the firm participates in. Given the fluidity of regulatory guidance and quickly evolving nature of the tools, specific examples of acceptable and prohibited use of each channel should be provided.

2) Enable the capture and archive of social and collaborative content: Given the frequency of unauthorized access, firms should evaluate approaches to create visibility into tools currently in use, in order to quickly disable those users and tools that lack the proper credentials. For those that are sanctioned for communication with clients, firms should capture and archive content per applicable mandates from FINRA, SEC, FFIEC, and FCA.

3) Leverage existing supervisory tools and workflow: If possible, firms should seek to minimize disruption to current supervisory and processes by utilizing existing review processes and workflows. Extending current technologies can help to avoid compliance exposure created during lengthy and complex technology migration tasks.

4) Fully incorporate measurement of cybersecurity risk into compliance processes: As noted by both FINRA and SEC, creating and actively managing a cybersecurity program will be an area of increased focus in 2015. Ensuring that cybersecurity expertise is interwoven within risk management and compliance programs will help to improve alignment on a shared functional view of information risk.

5) Double down on compliance training: All processes and technologies will be limited in effectiveness without a corresponding up-leveling of information risk management training – for both users and compliance reviewers. Regulations, as well as capabilities of social communication channels, are fluid, so building a program that leverages best practices while incorporating shifts in regulatory focus is imperative

How Proofpoint Can Help

For more information on how Proofpoint can enable greater control over sensitive information for financial services firms, watch our latest on-demand webinar highlighting our recent enhancements in supervisory review, extended archiving support for Jive and other collaborative content, and integration with existing compliance tools.