• wblogo
  • wblogo
  • wblogo

Collaboration platforms and compliance: the shock of the new

Mike Pagani, Smarsh, Sr director product marketing, 6 March 2018

articleimage

Slack, Microsoft Teams and Facebook Workplace represent the next generation of collaboration tools, but they come with their own compliance risks.

New collaboration platforms such as Slack and Facebook Workplace are rapidly gaining traction in businesses large and small. Younger workers have especially gravitated towards these tools because they are much more immediate and efficient than trading emails or voice messages.

However, such gains in workforce productivity can come with unforeseen compliance risks. With the introduction of recording-keeping and supervisory regulations such as the European Union's second Markets in Financial Instruments Directive, and with the General Data Protection Regulation looming, it is important for these companies to have a strong understanding of where the risks lie. People often overlook the fact that these new communication platforms are subject to the same regulatory requirements as other forms of electronic communications, such as emails and texts.

It was not that long ago when emails represented the reactive part of our business days. We spent our time reading and responding to the urgent ones as they popped into our inboxes. Not so, lately.

If your business environment is like most, a growing number of your employees are spending more time on Slack, or one of the growing number of similar collaborative platforms. If you are a consumer-facing business, then your marketing department is also using social media channels and apps to reach new customers and communicate with existing ones, largely replacing email marketing as it does so.

These new team-oriented collaboration platforms and social media app-driven channels are shifting the way we communicate electronically for business purposes and how we work with each other. Let us take a closer look at these platforms and the compliance risks that they might pose.

Collaboration platforms

Slack is the progenitor of the new category of collaboration platform offerings, but it is only one of several platforms that are rapidly gaining traction and competing to be the corporate standard for team-based non-email communications. Other vendors in this proving ground include Microsoft, with Microsoft Teams; Facebook, with Workplace by Facebook; and Cisco with Cisco Spark.

As the senior director of product marketing and chief evangelist at Smarsh, I often speak at conferences for regulated businesses. Throughout this year, I have been asking the audiences (usually made up of compliance, legal and IT men) if they are using, or planning to use, a collaboration platform like Slack in their business. Six months ago, only a few hands would go up. Today, the room is a sea of hands with only a few scattered islands in between.

Using Slack as an example, the numbers we are now seeing for adoption and daily usage back up the results of my straw polls out in the field.

Last October, Slack announced that it had passed the 6-million-user mark. A year prior, in October 2016, they had 4 million users. The other stat that caught my eye recently is the amount of time during which these users are active on Slack in working hourse, which is 320+ minutes per day on average according to numbers published by DMR. Given that a day still has the same number of hourse in it, it would be reasonable to say that that time has been stolen from email usage.

Why are so many people turning to these platforms? The answer is simple: productivity.

These collaboration platforms allow us to get a lot more done when compared with the use of email to work together on a common task, goal or initiative. Email was not designed for that type of task. It breaks down quickly when somebody tries to keep a group in sync because people answer older messages in a rapidly evolving thread, or inadvertently spawn a new thread that complicates things quickly.

Also in aid of productivity, these new platforms feature instant messaging (IM), persistent chat, video/audio calls, online meetings, and file-and-document sharing with version control in an all-in-one, unified way. This is far better than the need for employees to go in and out of separate products all day long.

All of this is great news. The collaboration and social platforms can only mature and become more capable as they add more features. There is, however, a problem for regulated businesses.

The compliance risk

Businesses are taking Slack on in a way that regulators are not prescribing. A user can download the free Slack application from the web and deploy it among his teams in a matter of minutes, and all without any need to ask the IT department for help. This is a big part of the reason why the number of Slack users is growing so rapidly. Slack cashes in on this 'freemium model' later when the business starts to demand more advanced software that goes beyond the free version.

The following is the latest example of 'shadow IT' and is a very real situation for most firms we talk to these days.

Article 16(7) of MiFID II requires financial firms to record all “telephone conversations or electronic communications relating to, at least, transactions concluded on own account and the provision of client order services that relate to [the] reception, transmission and execution of client orders.” Furthermore, firms must take reasonable steps to prevent employees or contractors from making "relevant communications" through privately-owned equipment which those firms cannot record or copy.

The GDPR, which is to take effect on 25th May of this year, will impose yet more regulation regarding the recording and archiving of digital communications through Article 6, whose title is “Lawfulness of Processing.”

Because collaborative platforms are ubiquitous and enable users to communicate anywhere and through any device, they pose a real threat to compliance with these rules. The rise of this latest 'shadow IT' phenomenon makes it ever more difficult for a compliance officer to oversee the things that his firm's employees are discussing and to identify the platforms on which they are doing it.

If firms want to benefit from the skyrocketing productivity that these platforms offer, they will have to make their teams well aware of the compliance risks first. The good news is that comprehensive archive technology has progressed and the leading vendors have active relationships with Slack and other emerging collaboration-platform vendors to provide archiving connections that capture the messages directly, then index, supervise and store them in a search-ready state alongside all other forms of electronic communications that the firms are using.

The bottom line here is this: your firm ought to strive for both compliance and productivity as new information technology emerges. If you do not, you might succeed with one at the expense of the other.

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll