Upcoming Events: FINRA and Gartner to Host Mobile Compliance Events

Members of the MobileGuard team will participate in the 2016 Gartner Security and Risk Management Summit in Washington DC as well as the FINRA Annual Conference in the next month.

The Gartner Security and Risk Management Summit, June 13-16, provides attendees with the tools and training needed to maintain cost-effective security and risk programs that support digital business and drive enterprise success. MobileGuard is enthusiastic about the opportunity to help educate and inform CIO’s, CISO’s, senior IT professionals as well as Chief Compliance Officer’s and risk management officials.

Additionally, MobileGuard will be attending and exhibiting at the annual FINRA Annual conference in Washington DC on May 23rd and 24th. The FINRA event focuses on financial services and the risk management compliance challenges modern enterprises face.

“These are two signature events very important to our industry,” said MobileGuard Founder and President, Todd M. Cohan. “MobileGuard will be available to discuss the many facets of mobile compliance and how our suite of products ensures compliance for the mobile workforce today.”

Each of these venues provides MobileGuard a great opportunity to educate IT and compliance professionals on the challenges of employing a diverse mobile arsenal. From text message archiving and secure messaging to mobile call recording and effective mobile device management, Company staff will serve as resources during the events. “We have seen extraordinary activity around supporting text message archiving to satisfy public records, and Freedom of Information Act requests for all levels of government,” added Mr. Cohan.

Other upcoming Mobile Compliance Events include:
Washington Tech Summit
June 22, 2016
Topics include: Solving the dilemma of BYOD compliance

Compliance Week 2016
May 23-25, 2016
Washington DC

CISO Executive Summit
October 17-19, 2016
Skytop, PA

Advisors: Is Your Texting Compliant?

Text messaging has become an extremely popular way to communicate. According to Pew Research, the average person receives 41.5 text messages a day compared to just 12 phone calls. Young adults are much more avid texters, sending an average of 109.5 messages per day, which suggests that this form of communication will only become more widespread.

Financial advisors can’t ignore text messaging as a critical form of communication with clients, but compliance can be a lot more challenging since texting is harder to supervise, monitor, and archive. After all, text messages can take place via traditional SMS or via phone-specific platforms like Apple’s (AAPL) iMessage and Google (GOOG) Android’s Hangouts. These messages can also be sent across different devices, such as from a laptop or desktop computer to a mobile phone.

Let’s take a look at how the law reads and check some steps that financial advisors can take in order to ensure that they’re in compliance. (For related reading, see: Top Compliance Headaches for Financial Advisors.)

Interpreting the Law
NASD Conduct Rule 3110 and Section 17(a) of the Securities Exchange Act of 1934 require brokers and financial advisors to establish and maintain a system to supervise the activities of its associates that is responsibly designed to achieve compliance with applicable securities laws.

In particular, Rule 3110 mandates the review of incoming and outgoing electronic correspondence and internal communications relating to the member’s investment banking or securities business. Section 17(a) further mandates that broker-dealers maintain records for at least three years, including original communications received and copies of all communications sent by members, brokers, or dealers relating to his or her business.

In 2014, the SEC charged several affiliated brokerage firms with failing to retain and supervise text messages sent or received by certain associated persons. The errors resulted from a faulty configuration of the BlackBerry Enterprise Server and the firm ended up paying a $275,000 fine. These problems could have been avoided by having the proper systems in place to ensure that text messages were securely archived for future reference. (For related reading, see: Compliance: The Price Companies Pay.)

Technology Solutions
The easiest way to ensure compliance with these laws is to manually archive all electronic communications by using company-approved devices. Some business smartphone makers such as BlackBerry provide enterprise software solutions to archive communications. The problem is that these solutions require that employees use a company smartphone to conduct work; many workers would rather use—and do use—their personal phone.

There are a growing number of technology solutions designed to make mobile compliance a lot easier for businesses. By archiving messages, financial advisors can ensure that they’re complying with Rule 3110 and proactively ensuring that e-discovery is easier in the event that problems occur. Many of these solutions also support bring-your-own-device (BYOD) policies and operate across multiple platforms, including Apple, Google, and Microsoft (MSFT).

MobileGuard and MobileIron are just two of many companies that offer SMS archiving, mobile voice recording, and secure messaging services delivered as a cloud-based or on-premises service. While these solutions can be somewhat expensive and time consuming to implement, they are significantly less than the fines that would be incurred for non-compliance, as well as any added costs associated with discovery during a lawsuit requiring text information.

The Bottom Line
Text messaging as a way to communicate between clients and financial professionals is growing in popularity, especially among the younger generation, which makes compliance even more important. With numerous securities regulations mandating the review and archiving of text messages, financial advisors should have the processes in place to ensure that they’re in compliance and following best practices. The good news is that there’s a lot of software out there that can help make the process easier for financial advisory firms. (For related reading, see: SEC Audits: What Financial Advisors Should Look Out For.)

This article was written by Justin Kuepper for investopedia.com

The Toll of Noncompliance

Noncompliance banking

New York, New York, September 13, 2013 – It’s no secret that many large US brokerage houses have come under scrutiny in the aftermath of the great recession, along with many of the practices that are blamed for bringing about the economic decline. As regulators continue to sort through the financial rubble and investigate these firms with a punitive eye, legal related expenses continue to amass at staggering levels.

 

According to today’s Wall Street Journal, in the past five years JP Morgan alone has run up a whopping tab of over $18 billion in legal related expenses. (Note: That’s $ billions – not $ millions). Facing at least seven separate investigations in areas ranging from trading oversight to mortgage bond sales to overseas hiring practices, the company continues to negotiate settlements with several different agencies, which still could lead to another $600 million in penalties. Bank of America and Citigroup, reported in the same article, face the same dilemma. In 2008 – 2012, each incurred legal related expenses  of $16.1 billion and $7.2  billion respectively. (WSJ: “Embattled JP Morgan Bulks Up Oversight,” Sept. 13, 2013).

 

In addition, with the SEC and FINRA now ratcheting up their regulations, it has become painfully clear to the financial industry that regulatory compliance is no longer a peripheral consideration, and measures must be taken to mitigate risk. To that end, according to the Journal, JP Morgan “plans to spend an additional $4 billion and commit 5,000 extra employees this year to clean up its risk and compliance problems, according to people close to the bank.” Without doubt, all financial firms are following suit, and corporate compliance departments are being granted greater autonomy and authority.

 

And contrary to the belief of many, “compliance” usually touches every employee in a company – not just its executives. For that matter, as an example, it may be easier and less conspicuous for a financial executive’s admin assistant to illegally divulge insider information than it is for an executive. For this reason and others, compliance policies need to be ubiquitous across the organization, clearly defined, well communicated, and enforceable, with the necessary resources in place to administer them. To be compliant comes at a cost, but in the final analysis, the investment may save a company from unexpected  fines, law suits and damage of reputation, which significantly out way the investment.

About MobileGuard

 

MobileGuard is the leading provider of mobile communications management solutions, and ensures compliance with all relevant regulatory bodies. MobileGuard’s patented solutions provide the monitoring, capturing, logging, archiving, and supervision of all communications on company mobile devices. MobileGuard’s mobile communication compliance solutions are provided as either a hosted platform or in the customer’s environment. To learn more, please visit www.MobileGuard.com.

Email: press@MobileGuard.com
Phone: 646 459 4354
Website: www.MobileGuard.com

How To Address The Sunshine Law Text Messaging Issue

The general rule of the Sunshine Law is that every person has the right to inspect or copy any public record made or received in connection with a transaction involving official business by a public body.

Public records include all documents, regardless of physical form or characteristics, and are not limited to traditional written documents: emails, SMS messages, letters, memos, maps, books, and recordings, all fall under the definition of “public records,” as they are a record made or received in connection with transactions of official agency business.

In this context, any public official who uses his or her mobile phone to exchange SMS messages or emails with another official, or with anyone else, should have the communication logged and archived, and it should be available to the public upon request, according on the Sunshine Law.

From this perspective, when a message sent to/from a commissioner’s mobile device disappears, that person could be the target of criticism, as in the recent case of Orange County commissioners who are now subject to an investigation initiated by the Florida Department of Law.

The FL. Statute sec. 119.011(1) (1995) expansively defines “public record” to include: “all documents, papers, letters, maps, books, tapes, photographs, films, sound recordings, data processing software, or other material, regardless of physical form, characteristics or means of transmission, made or received pursuant to law or ordinance or in connection with the transaction of official business by any agency.

So how can we avoid these cases? The fact is, there are multiple solutions: One of the possibilities could be to forward county-related text to an archive, similar to the one established for commissioner email. Another could be to hold each board member personally responsible for saving those text messages.

Yes, either of the aforementioned solutions could work, but there is one more alternative. And if you are looking to comply with the Sunshine Law, the method the department adopts should aim to be totally transparent for both sides: the user and the public.

A third-party tool that monitors, stores and provides easy access to all text messages initiated and received on the mobile device could be the answer.

Importance Of Internal SMS Monitoring Justified by David Petraeus Scandal

Most Companies monitor their employees SMS messages on business owned cell phones as well as email messages legally.  It has become a standard procedure to stay compliant with many of the regulatory mandates by FINRA, HIPAA and the FSA. The importance behind mobile recording and monitoring text messages is to ensure compliance as well as prevention of nefarious communications. Companies use their business phones for personal use which can cost the company a significant amount of money,  not to mention insider trading or any other immoral actions that can be monitored via Email, SMS and MMS.

The private sectors understand the importance of cell phone surveillance and has found it to be a very effective way to thwart any communications which can compromise an organization and its reputation.

But what about the public sector?

Reports suggest that the  David Petraeus case was built off of the discovery of inappropriate e-mails and text messages. Jill Kelley, a close personal friend of Petraeus, received threatening e-mails from an anonymous account and she asked an FBI agent to do some email and text message spying.  The agent discovered that the messages were being sent by Paula Broadwell, Petraeus’s biographer, and had also found e-mail correspondence that revealed the true nature of Broadwell’s relationship with Petraeus.

david petreaus

But why was this process so long? Was it because the top officials are immuned from such things like email and SMS monitoring and are not required to backup their SMS messages?  Does the public sector not take monitoring seriously enough? Does the government only monitor specific people?

This complicated love scandal proves that having one’s  text messages  stored and monitored can be very invasive to the personal life, but it is also necessary to the proper functioning of an organization or business.  It is challenging to keep track of all employees and their activities, but mobile recording and monitoring makes it much easier.

Wall street has realized the importance of Mobile Monitoring, now it’s time for the government to take it a little more seriously.

What You Don’t Know About Mobile Hacking

Whatever programmed thoughts you have about your phone being safe as long as it stays in your pocket—erase them now. The truth is: it is relatively easy to hack into a phone, even if it is smart.

Today, phones aren’t just devices we use to place calls. We use them to transfer money from one bank account to another. We store passwords and personal information on them. We video chat, instant message, play games and more. We are always more attached to our phones than we think. Ever caught that nosy guy sitting next to you on the train catching a not-so-sneaky glimpse of what you were texting, reading or playing on your phone? You were really annoyed, (weren’t you?) even though chances are he had no idea of what you were actually doing.

Because phones are evolving to smartphones and able to do incredible things they weren’t able to before, we are depending on them more than ever. Of course, hackers know this. One easy way to hack into a phone involves only the art of deceit and nothing more. “For instance, a would-be hacker might call you and pose as the phone company saying they need to update your account and need your password. Or the hacker might get enough of your information to call the phone company and pose as you,” says Robert Siciliano, a McAfee consultant and identity theft expert.

In the case that you do get this type of call, remember that your mobile carrier will never call you to ask for a password, even if they are doing an “update.” The general rule you should follow is to never give out passwords or personal information via phone, unless you have actually called first to ask for an update of some sort.

Hackers also know that many carriers still use default passwords for the phones they issue and a good number of people just don’t know to change them. This makes their job super easy—they can simply look up default passwords provided by carriers and use them to their advantage.

The best precaution you can take is to change your password occasionally.

In the widely known News Corp. scandal, “the now-closed News of the World paid bribes to police and intercepted the voice mails of celebrities, politicians and crime victims.” (Aug16th, WSJ) It is extremely likely that these phone hacks intro voicemails involved easy access to default passwords of victims who hadn’t changed them on their phones.

More technically adept hackers may “get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information.”

Because smartphones allow applications to be run on them, hackers can easily attach malicious codes to these applications that are downloaded on a daily basis. The “safe-in-my-pocket” thoughts should disappear—your phone doesn’t even need to be seen to be hacked. Be cautious of the applications you download, especially if you’re an Android user. Publishers are allowed to download their applications right into the Android market, so be careful.

The bottom line is: Be cautious about the activity you conduct on your phone. Fewer purchases via a website from your mobile device, fewer risky downloads and more password changes today may mean fewer headaches tomorrow.

 

Source: http://technewscast.com/technology/tech-buzz/mobile-hacking-how-safe-is-your-smartphone/

BROKER’S WORLD: Morgan Stanley Smith Barney Brokers Text Away

BROKER’S WORLD: Morgan Stanley Smith Barney Brokers Text Away

NEW YORK (Dow Jones)–Morgan Stanley Smith Barney to its brokers: U can text now.

The rule change, delivered in a memo in late January, allows brokers with firm-managed BlackBerries to use them for texting. It was prompted by requests from staff in the field, said a spokeswoman from Morgan Stanley Smith Barney, the brokerage joint venture of Morgan Stanley (MS). It makes the company the only big brokerage to allow the practice.

About 2,000 advisers and managers have firm-managed BlackBerries and are affected by the policy. Morgan Stanley Smith Barney will keep a record of the texts, to comply with industry regulations that it retain all electronic messages for three years. The company also says it will use the same process it has in place to review its staff’s emails.

A Morgan Stanley Smith Barney broker based in the Midwest said he doesn’t expect to start texting with his clients, but since he only carries one phone, he’s happy to have an easier way to communicate with his wife.

“For me, it’s more about how can I be the most productive, and that helps a little bit,” said the broker, who requested that his name not be used.

Spokeswomen for Bank of America Corp.’s (BAC) Merrill Lynch, and UBS AG’s (UBS) UBS Wealth Management America said their companies don’t allow brokers to use company-issued mobile devices to text. A spokesman for Wells Fargo & Co.’s (WFC) Wells Fargo Advisors said the company doesn’t issue mobile devices to its financial advisers, and those who use their own aren’t allowed to text clients.

As forms of electronic communication multiply and become more popular, financial services companies are struggling to keep pace in terms of policies and regulatory compliance issues. With the growing influence of smart phones, as well as social networking sites like Facebook and Twitter, the industry has been debating how to help brokers expand the ways they can reach out to clients.

“I think there is a very keen interest in the industry right now on how firms can utilize different technology to engage in business communications,” said Joseph Price, senior vice president of the advertising-regulation division of the Financial Industry Regulatory Authority, Wall Street’s self-policing organization.

Morgan Stanley Smith Barney’s new policy could put it a step ahead of the curve. Dan Nemo, chief operating officer of TextGuard, a company that helps firms monitor and archive communications sent through mobile devices, said he has spoken to brokers who have been frustrated when they have received texts from clients, but couldn’t reply.

“The broker wants to communicate with the customer and client the way the customer and client wants to communicate with them,” Nemo said.

(TALK BACK: We invite readers to send us comments on this or other financial news topics. Please email us at TalkbackAmericas@dowjones.com. Readers should include their full names, work or home addresses and telephone numbers for verification purposes. We reserve the right to edit and publish your comments along with your name; we reserve the right not to publish reader comments.)

  • Share:
    • facebook
    • Twitter
    • Digg
    • StumbleUpon
    • Viadeo
    • Orkut
    • Yahoo Buzz
    • Fark
    • Reddit
    • LinkedIn
    • del.icio.us
    • MySpace

 

Mobile Voice Communication Now Regulated

On November 11, 2010 the Financial Services Authority, “FSA,” produced final rules regarding the use of mobile phones for business.  Consultation Paper, CP 10/7, Taping:  Removing the Mobile Phone Exemption, explicitly states that company used mobile phones must be recorded and stored.  After a number of financial scandals that have rocked the financial services industry, the FSA has finally taken action.   This new change will apply to banks; stockbrokers; investment managers, including hedge fund managers; financial and commodity derivatives firms.[1]

The FSA did take the objections by financial firms under consideration, and as a result, firms will have a year to comply with the new standards and to develop policies and procedures reasonably designed to prohibit the use of non-company issued mobile phones for business purposes.  In addition, the FSA recognizes that firms will need to store huge amounts of data and as a result they limited the record retention time frame of the communications to 6 months.  It is important to note that financial firms will need to determine if their business models require them to be subject to the FSA’s mobile taping rule requirements.

Firms are going to need to conduct a risk assessment and determine who uses company issued mobile devices.  The next issue will be how can companies develop reasonable policies and procedures designed to prevent the use of non-company mobile phones for business purposes?  One way to accomplish this is by having all personnel sign a statement of understanding acknowledging that they have read the new policies and procedures, understand them, and attest that they will not use non-company assets for business purposes.  Within the procedures, firms must explain where these attestations will be maintained and how the policies and procedures will be tested.  If firms use an outside vendor for mobile compliance, the firms should get a statement from the vendor that the data is stored in a write once read many type format and that the vendor has policies and procedures reasonably designed to protect the integrity and security of the data.

Mary Schapiro, the Chairman of the Securities and Exchange Commission, “SEC,” and Lord Turner, the Chairman of the FSA held meetings on November 15th to discuss cross border regulatory co-ordination.  As more scandals are uncovered and the individuals prosecuted, regulators will push to gain access to more information.  Since the technology exists and the need for such regulation exists, it is only a matter of time before the SEC and State Securities regulators are pushing for similar rules and regulations regarding the use of mobile phones for business purposes.


[1] http://www.fsa.gov.uk/pages/Library/Policy/Policy/2010/10_17.shtml

The Need for Mobile Compliance

According to the CTIA–The Wireless Association, by December 2009 Americans sent 1.5 trillion texts on annualized rate.[i] According to the industry, as more smartphones become prevalent in business applications the use of text messages in commerce will only increase.  In addition, more companies are utilizing text messages as a way to keep in touch with their clients.  This increase has not only been in the financial services industry where the speed of information delivery can affect the profitability of a transactions but text messaging has found its way in to other industries such as pharmaceuticals.  In September 2010, Rite Aid decided to allow customers to subscribe to mobile alerts with regard to prescriptions.  More companies will follow this trend; failure to do so might result in a loss of competitive advantage.  As a result, CIO’s must ensure that their companies are compliant with the applicable rules and regulations.  If executives fail to take the risk seriously they may find themselves in the middle of a lawsuit.

The use of text messages has become so prevalent in today’s society that it has started to displace normal forms of communication, i.e. phone calls and physical interaction.  The human resource departments must be aware of this shift and address this in context with their sexual harassment policies.  “Sexting,” an individual could be construed as sexual harassment.  In Calmut County, Wisconsin the District Attorney has resigned over a “sexting” sexual harassment claim.  In 2009, the DA sent sexually explicit to a domestic violence victim in which he was prosecuting the boyfriend, which further victimized the woman.[ii] This type of sexual harassment case will only increase in volume as more people begin to use texting.

So what is a CIO or senior executive to do with regard to corporate policies and procedures?  The first thing all senior executives must do is evaluate their procedures with regard to the use of electronic communication devices.  The next would be to determine what type of electronic infrastructure they currently have and where the potential exposure is.  There are two different routes executives can take: write a set of procedures that forbid the use of such technology in the workplace, which is not practical; or obtain an electronic communications software application and that filters these phones or an application that completely censors this type of text.  One of the leading manufacturers of smartphones, Apple, Inc., has had a patent recently approved which will allow all “sexting” messages to be blocked.[iii]

These filters are only as good as the person that designs them and fail to do the most important thing; they only filter and block, they are not proactive in identifying potential risks and they do not capture pertinent data.  However, compliance solutions such as TextGuard’s SMS mobile compliance software allows for the collection and filtering of messages in a compliant manner.  This enables senior executives to evaluate current trends and gives greater legal protection to the corporation since this type of compliance monitoring indicates that the company reviews such messages for inappropriate behavior, illegal behavior, and unethical behavior.

[i] CTIA–The Wireless Association® Announces Semi-Annual Wireless Industry Survey Results, March 2010, http://www.ctia.org/media/press/body.cfm/prid/1936

[ii] Gannett Wisconsin Media, Jim Collar, October 5, 2010

[iii] Tech Week, Critics Welcome Apple’s Anti-Sexting Technology

Text Messages Provide a Wealth of Documentation for Litigators

Unlike emails, text messages have a limited lifespan, in that they cease to exist after a period of time.  Since the use of text messaging is increasing, it is inevitable that there will be an increase in lawsuits involving text messages.  In the financial services sector, text messages are seen as a form of electronic communication and need to be treated like emails with regard to the preservation, review, and approval of messages.  It is only a matter of time before all industries are held to this high of a standard.

According to Winchester and Maines writing for The New York Law Journal, “…the party who fails to take appropriate steps to preserve text data and content may face sanctions of spoliation if it can be shown that this information should have been considered reasonably likely to be important at the time it existed.”[i] The strategy of senior executives should be that of preserving corporate profits by mitigating the amount of exposure they have with regard to text messaging.

As citizens we have the right to review what our elected officials are discussing via emails.  However, government officials have been able to skirt the public disclosure laws by conducting communications through text messaging.  According to a reporter, Erica Barnett, she was unable to obtain the text messages for a Seattle City Council member even though the text messages are subject to the same disclosure laws as emails.[ii] Corporations are responsible for ensuring that all electronic communication can be made readily available to regulators, so why shouldn’t our elected officials be held to such high standards?

In 2010, after inquiries made by taxpayers and the media, some senior city officials and five City Council Members of Bell, CA were involved in a pervasive scandal that swindled millions from the tax payers of Bell.  These individuals were paying themselves high salaries and embezzling city funds and they currently face criminal charges.  As a result, the state of California wants to put the city in receivership, but the city cannot come to agreement with the state.  The State Deputy Attorney General, Jim Hines, stated, “Our main goal has been to ensure accountability and transparency in city management until new elections can be held and to do so without imposing high costs…”[iii] If municipalities were required to have a text messaging compliance software package, our elected officials might think twice before conducting fraudulent activities.

Mobile compliance solutions such as TextGuard’s SMS mobile compliance software allow for the collection and filtering of messages in a compliant manner.  This ensures elected officials are held to a high standard where accountability and transparency exists and empowers the everyday citizen to make sure their elected officials act accordingly.  It also allows for prosecutors to obtain evidence of any inappropriate, illegal, or unethical behavior.

[i] New York Law Journal, Harvesting Evidence From the Sea of Text Messages, Alan M. Winchester and Russell E. Maines, October 06, 2010

[ii] Publicola, Council Members’ Text Messages Not Subject to Public Disclosure, Erica C. Barnett, Tuesday, February 23, 2010

[iii] Los Angeles Times, Legal fight looms over control of Bell, Jeff Gottlieb and Ruben Vives, October 14, 2010

 

Creative design from the South

Get in touch with us!