The Toll of Noncompliance

Noncompliance banking

New York, New York, September 13, 2013 – It’s no secret that many large US brokerage houses have come under scrutiny in the aftermath of the great recession, along with many of the practices that are blamed for bringing about the economic decline. As regulators continue to sort through the financial rubble and investigate these firms with a punitive eye, legal related expenses continue to amass at staggering levels.

 

According to today’s Wall Street Journal, in the past five years JP Morgan alone has run up a whopping tab of over $18 billion in legal related expenses. (Note: That’s $ billions – not $ millions). Facing at least seven separate investigations in areas ranging from trading oversight to mortgage bond sales to overseas hiring practices, the company continues to negotiate settlements with several different agencies, which still could lead to another $600 million in penalties. Bank of America and Citigroup, reported in the same article, face the same dilemma. In 2008 – 2012, each incurred legal related expenses  of $16.1 billion and $7.2  billion respectively. (WSJ: “Embattled JP Morgan Bulks Up Oversight,” Sept. 13, 2013).

 

In addition, with the SEC and FINRA now ratcheting up their regulations, it has become painfully clear to the financial industry that regulatory compliance is no longer a peripheral consideration, and measures must be taken to mitigate risk. To that end, according to the Journal, JP Morgan “plans to spend an additional $4 billion and commit 5,000 extra employees this year to clean up its risk and compliance problems, according to people close to the bank.” Without doubt, all financial firms are following suit, and corporate compliance departments are being granted greater autonomy and authority.

 

And contrary to the belief of many, “compliance” usually touches every employee in a company – not just its executives. For that matter, as an example, it may be easier and less conspicuous for a financial executive’s admin assistant to illegally divulge insider information than it is for an executive. For this reason and others, compliance policies need to be ubiquitous across the organization, clearly defined, well communicated, and enforceable, with the necessary resources in place to administer them. To be compliant comes at a cost, but in the final analysis, the investment may save a company from unexpected  fines, law suits and damage of reputation, which significantly out way the investment.

About MobileGuard

 

MobileGuard is the leading provider of mobile communications management solutions, and ensures compliance with all relevant regulatory bodies. MobileGuard’s patented solutions provide the monitoring, capturing, logging, archiving, and supervision of all communications on company mobile devices. MobileGuard’s mobile communication compliance solutions are provided as either a hosted platform or in the customer’s environment. To learn more, please visit www.MobileGuard.com.

Email: press@MobileGuard.com
Phone: 646 459 4354
Website: www.MobileGuard.com

Importance Of Internal SMS Monitoring Justified by David Petraeus Scandal

Most Companies monitor their employees SMS messages on business owned cell phones as well as email messages legally.  It has become a standard procedure to stay compliant with many of the regulatory mandates by FINRA, HIPAA and the FSA. The importance behind mobile recording and monitoring text messages is to ensure compliance as well as prevention of nefarious communications. Companies use their business phones for personal use which can cost the company a significant amount of money,  not to mention insider trading or any other immoral actions that can be monitored via Email, SMS and MMS.

The private sectors understand the importance of cell phone surveillance and has found it to be a very effective way to thwart any communications which can compromise an organization and its reputation.

But what about the public sector?

Reports suggest that the  David Petraeus case was built off of the discovery of inappropriate e-mails and text messages. Jill Kelley, a close personal friend of Petraeus, received threatening e-mails from an anonymous account and she asked an FBI agent to do some email and text message spying.  The agent discovered that the messages were being sent by Paula Broadwell, Petraeus’s biographer, and had also found e-mail correspondence that revealed the true nature of Broadwell’s relationship with Petraeus.

david petreaus

But why was this process so long? Was it because the top officials are immuned from such things like email and SMS monitoring and are not required to backup their SMS messages?  Does the public sector not take monitoring seriously enough? Does the government only monitor specific people?

This complicated love scandal proves that having one’s  text messages  stored and monitored can be very invasive to the personal life, but it is also necessary to the proper functioning of an organization or business.  It is challenging to keep track of all employees and their activities, but mobile recording and monitoring makes it much easier.

Wall street has realized the importance of Mobile Monitoring, now it’s time for the government to take it a little more seriously.

What You Don’t Know About Mobile Hacking

Whatever programmed thoughts you have about your phone being safe as long as it stays in your pocket—erase them now. The truth is: it is relatively easy to hack into a phone, even if it is smart.

Today, phones aren’t just devices we use to place calls. We use them to transfer money from one bank account to another. We store passwords and personal information on them. We video chat, instant message, play games and more. We are always more attached to our phones than we think. Ever caught that nosy guy sitting next to you on the train catching a not-so-sneaky glimpse of what you were texting, reading or playing on your phone? You were really annoyed, (weren’t you?) even though chances are he had no idea of what you were actually doing.

Because phones are evolving to smartphones and able to do incredible things they weren’t able to before, we are depending on them more than ever. Of course, hackers know this. One easy way to hack into a phone involves only the art of deceit and nothing more. “For instance, a would-be hacker might call you and pose as the phone company saying they need to update your account and need your password. Or the hacker might get enough of your information to call the phone company and pose as you,” says Robert Siciliano, a McAfee consultant and identity theft expert.

In the case that you do get this type of call, remember that your mobile carrier will never call you to ask for a password, even if they are doing an “update.” The general rule you should follow is to never give out passwords or personal information via phone, unless you have actually called first to ask for an update of some sort.

Hackers also know that many carriers still use default passwords for the phones they issue and a good number of people just don’t know to change them. This makes their job super easy—they can simply look up default passwords provided by carriers and use them to their advantage.

The best precaution you can take is to change your password occasionally.

In the widely known News Corp. scandal, “the now-closed News of the World paid bribes to police and intercepted the voice mails of celebrities, politicians and crime victims.” (Aug16th, WSJ) It is extremely likely that these phone hacks intro voicemails involved easy access to default passwords of victims who hadn’t changed them on their phones.

More technically adept hackers may “get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information.”

Because smartphones allow applications to be run on them, hackers can easily attach malicious codes to these applications that are downloaded on a daily basis. The “safe-in-my-pocket” thoughts should disappear—your phone doesn’t even need to be seen to be hacked. Be cautious of the applications you download, especially if you’re an Android user. Publishers are allowed to download their applications right into the Android market, so be careful.

The bottom line is: Be cautious about the activity you conduct on your phone. Fewer purchases via a website from your mobile device, fewer risky downloads and more password changes today may mean fewer headaches tomorrow.

 

Source: http://technewscast.com/technology/tech-buzz/mobile-hacking-how-safe-is-your-smartphone/

Apple iPhone IOS Enterprise Use and Mobile Compliance

iPhone Monitoring

With the increase,  (daily) into the enterprise marketplace, Apple’s IOS is missing a major feature prohibiting the use of iPhone’s as it pertains to the Electronic Communications Compliance rules and regulations for archiving and monitoring messages.  Presently, there is no way for a compliance solution like TextGuard to be able to capture the incoming and outgoing messages on the iPhone device.

Companies in every industry face many legal and regulatory challenges when it comes to electronically stored information (ESI) and messaging.  This does not change when that information is on a smartphone or PDA.  All US based companies are required to comply with the E-Discovery requirements of FINRA, FRCP as well as  Sarbanes-Oxley. Several industries impose additional complicated burdens due to sensitivity and risk. The financial services and healthcare industries face the most rigorous requirements and penalties for non compliance.

iPhone has been ranked as the most popular smartphone for both enterprise users as well as consumers.  In fact, the overall consensus is that with the exception of battery life, satisfaction is close to 100%!   However, don’t ask the legal department or compliance administrators at companies who have employees using their iPhones for work.  They continue to be challenged as to how to monitor and archive the SMS messages which are being sent to and from the device.

We continue to (try to) work with Apple in allowing the required API’s for developers / users as well as the carriers who will also benefit from a mobile compliance solution for the Apple iPhone.  Please contact me if you would like to be informed of any updates as things progress.

Mobile Voice Communication Now Regulated

On November 11, 2010 the Financial Services Authority, “FSA,” produced final rules regarding the use of mobile phones for business.  Consultation Paper, CP 10/7, Taping:  Removing the Mobile Phone Exemption, explicitly states that company used mobile phones must be recorded and stored.  After a number of financial scandals that have rocked the financial services industry, the FSA has finally taken action.   This new change will apply to banks; stockbrokers; investment managers, including hedge fund managers; financial and commodity derivatives firms.[1]

The FSA did take the objections by financial firms under consideration, and as a result, firms will have a year to comply with the new standards and to develop policies and procedures reasonably designed to prohibit the use of non-company issued mobile phones for business purposes.  In addition, the FSA recognizes that firms will need to store huge amounts of data and as a result they limited the record retention time frame of the communications to 6 months.  It is important to note that financial firms will need to determine if their business models require them to be subject to the FSA’s mobile taping rule requirements.

Firms are going to need to conduct a risk assessment and determine who uses company issued mobile devices.  The next issue will be how can companies develop reasonable policies and procedures designed to prevent the use of non-company mobile phones for business purposes?  One way to accomplish this is by having all personnel sign a statement of understanding acknowledging that they have read the new policies and procedures, understand them, and attest that they will not use non-company assets for business purposes.  Within the procedures, firms must explain where these attestations will be maintained and how the policies and procedures will be tested.  If firms use an outside vendor for mobile compliance, the firms should get a statement from the vendor that the data is stored in a write once read many type format and that the vendor has policies and procedures reasonably designed to protect the integrity and security of the data.

Mary Schapiro, the Chairman of the Securities and Exchange Commission, “SEC,” and Lord Turner, the Chairman of the FSA held meetings on November 15th to discuss cross border regulatory co-ordination.  As more scandals are uncovered and the individuals prosecuted, regulators will push to gain access to more information.  Since the technology exists and the need for such regulation exists, it is only a matter of time before the SEC and State Securities regulators are pushing for similar rules and regulations regarding the use of mobile phones for business purposes.


[1] http://www.fsa.gov.uk/pages/Library/Policy/Policy/2010/10_17.shtml

The Need for Mobile Compliance

According to the CTIA–The Wireless Association, by December 2009 Americans sent 1.5 trillion texts on annualized rate.[i] According to the industry, as more smartphones become prevalent in business applications the use of text messages in commerce will only increase.  In addition, more companies are utilizing text messages as a way to keep in touch with their clients.  This increase has not only been in the financial services industry where the speed of information delivery can affect the profitability of a transactions but text messaging has found its way in to other industries such as pharmaceuticals.  In September 2010, Rite Aid decided to allow customers to subscribe to mobile alerts with regard to prescriptions.  More companies will follow this trend; failure to do so might result in a loss of competitive advantage.  As a result, CIO’s must ensure that their companies are compliant with the applicable rules and regulations.  If executives fail to take the risk seriously they may find themselves in the middle of a lawsuit.

The use of text messages has become so prevalent in today’s society that it has started to displace normal forms of communication, i.e. phone calls and physical interaction.  The human resource departments must be aware of this shift and address this in context with their sexual harassment policies.  “Sexting,” an individual could be construed as sexual harassment.  In Calmut County, Wisconsin the District Attorney has resigned over a “sexting” sexual harassment claim.  In 2009, the DA sent sexually explicit to a domestic violence victim in which he was prosecuting the boyfriend, which further victimized the woman.[ii] This type of sexual harassment case will only increase in volume as more people begin to use texting.

So what is a CIO or senior executive to do with regard to corporate policies and procedures?  The first thing all senior executives must do is evaluate their procedures with regard to the use of electronic communication devices.  The next would be to determine what type of electronic infrastructure they currently have and where the potential exposure is.  There are two different routes executives can take: write a set of procedures that forbid the use of such technology in the workplace, which is not practical; or obtain an electronic communications software application and that filters these phones or an application that completely censors this type of text.  One of the leading manufacturers of smartphones, Apple, Inc., has had a patent recently approved which will allow all “sexting” messages to be blocked.[iii]

These filters are only as good as the person that designs them and fail to do the most important thing; they only filter and block, they are not proactive in identifying potential risks and they do not capture pertinent data.  However, compliance solutions such as TextGuard’s SMS mobile compliance software allows for the collection and filtering of messages in a compliant manner.  This enables senior executives to evaluate current trends and gives greater legal protection to the corporation since this type of compliance monitoring indicates that the company reviews such messages for inappropriate behavior, illegal behavior, and unethical behavior.

[i] CTIA–The Wireless Association® Announces Semi-Annual Wireless Industry Survey Results, March 2010, http://www.ctia.org/media/press/body.cfm/prid/1936

[ii] Gannett Wisconsin Media, Jim Collar, October 5, 2010

[iii] Tech Week, Critics Welcome Apple’s Anti-Sexting Technology

Text Messages Provide a Wealth of Documentation for Litigators

Unlike emails, text messages have a limited lifespan, in that they cease to exist after a period of time.  Since the use of text messaging is increasing, it is inevitable that there will be an increase in lawsuits involving text messages.  In the financial services sector, text messages are seen as a form of electronic communication and need to be treated like emails with regard to the preservation, review, and approval of messages.  It is only a matter of time before all industries are held to this high of a standard.

According to Winchester and Maines writing for The New York Law Journal, “…the party who fails to take appropriate steps to preserve text data and content may face sanctions of spoliation if it can be shown that this information should have been considered reasonably likely to be important at the time it existed.”[i] The strategy of senior executives should be that of preserving corporate profits by mitigating the amount of exposure they have with regard to text messaging.

As citizens we have the right to review what our elected officials are discussing via emails.  However, government officials have been able to skirt the public disclosure laws by conducting communications through text messaging.  According to a reporter, Erica Barnett, she was unable to obtain the text messages for a Seattle City Council member even though the text messages are subject to the same disclosure laws as emails.[ii] Corporations are responsible for ensuring that all electronic communication can be made readily available to regulators, so why shouldn’t our elected officials be held to such high standards?

In 2010, after inquiries made by taxpayers and the media, some senior city officials and five City Council Members of Bell, CA were involved in a pervasive scandal that swindled millions from the tax payers of Bell.  These individuals were paying themselves high salaries and embezzling city funds and they currently face criminal charges.  As a result, the state of California wants to put the city in receivership, but the city cannot come to agreement with the state.  The State Deputy Attorney General, Jim Hines, stated, “Our main goal has been to ensure accountability and transparency in city management until new elections can be held and to do so without imposing high costs…”[iii] If municipalities were required to have a text messaging compliance software package, our elected officials might think twice before conducting fraudulent activities.

Mobile compliance solutions such as TextGuard’s SMS mobile compliance software allow for the collection and filtering of messages in a compliant manner.  This ensures elected officials are held to a high standard where accountability and transparency exists and empowers the everyday citizen to make sure their elected officials act accordingly.  It also allows for prosecutors to obtain evidence of any inappropriate, illegal, or unethical behavior.

[i] New York Law Journal, Harvesting Evidence From the Sea of Text Messages, Alan M. Winchester and Russell E. Maines, October 06, 2010

[ii] Publicola, Council Members’ Text Messages Not Subject to Public Disclosure, Erica C. Barnett, Tuesday, February 23, 2010

[iii] Los Angeles Times, Legal fight looms over control of Bell, Jeff Gottlieb and Ruben Vives, October 14, 2010

 

Compliance By MobileGuard!

By making the most of the advantages offered by mobile communication devices your staff can work harder, smarter and faster than ever before. However, at the same time you have the responsibility of making sure that your company is operating within the compliance requirements set out by the regulatory bodies who oversee your industry.

In general, these regulations cover several key areas: ensuring that mobile communications are secure, archiving all messages for retrieval if required, and monitoring employee communications. If these conditions are not met then it could mean serious consequences for your company. In the past, companies who have been convicted of not meeting compliance requirements have been fined anywhere from several thousand to millions of dollars.

MobileGuard’s solutions enable your company to maintain efficiency using mobile technology while working within current regulatory legislation and recently passed mobile mandates. With a MobileGuard solution in place, all mobile communications are monitored and archived according to the policies and settings you define. This technology is easily upgrade-able with new mobile communication compliance regulations when they arise.

Having a MobileGuard mobile communication compliance solution in place eliminates the data security problems presented by the use of mobile communication devices in industries where sensitive information is exchanged. Your staff can rely on the efficiency of instant communications, while you can have the confidence of knowing that the system in place will protect your company from liability.

MobileGuard provides complete mobile device compliance and message archiving for every industry, so your business can meet existing and future electronic information storage and retrieval regulations.

Creative design from the South

Get in touch with us!