www.cpomagazine.com
Open in
urlscan Pro
2606:4700:3033::ac43:be7c
Public Scan
Submitted URL: https://info.thinkbreakwater.com/lnk/AWkAAAOr6tgAAAAB73oAAAfZ0nkAAAAAuDEAAJ5kAB5T_ABjbQ_Rxsmc4s0sS-iUJFRqo2VKrAAcxPY/5/R62YJtzkrP...
Effective URL: https://www.cpomagazine.com/cyber-security/electronic-records-and-communication-governance-really-does-matter/?utm_campaign=...
Submission: On November 10 via api from US — Scanned from DE
Effective URL: https://www.cpomagazine.com/cyber-security/electronic-records-and-communication-governance-really-does-matter/?utm_campaign=...
Submission: On November 10 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST https://cpomagazine.activehosted.com/proc.php
<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_636D301C8BD46_" class="_form _form_5 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="636D301C8BD46" data-name="u">
<input type="hidden" name="f" value="5" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="d240e398b8e8a98f75f144ff69a26173" data-name="or">
<div class="_form-content">
<div class="_form_element _x77566567 _full_width _clear">
<div class="_form-title">Stay Updated</div>
</div>
<div class="_form_element _x15145207 _full_width _clear">
<div class="_html-code">
<p>Get notified of new articles and relevant events.</p>
</div>
</div>
<div class="_form_element _x05506158 _full_width ">
<label for="email" class="_form-label"></label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _field2 _full_width ">
<fieldset class="_form-fieldset">
<div class="_row">
<legend for="field[2][]" class="_form-label">
</legend>
</div>
<input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
<div class="_row _checkbox-radio">
<input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
<span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
</div>
</fieldset>
</div>
<div class="_button-wrapper _full_width"><button id="_form_5_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
<div class="_form-branding">
<div class="_marketing-by">Marketing by</div>
<a href="https://www.activecampaign.com/?utm_medium=referral&utm_campaign=acforms" class="_logo">
<span class="form-sr-only">ActiveCampaign</span>
</a>
</div>
</form>POST https://cpomagazine.activehosted.com/proc.php
<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_636D301C8F9B5_" class="_form _form_1 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="636D301C8F9B5" data-name="u">
<input type="hidden" name="f" value="1" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="f9d5810c021a3da06b72bb605fab2d6d" data-name="or">
<div class="_form-content">
<div class="_form_element _x61394459 _full_width _clear">
<div class="_html-code">
<p>Get notified of new articles and relevant events.</p>
</div>
</div>
<div class="_form_element _x31449036 _full_width ">
<label for="email" class="_form-label"></label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _field2 _full_width ">
<fieldset class="_form-fieldset">
<div class="_row">
<legend for="field[2][]" class="_form-label">
</legend>
</div>
<input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
<div class="_row _checkbox-radio">
<input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
<span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
</div>
</fieldset>
</div>
<div class="_button-wrapper _full_width"><button id="_form_1_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
</form>POST https://cpomagazine.activehosted.com/proc.php
<form method="POST" action="https://cpomagazine.activehosted.com/proc.php" id="_form_636D301C93579_" class="_form _form_1 _inline-form _dark" novalidate="">
<input type="hidden" name="u" value="636D301C93579" data-name="u">
<input type="hidden" name="f" value="1" data-name="f">
<input type="hidden" name="s" data-name="s">
<input type="hidden" name="c" value="0" data-name="c">
<input type="hidden" name="m" value="0" data-name="m">
<input type="hidden" name="act" value="sub" data-name="act">
<input type="hidden" name="v" value="2" data-name="v">
<input type="hidden" name="or" value="584b191cb5beebe4fb9e8048e862122c" data-name="or">
<div class="_form-content">
<div class="_form_element _x61394459 _full_width _clear">
<div class="_html-code">
<p>Get notified of new articles and relevant events.</p>
</div>
</div>
<div class="_form_element _x31449036 _full_width ">
<label for="email" class="_form-label"></label>
<div class="_field-wrapper">
<input type="text" id="email" name="email" placeholder="Type your email" required="" data-name="email">
</div>
</div>
<div class="_form_element _field2 _full_width ">
<fieldset class="_form-fieldset">
<div class="_row">
<legend for="field[2][]" class="_form-label">
</legend>
</div>
<input data-autofill="false" type="hidden" id="field[2][]" name="field[2][]" value="~|" data-name="consent">
<div class="_row _checkbox-radio">
<input id="field_2I agree to the privacy policy" type="checkbox" name="field[2][]" value="I agree to the privacy policy" data-name="consent">
<span><label for="field_2I agree to the privacy policy">I agree to the privacy policy</label></span>
</div>
</fieldset>
</div>
<div class="_button-wrapper _full_width"><button id="_form_1_submit" class="_submit" type="submit">Submit</button></div>
<div class="_clear-element"></div>
</div>
<div class="_form-thank-you" style="display:none;"></div>
</form>GET https://www.cpomagazine.com/
<form method="get" class="search tipi-flex" action="https://www.cpomagazine.com/"> <input type="search" class="search-field font-b" placeholder="Search" value="" name="s" autocomplete="off" aria-label="search form"> <button
class="tipi-i-search-thin search-submit" type="submit" value="" aria-label="search"></button></form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products. With your
permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting.
Please note that some processing of your personal data may not require your
consent, but you have a right to object to such processing. Your preferences
will apply to this website only. You can change your preferences at any time by
returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
*
*
* Home
* News
* Insights
* Resources
*
*
*
*
Cyber SecurityInsights
·4 min read
ELECTRONIC RECORDS AND COMMUNICATION – GOVERNANCE REALLY DOES MATTER
Dan Manners·September 7, 2022
TwitterFacebookLinkedIn
Corporate governance may not be the most exciting part of the day, but good
corporate governance is exactly what is needed to ensure your firm is not making
the headlines for the wrong reasons.
Highly regulated industries such as US Broker Dealers, Health providers and
Insurance firms all have long-standing regulatory requirements for the retention
of corporate records and communications. For the US Broker Dealers, the SEC rule
17a(4) which mandates this requirement was originally established in 2003. The
fact that this record keeping obligation had been established in the early
2000’s does not make the job of compliance any easier. Arguably the challenge
today is even harder especially when considering (1) the sheer proliferation of
electronic communication tools available, (2) the ability to use personal mobile
devices for corporate communications and (3) most recently, the global pandemic
which has introduced both the full time remote and hybrid workplace scenarios.
Each of these factors contribute in a unique way to exacerbate the challenge of
compliance.
Financial services firms have been under heightened scrutiny, after several
high-profile regulatory enforcement actions. The commonality was the use of
unapproved channels, including WhatsApp, text messaging, and personal emails for
corporate communications. The SEC noted in one action that the bank “did have
policies and procedures in place, that employees were advised that the use of
unapproved electronic communications methods, including on their personal
devices, was not permitted, and they should not use personal email, chats or
text applications for business purposes”.
This highlights that even with good policies and procedures in place, compliance
challenges evolve over time, are based upon many variables and governance needs
to be proactively revisited and adjusted when necessary. The SEC went on to
state “As a result of the findings in this investigation, the SEC has commenced
additional investigations of record preservation practices at financial firms”.
True to this statement the SEC has been conducting industry “sweeps” to
determine if similar issues exist across the financial industry.
Given the proliferation and accessibility of electronic communication tools
especially on personally owned mobile devices, and the challenges of being able
to reinforce corporate culture on the remote and hybrid workforce, the critical
question has become: how do governance models need to adapt? In synthesizing
decades of industry best practices and guidance from the Department of Justice
(DOJ), below are seven recommendations proven effective for strengthening
corporate governance frameworks, which apply across industries:
1. Revisit policies and procedures – Long gone are the days in which polices
can be written, posted on the policy portal, and assumed to be found and
followed. Firms need to go back to those policies and scrutinize them with
an eye on; how the organization will prove that the policy has been well
communicated, how the policy provides for governance, and most importantly
how the organization will show it as being effective. This is one of the
first very first stops for any regulatory review.
2. Tone from the top – Management tone is never more apparent as when there is
the need to deal with issues of non-compliance. The broader organization
takes its cues from these events and as part of a regulatory review,
regulators will review how previous infractions were managed. In one
publicly available example, senior managers that violated policies were
subject to termination.
3. Challenge the status quo – While formal governance committees have
traditionally been established for some time, this committee needs to
challenge the status quo such as revisiting previous decisions like the use
of Bring Your Own Device (BYOD). An option here may be to rotate individual
members who participate in the governance committee within each represented
functional area.
4. Regular attestation – Reminders and attestations to regulated personal
should be frequent, with some firms requiring this even weekly. This allows
firms to have evidence showing any deviation from the policy will be
considered intentional.
5. Business confidence and trust – Firms need to be innovative and act quickly
to build their trust with employees and accommodate the speed of business.
Two ways to enable trust and confidence are (1) create a risk-free amnesty
program where the business can disclose the use of un-approved tools akin to
a whistleblower hotline and (2) enable an efficient and nimble process to
evaluate new communication channels.
6. Bring Your Own Device (BYOD) – Without a firm’s ability to monitor personal
communications on devices which allow for both corporate and personal
communications, the risk of maintaining a BYOD program has been proven as
too high. Firms should look to roll back their BYOD program and once again
look towards issuing corporate locked down devices. All corporate issued or
sanctioned devices should only be able to perform communications routed
through the corporate infrastructure.
7. Revisit the technical architecture – The technical retention architecture
needs to become more flexible to accommodate for a faster speed of adoption
of new communication channels including both voice and data communications
or as noted above business confidence will be lost. Reliance here many
times is on the vendors who will need to step up to the challenge and push
their level of innovation, especially in the use of cloud technologies.
Requirements for regulated firms to retain business communications have been in
place for a long time. #Corporategovernance policies, procedures, and
technologies must ensure compliance in a new age of personal communication
devices & tools. #respectdataClick to Tweet
It’s clear, the requirements for regulated firms to retain business
communications have been in place for a long time. Firms had put in place,
policies, procedures, and technologies to ensure compliance. It is also just as
clear that we are entering a new age in which the governance over those same
policies, procedures and technologies needs to be looked at with a fresh new
perspective. Thoughtful changes to governance frameworks may be just the key in
both keeping up with change and keeping your firm out of the press.
Stay Updated
Get notified of new articles and relevant events.
I agree to the privacy policy
Submit
Marketing by
ActiveCampaign
TwitterFacebookLinkedIn
Tags
Corporate GovernanceRegulated Industries
Dan Manners
Director, Compliance & Risk Strategy at Breakwater Solutions
Dan Manners is a Director in the Compliance & Risk Strategy practice at
Breakwater Solutions and is based in New York, NY. Mr. Manners works with
clients to assess their data environment risk, establish strategies and roadmaps
to mitigate those risks, and operationalize programs of change. Prior to
Breakwater, Mr. Manners was a senior IT executive supporting Legal and
Regulatory Compliance functions at HKM Advisory Services, Deutsche Bank, and
Bankers Trust. At Deutsche Bank, Mr. Manners was directly responsible for
providing a global service supporting Deutsche Bank’s requirements for
eDiscovery and regulatory electronic communications archiving and a senior lead
in developing Deutsche Bank’s Group Information and Records Management function.
Mr. Manners has a BS from NY Institute of Technology.
LATEST
FIGHTING FIRE WITH FIRE: AI ON BOTH SIDES OF THE CYBERSECURITY BATTLEFIELD
YOUR ZERO TRUST STRATEGY SHOULDN’T HAVE AN ASTERISK BEHIND IT
FTC TAKES LEGAL ACTION AGAINST EDTECH OUTFIT CHEGG OVER YEARS-LONG STRING OF
DATA BREACHES
BED, BATH & BEYOND CONFIRMS A DATA BREACH FROM TARGETED PHISHING ATTACK
- Advertisement -
LEARN MORE
About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
STAY UPDATED
Get notified of new articles and relevant events.
I agree to the privacy policy
Submit
News, insights and resources for data protection, privacy and cyber security
professionals.
LEARN MORE
About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data
STAY UPDATED
Get notified of new articles and relevant events.
I agree to the privacy policy
Submit
FOLLOW US
© 2022 Rezonen Pte. Ltd.
* Home
* News
* Insights
* Resources
Start typing to see results or hit ESC to close
U.S. Data Breach Regulations EU GDPR Facebook
See all results