Application security, Endpoint/Device Security, Endpoint/Device Security, Asset Management, Endpoint/Device Security, Endpoint/Device Security

Security, compliance challenge financial firms’ efforts to use collaborative tools

Share
Meeting security and compliance demands are working in opposition to convenience, according to a new report. (Microsoft)

Financial services institutions (FSIs) are trying their best to to implement collaborative tools in their applications and on their websites to better communicate and work with their retail and business customers online and on their mobile devices.

However, as is often the case, meeting security and compliance demands are working in opposition to convenience, according to a report released Wednesday by Theta Lake, a collaboration and security compliance solutions provider.

The annual report, dubbed the Modern Communications Survey Report: The Security and Compliance Risks of Collaboration Tool Usage in Financial Services, is based in part on a survey of 100 financial industry technology experts in the second quarter of 2021.

Indeed, the report found that online video and chat usage implementations by financial firms have jumped by more than 70% and 50%, respectively, since just last year. Collaborative tools have become more popular, essential even, in the wake of pandemic closures, which pushed many more people to use online and mobile banking services. Chat and video give online financial customers the best of human contact in a digital setting, which is hoped to bring more techno-laggards around to using online and mobile services for more than just account access, transfers and bill payment.

While Devin Redmond, co-founder and CEO of Theta Lake, said the majority of the findings “were not a surprise to us as they reflect what we've been hearing from our customers over the last two years … The survey validates these trends and the increasing concern that regulated firms have in monitoring the volume of content and the risks they pose to the organization.”

The survey found that FSIs are “most concerned with what can be shared in chat conversations or the accidental sharing of desktops in virtual meetings, and the fact that this all circumvents their existing email-focused compliance monitoring systems,” Redmond added.

Case in point: While more than 9 out of 10 (91%) of the FSI respondents to the Theta Lake report said their firms have put in place at least two of six digital collaboration tools, nearly two-thirds (63%) are still concerned that their ability to share data and connect with customers might circumvent email monitoring and archiving, and thus create new potential security and regulatory risks.

Based on the company’s work with customers and partners, Redmond said that the “biggest challenge [for FSIs] is that most firms are reliant on legacy architecture that is built to handle email. Video, voice, and chat conversations are media-rich and so fundamentally different than email, that the same platform cannot easily be used.”

“So much manipulation of that media-rich content must occur to fit into the email archives that it increases the complexity of managing and supervising it," he continued. “The result is suboptimal and cumbersome to use. So instead, firms turn off features and functionality in platforms.” According to the FSI survey, that very fear has caused 83% of FSIs to shut off central productivity and usability features on these collaboration platforms — including Zoom and Microsoft Teams — out of a sense that they might overstep regulatory demands or run the risk of creating new security vulnerabilities.

The pandemic and its related closures and limited access to branches has created a huge swell in demand for digital video and chat among FSIs and their customers last year. But that has not meant regulatory agencies, including the FDIC, the OCC, FINRA and the SEC, have not lightened up in their approach to compliance on the digital frontier. This year, many FSIs are focused on reconciling their need to offer and support collaborative tools, without running afoul of regulators or creating more security risk for their institution or their customers.

If anything, regulators are becoming more aware of these emerging digital collaborative tools and, as the pandemic is well into its second year, they are signaling that they are less apt to cut FSIs any slack here, as Redmond pointed out.

“The pandemic was the primary driver for the uptick. While collaboration was already moving in the direction of enabling more and more remote work or hybrid work, the pandemic accelerated that trend by a number of years,” Redmond said. “Now that it has proven itself as a better way of communicating than email alone, it is clearly here to stay regardless of remote, hybrid, or in-office working.”

Susannah Hammond, senior regulatory intelligence expert at Thomson Reuters, who also commented on the research in Theta Lake’s release, agreed that while, “The pandemic is said to have ‘turbo-charged’ digitalization…New, hybrid ways of working bring new risks — regulators are geography neutral — it doesn’t matter to them whether you are working from an office, or your garden shed, you still need to be able to evidence compliance and compliant activities.”

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.