Email surveillance in uncertain times

Published on May 29, 2020 by Suresh Chavali

With most of the world in quarantine, companies have been forced to move to a fully remote operating model. Employees are using electronic devices and platforms such as email, text messaging, instant messaging platforms such as Slack, and social media such as Facebook and LinkedIn to communicate with their co-workers and clients. Communication via the electronic medium is convenient and instant, but increased use may lead to risk of revealing confidential and internal information to external parties.

Email remains the most comprehensive format of the electronic communications landscape, but new platforms such as social media are being used increasingly, as a result of which companies are struggling to govern employee use of social media for business communication. We believe implementing a robust surveillance programme will help companies ensure they foster a strong culture of compliance in these challenging times.

1. Companies first need to identify all methods being used to communicate with external and internal stakeholders, and ensure that all these methods are approved.

2. They also need to ensure they have comprehensive oversight policies in place for all methods of electronic communication, particularly via social media and mobile devices.

3. They should increase the frequency of review, due to the increased use of electronic communication. Companies that typically conduct quarterly or monthly reviews could look at moving to semi-weekly or weekly reviews, so they could detect inappropriate communication sooner.

4. They would also need to review their lexicons to include terms specific to the current environment, such as the following:

i.Insider trading

ii.Cybercrime

iii.Undisclosed client complaints

iv.Sharing of proprietary/confidential information

v.Distribution of unapproved and non-compliant marketing material

vi.Potentially fraudulent statements

vii.Conversation on personnel figures

viii.Improper or undisclosed political contributions

ix.Inappropriate gifts

x.Job searching

xi.Inappropriate workplace behaviour

xii.Operational risk

xiii.Wall-crossing

xiv.Use of an unapproved medium of communication

xv.Trade with an unvetted client

5. Companies should work towards developing and implementing a policy that allows business communication only over approved devices and that restricts the use of personal email accounts for business purposes.

To cover all aspects of business and mitigate risk, companies are focusing on samples based on restricted lists, hot words, and target searches (heightened supervision) for vulnerable employees. They are also engaging in random sampling to ensure no important electronic communication is overlooked.

Amid the current pandemic, client account- and KYC-related fraud has increased, causing companies to enhance surveillance and introduce methods to deal with identity theft, KYC-related fraud, insider trading and wall-crossing, and provide advice to individual clients, communication between private and public side.

How Acuity Knowledge Partners can help:

We help companies conduct a thorough review of electronic communication in this challenging environment. Our team of experts reviews activities that concern our clients the most, and escalates potential issues for review and resolution. Our flexible engagement model enables clients to work with us in a temporary or ongoing capacity specifically tailored to their needs.

---

---