Compliance, technology and data risk: Electronic communications and the modernisation of data governance control structures

Record-keeping and supervision rules regarding electronic communications (eComms) for financial institutions have been in place for as long as eComms have existed. The underpinning of these regulations is the view that the security, reliability, integrity and availability of information reflecting a financial institution’s activities are fundamental to the integrity of the financial markets. Over the last few years, the financial regulators have powerfully reminded the financial industry of the importance of the eComms record-keeping rules, launching dozens of off-channel eComms enforcement actions that have resulted in more than US$2bn of fines to date. With the rise in the variety and availability of individual eComms applications and the use of collaboration tools and generative AI (GenAI), the number and variety of channels available to employees for communications purposes are, however, growing exponentially. Even for sophisticated financial institutions, the resources required to effectively manage the pace of technological development and adapt compliance processes in this space can be overwhelming. This paper explores the regulatory approach to eComms compliance in a changing technology world and how financial institutions can appropriately manage eComms risk. It is possible to establish a robust control structure that meets regulatory expectations, accommodates business needs and keeps pace with changing technology. An effective eComms governance structure must, however, encapsulate processes that engage all key stakeholders, embrace innovation and integrate legal, compliance and IT reasoning that moves beyond reliance on individual employees and detection technology and incorporates data governance as a fundamental principle in business operations and technology development.