Regulators worldwide have increased enforcement efforts that target off-channel communications, yet employee use of personal messaging platforms for business purposes continues to grow. Recent enforcement actions by the SEC, CFTC, and other global regulators have resulted in billions of dollars in penalties tied to improper retention of business communications conducted through unauthorized messaging applications. As a result, companies must take steps to manage their off-channel communications, develop strategies to address their workforce needs, and find ways to embrace the productivity benefits of modern communication platforms, while ensuring proper compliance. 

Recognizing the Scope 

Companies and government agencies must first acknowledge that current compliance policies and solutions may not be effective in addressing the unique set of retention and preservation challenges posed by modern messaging platforms. Recognition starts with a clear understanding of where an organization’s off-channel messaging apps are being leveraged, and by whom. Many companies assessing their internal communications practices are quickly coming to terms with three realities: 

• The business use of off-channel communication apps by employees is much more widespread than previously thought.  
• Application and device usage policies have not kept pace with the rapid advancement of communication technologies and the breadth and velocity of regulatory enforcement. 
• Existing, in-place compliance technology solutions have not evolved to cover the rapid technical evolution of modern digital communication platforms. 

Each of these realities requires organizations to acknowledge the risks now in play, followed by quick attention to the next phase: adjustment.  

Modernizing Governance and Usage Policies 

Part of this assessment requires modification of an organization’s device and usage policy. Many existing device and acceptable-use policies, whether BYOD or corporate-managed, were not designed to address the rapid proliferation of modern messaging and collaboration platforms.. 

If an assessment confirms that at least one internal group is using off-channel communication apps to send or receive business information subject to archiving requirements, monitoring and archiving controls must be quickly adjusted. The technical challenges associated with expanding policies to cover modern communications must also be addressed. While the general approach may be similar, the technical complexities are much more significant.     

Enhanced messaging compliance requires an application solution that can capture all critical communications to and from employee users, regardless of whether the app is user controlled (WhatsApp) or managed by the business (Slack). Not surprisingly, off-channel message monitoring and archiving is an evolving industry with a variety of competitive solutions, often with different deployment configurations.  

Requirements for Messaging Compliance Solutions 

Regardless of the provider or technical approach, any comprehensive message archiving solution should include the following: 

• Robust security – Off-channel messaging can be a mix of personal and business content and extremely sensitive. Encryption and secure access controls to any archiving solutions are critical. 
• Comprehensive message retention – Capture all data across every monitored channel.
• Data retrieval and export functionality – Search and retrieval tools, including AI-driven features and seamless integrations with other compliance archiving and eDiscovery tools, should be included. 
• Automation – Look for solutions that can enhance your compliance team’s workflow efficiencies and process improvements. 
• Reporting and audit functionality – Track, track, track.  Who accessed these records, when, where, and how? This information is critical and often required in tightly regulated environments. 
• Data intelligence and threat response optimization – Analytics and threat detection – leverage monitoring capabilities to identify potential data exfiltration, intellectual property theft, insider threats, and policy violations.
• Scalability – The volume of off-channel messaging data can be immense. Choose a solution with proven scalability that can handle high message volumes.

Regulatory agencies have taken notice of lackluster message record keeping and are taking action. Companies need to adjust to this reality and take measures to fully manage both risk and exposure. While there are many policy and technical challenges to consider, organizations evaluating messaging compliance solutions should prioritize platforms that support broad data-source compatibility, defensible exports, and scalable workflows suitable for investigations, compliance, and eDiscovery. 

CDS Convert: A Comprehensive Solution for Short Message Data 

CDS Convert, built for Relativity Short Message Format (RSMF) is a comprehensive, proven solution for short message and mobile data in business messaging. It facilitates data conversion from 35+ applications and devices, including mobile phones, tablets, and computers, chat and collaboration applications, financial messaging platforms, social media messaging services, archiving systems, and development and issue tracking platforms. We offer native integration with Relativity Short Message Format (RSMF) as well as platform agnostic outputs. 

With powerful reporting, flexible filtering, and high-quality data outputs, CDS Convert helps teams accelerate workflows, reduce risk, and achieve consistent, successful outcomes. To get started with CDS Convert, contact us at getstarted@cdslegal.com.