By Dima Gutzeit, Founder and CEO Every business must adopt a robust policy towards mobile compliance that goes beyond just issuing a company device and protects their organization in the event of a regulatory crackdown.
Billions of dollars in fines roiling the finance industry. International investigations and high-profile headlines. Massive seizures of cell phones belonging to top banking industry executives. Regulators signal that they have no intention of slowing down.
After numerous incidents, it’s clear that something as seemingly minor as sending a WhatsApp message about a work matter and deleting it later can cost companies dearly, both in terms of fines and irreparable damage to investor and client trust.
With huge amounts of money and hard-won brand reputation on the line, financial firms and other companies working in regulated industries are turning their focus on the issue of employees using their cell phones to conduct business-related discussions.
Thanks to the enduring popularity of remote and hybrid working, the lines between business and personal conversations are blurrier than ever before. High-stakes conversations that once took place in the office, behind closed doors, are now occurring via WhatsApp or iMessage.
This massive shift towards a new way of working has made cell phone conversations about critical work-related matters par for the course. The problem is that many companies haven’t updated their financial record-keeping policies accordingly.
Scores of organizations are now considering adopting a COBO policy as the answer to compliance woes, but there are a number of significant issues that come along with that approach.
What are Corporate Owned Business Only (COBO) Devices ?
Corporate Owned Business Only (COBO) devices, also known as Corporate Owned Dedicated Devices (CODD) are mobile phones, laptops, tablets, or other devices which are used by employees but owned by enterprises and meant to be used exclusively for business matters.
Hardware and software on these devices are controlled by the company’s IT department and restricted to business-only applications, which typically include mobile messaging applications.
Some businesses believe that permitting employees to discuss business matters strictly via COBO devices is a solid way to ensure that they remain in compliance with their communications and record-keeping requirements. Unfortunately, that’s just not the case.
Why a COBO device policy isn’t enough to protect your enterprise
Because industry regulations clearly state that all messages must be archived, including SMS, companies that don’t keep meticulous records of every single work-related exchange are out of compliance.
The fact that employees are utilizing a corporate device does not ensure that archiving will happen unless employees will physically turn over their devices for periodic manual backups.
This is extremely challenging to do at scale, as it means hours or even days when employees will be made effectively incommunicado due to them not having their devices. Add into the mix hybrid and remote working meaning that employees may not even be regularly coming to the office, and widespread manual backups are rendered essentially impossible.
Users can delete messages on their corporate devices, in the same exact ways that they can delete messages on their personal devices – for example, the mass deletion of messages between Secret Service agents recently triggered a criminal probe. The fact that these agents were using devices owned by the federal government is irrelevant – with just a few taps, a user has the ability to erase messages or conversations, and the fact that a phone has been designated for an official purpose won’t stop that.
That’s not to mention that many communication apps now offer disappearing messages, which are automatically erased after a set period of time. Once again, the fact that a device is owned by a specific body, such as an enterprise, does not stop the phenomenon of temporary or disappearing communications on native messengers.
The fact that these features exist doesn’t make them compliant. In fact, digital record-keeping regulation in the US and many other countries requires that every business-related message sent or received is properly archived.
And so, financial institutions can easily end up out of compliance with their record-keeping obligations, even if they’ve limited communications to COBO devices.
Is financial record keeping and auditing your business’ blind spot?
If your company has shaky record keeping, especially when it comes to mobile communications, you are likely setting yourself up for disaster. Maybe you believe your business will fly under the radar of regulators, or perhaps you think that simply telling your employees to save their mobile conversations will be enough to keep your organization in compliance. But hoping for the best isn’t good enough when the risk and potential consequences of a lost device or deleted conversation are so great.
The reality is that every business, whether an industry titan or a smaller company, must adopt a robust policy toward mobile compliance that protects their organization in the event of a regulatory crackdown or another legal scrutiny.
An extensive, fully accessible digital record of all business conversations, regardless of the channel on which they take place, is a critical tool for organizations in the current regulatory landscape.
LeapXpert, a responsible business communication platform, provides businesses with a critical solution to maintain secure and compliant business communication, which doesn’t require a massive shift to COBO devices for all employees. The solution works in organizations that have all corporate devices, organizations with a BYOD policy, and those with a mix of both.
In all cases, it provides automated mobile archiving across a diverse array of channels and messaging applications, ensuring that you aren’t left out of the loop when it comes to work-related conversations.
For crucial mobile compliance assurance and invaluable insights into business communications, LeapXpert can be seamlessly integrated into an organization’s existing communications and GRC software suite.
Contact us to learn more about corporate devices’ messaging compliance and how LeapXpert can help.
SUBSCRIBE TO OUR NEWSLETTER
Useful tips and helpful information.
You can unsubscribe at any time - obviously!
