best practices in policy management for improving financial services supervisory review
DESCRIPTION
Are you making the most of your compliance reviewers time? How effective are your policies in mitigating risk and reducing false positives? Join Ray McGrath, former Regulatory Director at Prudential insurance Company of America, as he leads us through policy management best practices and how to improve review efficiency and reduce risk. To see a schedule of our upcoming webinars or to view our past webinars, please visit http://www.smarsh.com/events.TRANSCRIPT
EFFECTIVEPOLICY
MANAGEMENT
REMOVE HUMAN ERROR FROM OVERSIGHT
With the exponential growth in the use of electronic communication,
many businesses are exposed to significant risks every day.
• Non-compliance with SEC, FINRA or other regulations
• Leakage of intellectual property
• Inappropriate or offensive employee behavior.
INTRODUCTION
• Too many messages to review
• Time wasted reviewing the “wrong messages”
• Too much time performing routine tasks
• No way to prevent legal disclaimers from flagging messages
• Too much “white noise”
• Too many false-positives
THE PROBLEM
Conduct ongoing reviews
Set up policy rules
Fine-tune policies
Ongoing Maintenance
FOUR STEPS TO EFFECTIVE POLICY MANAGEMENT
1
2
3
4
Steps to Effective Message Review
1. Document the review
2. Document the violation that occurred
3. Document the steps taken to remediate the issue DOCUMENTATION
• Assists with Supervisory
understanding of review
and actions taken.
• Provides a historical
record of overall review.
STEP 1: CONDUCT ONGOING REVIEWS
1. Eliminate white noise• SPAM
• Pre-fixes
• Domains
• Unsubscribe & bulk message language
2. Identify applicable regulatory policies• SEC17a-3 and 17a-4
• FINRA 3110 & 3120
• FIOA & Open Records
• HIPAA
• FDA CFR Part 11
3. Company specific policies• HR policies
• Acceptable sales practices
SMARTER REVIEW
YIELDS RESULTS
Effective policy rules can
reduce message volume by
up to 60% while still ensuring
risky messages are being
flagged for review.
STEP TWO: CREATE POLICY RULES
Steps to Creating Effective Policy Rules
STEP THREE: FINE-TUNING
1. Establish a Baseline• Run a report on current flagging rates and message volume
2. Conduct Keyword Review• Review flagged keywords to identify the “noisiest” ones
3. Take Action• Remove unnecessary keywords
• Replace standalone keywords with more targeted phrases
Steps to Further Refine Your Policies
Standalone words such as “complete,” “never” and “always” within a Policy Rule will trigger reviews for low
risk messages containing phrases, such as, “complete the attached paperwork,” “there is never a dull
moment” and “You can always call me.”
STEP FOUR: ONGOING MAINTAINANCE
Keeping Policies Up To Date
• Revisit Policy Rule/Keyword violations on a regular-basis (Quarterly, Semi-Annually) to
ensure complete optimization of Policies and Lexicons.
• When revisiting, focus on those message trends that are causing many reviews but are
not resulting in any issues. There may be an opportunity to add word, phrases or domains
to an exclusion list.
• Review latest industry regulations and company policies and ensure any updates are
reflected in your policy rules.
Built for Compliance and E-Discovery
Platform designed specifically to address the needs
of compliance reviewers.
Questions?
Contact your account manager or customer success
manager to get help customizing your policies or to
implement one of our pre-set policy templates.
SMARSH AUTOMATED POLICY MANAGEMENT