Compliant communications – How financial institutions can manage and optimize Microsoft Teams use

IM has become an invariable part of business practice, and among the most notable of these platforms is Microsoft Teams. When utilizing this communication channel, how can financial institutions optimize its usage while handling associated security and regulatory compliance risks?

18 August 2023 7 mins read
by Kathryn Fallah

In brief:

  • As Microsoft Teams becomes prevalent in the financial sector, organizations must take measures to ensure it complies with regulations, and evaluate platform optimization per company needs
  • Effective communication throughout the business will further protect against improper messaging practices and maintain a ‘healthy’ culture
  • It is crucial to comprehend Microsoft Teams’ performance abilities, create policies outlining appropriate use, and implement additional tools to account for any lacking coverage areas

Instant messaging (IM) platforms play a pivotal role in successful business, especially in today’s corporate landscape. Technology’s ceaseless optimization means that the ability to talk in real-time is a necessity to keep up with business growth, efficiently execute job duties, and stay current.

Whether a large corporation with employees in a range of locations around the world, or a smaller company with a percentage of remote staff, these channels ensure smooth communication between teams within organizations, which is advantageous to the way people perform their jobs.

Among the most prominent IM platforms is Microsoft Teams – it continues to grow in popularity and is one of the main messaging channels for businesses. As of 2022, Microsoft Teams has 270 million active users and was second to Zoom as the leading online communication service in 2021.

Despite its widespread use, there are still multiple compliance and regulatory risks that this application poses to those in the financial sector. It is imperative that companies ensure they understand the operation of Microsoft Teams and where data lies within it, take necessary steps to guarantee compliance with their business, and have tools in place to monitor data, keep records of information, and confirm that employees know the rules and policies around the platform.

The capabilities of Microsoft Teams are endless! Or are they?

Organizations must comprehend all operational capabilities of Microsoft Teams and the various locations where information can be stored within the platform.

This knowledge will be useful for creating a data map and makes relevant compliance and security teams aware of who owns and accesses specific data, as well as where it is located within the application for recordkeeping purposes.

Understanding the security that is built into Microsoft Teams and what still needs to be covered is equally significant. Though Teams provides a certain level of defense, it likely will not meet compliance needs and federal regulations set by the Securities and Exchange Commission (SEC), Department of Justice (DOJ), and other regulatory bodies.

While Microsoft has an inbuilt compliance solution, firms should make sure to employ additional securities that can target and compensate for any shortcomings related to financial regulations.

Considering the sensitivity of financial data, organizations will always require the highest level of protection. Ineffective or unsecure communication archiving, for example, can result in lost data that violates federal guidance. Without strong archiving tools that capture all information and data, is compliance guaranteed? 

In the case that communication records need to be reviewed as part of federal investigations, for example, it is expected that organizations tailor their IM usage to reflect their “risk profile and specific business needs”, as outlined in the DOJ’s updates to the Evaluation of Corporate Compliance Programs (ECCP) approach to communication platforms.

Relay, train, and repeat for Microsoft Teams

Firms should establish policies around IM and effectively communicate them to everyone in the company.

Developing thorough and clear policies around Microsoft Teams usage will help employees grasp their responsibilities when using the platform.

Distribute this information in writing, while also holding training sessions to walk through guidelines and field questions that come up regarding the rules in place. Additionally, have compliance and security teams available to address and clarify concerns related to the application.

Consistent communication is key. Giving immediate updates on policy changes and being transparent about what data is collected and why maintains a level of trust and comfort among staff. This helps keep relationships strong wile preserving productivity within your organization.

Lengthy and unvaried training sessions can become mundane; therefore, creating a more engaging and interactive presentation on policies can keep employees stimulated and more likely to absorb information. Carroll Barry Walsh collaborated with Global Relay to discuss the value of training people through stories and context – if people can relate, they’re more likely to comply.

Regulators encourage a compliant culture from the top down, as more often than not, a secure and compliant leadership team fosters healthy culture throughout the rest of the business. When companies fail to promote a culture of compliance, poor practices trickle down and can result in hundreds of millions of dollars in fines, as illustrated by a recent mass penalty involving over a dozen financial firms concerning recordkeeping failures.

In response to these recordkeeping failures, SEC Chair Gary Gensler said:

“Finance, ultimately, depends on trust. By failing to honor their recordkeeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust…As technology changes, it’s even more important that registrants appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications. As part of our examinations and enforcement work, we will continue to ensure compliance with these laws.”

Bridge the gap between risk and safety

Implementing additional services and products to account for coverage areas that may be lacking or inconsistent with financial regulations allows organizations to verify they have all the security measures necessary to meet compliance requirements, including proper recordkeeping and archiving of conversations that take place on Microsoft Teams.

Finding and applying the right tools will ensure that organizations can store, manage, and review any communications and avoid violations that can cost a company both money and their reputation.

As well as data capture and retention, it is important that businesses consistently review and update users. This includes overseeing employee access to communication channels. New hires should receive access to the groups and files necessary for their job functions. In contrast, access must be rescinded from employees leaving a company so they cannot access chat history after departure.

Compliant Microsoft Teams communication, content company

Microsoft Teams has made a tremendous impact on the business world and its influence will likely continue to grow. In consideration of its presence, financial institutions must make sure they have the necessary measures to proficiently and securely optimize the platform’s use.

This means striking a balance between maximizing Microsoft Teams’ performance and obtaining further protections from other sources that can assure compliance. Most importantly, always have an accessible line of communication. Make sure everyone at the organization is aware of the processes and guidelines around Microsoft Teams. Create instructional videos, meet with employees, and have teams readily available to maintain openness and transparency while staying in line with regulations.

Global Relay brings compliance and control to Microsoft Teams by capturing and preserving tamperproof records of private messages, group messages, channel conversations, and shared files. If you’re concerned that you’re not using Microsoft Teams compliantly, get in touch.