Archive & Data Protection

    Compliance Supervision: More Than Checking a Box

    Compliance supervision reviewers face big challenges. It doesn’t have to be so complicated.

    by Garth Landers

    Compliance supervision is one of the most important areas of investment for archiving buyers today but is also unfortunately one of the stagnant areas of investment and innovation from archiving vendors.

    The rationale and need for compliance supervision is quite clear: regulated financial services firms are required to establish supervisory policies, implement safeguards to protect client record privacy, monitor accuracy of disclosures and authorize any alterations. They may also face regulatory audits on a periodic basis to prove that they supervised their broker/dealers. The imposition of fines, potential loss of business reputation and fallout are all significant. 

    The demand for supervision technology is a constant and buyers take it quite seriously. On the archiving provider side, supervision offerings, in some cases, don’t look much different from how they did 10-12 years ago. Vendors have focused on the need to provide a tool for monitoring emails to satisfy compliance requirements -- and little else. For them, compliance supervision functionality is a “checkbox” item on an RFI/RFP but the world is a very different place now, especially for end users.

    What Compliance Supervision Reviewers Need

    In speaking with compliance supervision reviewers today, their primary focus is on accuracy and, very importantly, productivity. Reviewers today must review hundreds of emails day after day, thousands per week and while doing so, look for possible evidence of malfeasance in areas spanning trading, investment and market activities, potential fraud and sales activities, as well as guard against money laundering.

    Because regulatory requirements demand supervision of all email communications, the volume of content to review--even when using technologies to streamline the process, such as random sampling, analytics and lexicons--still results in an enormous workload for reviewers. Functionally, compliance reviewers must apply lexicons against selected content, highlight and flag specific communications, make good judgement calls on what items require additional review, route those communications, annotate, comment and mark them up and then move on to and a seemingly never-ending cycle of more reviews.

    The only way to meet these demands is through a feature-rich application with customizable workflows and flexibility to suit the needs of the organization. In addition, compliance review may only be a part of the reviewers “day job”—they still have to do other things. It’s easy to see why the need for more productivity rates so highly!

    The Challenges for Compliance Review Management

    Similarly, managers of compliance reviewers have a combination of data volume and data management challenges. They must keep their eye on the big picture and make certain that regulatory obligations are being met with the right technology, process and staffing alignment on a systematic basis. At the same time, like reviewers, they must be aware of lexicon usage—what terms and keywords are being utilized in the review process and from an oversight perspective and individual reviewer performance.

    Managers must quickly know how well each reviewer is doing from a productivity standpoint (there’s that word again!), what items have been identified for additional review, where there are bottlenecks in the process and the overall progress being made. Functionally, this often translates into customizable, rich and intuitive dashboards and reports.

    Like the needs of the compliance reviewer, management requirements are typically not being met by legacy archiving vendors today. Those vendors stopped innovating some time ago, and the supervision applications built a decade ago or more, don’t reflect the data volume and productivity requirements buyers demand today.

    We’ll dig into the compliance and governance requirements for supervision in our next blog entry, but it’s always great to start with the user and keep their journey in mind. We would invite you to take a quick video look at Mimecast Supervision below.


    What did we miss? Any thoughts, ideas or feedback are welcome at

    For more information, we invite compliance, legal and IT teams to join us along with Michael Osterman, Research Analyst from Osterman Research in a live webinar on Wednesday, May 29. We’ll be helping to guide financial services firms in navigating a clear and strategic path through the complex requirements they face to support FINRA, SEC, e-discovery and other governance requirements.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top