The growth and reliance on technology in the financial realm in recent years has opened new doors for financial service enterprises across the globe to promote better, more efficient practices, while enhancing their business ventures, and the overall client experience they offer immensely. Since its introduction on the global stage, Financial Technology (FinTech) has been widely utilized by financial institutions of varying sizes to perform numerous functions, most notably to streamline operational efficiency and expedite the workflow process from top to bottom, all while boosting financial security for themselves and their customers. Many high-tech, automated solutions boast impressive capabilities that far exceed any services offered by their human counterparts, allowing the companies employing these programs to cut both their annual costs, and potential risk of falling victim to crime, large fines or government sanctions for compliance breaches. As a result, the anti-money laundering (AML) software market has grown exponentially in recent years to meet the growing demands of different organizations, and has evolved into an area that is primed for continued growth in 2018 and beyond.
Yet while the growth of mechanization in this respective niche has been astounding, it pales in comparison to the rise of technology seen for personal and entertainment usage since the turn of the century. One area that clearly stands out above the rest in this regard is the cell phone market, and for good reason. Advancements seen in telecommunication, global outreach programs, and user-friendly, life-easing phone apps have led to an unprecedented level of connectivity across seemingly every region of the world. The number of smartphone users globally continues to grow by the hundreds of millions on a year-to-year basis, with experts predicting that the figure will top the 2.5 billion plateau by the end of 2018. Tech-centered consumers in countries such as China and the United States continue to lead the charge in this department, as the U.S. alone accounts for roughly 230 million of the aforementioned 2.5 billion global total of smartphone users. With these developments in functionality continuing to press forward, the products remaining somewhat affordable to members of all social classes, and the demand for these devices remaining ubiquitous (albeit for many to simply “Keep up with the Joneses”), the smartphone market is set to continue its ascent for many years to come. But what if I told you that these same appliances that we center our livelihood around, particularly in the business world, might actually pose high compliance risks…
The Lexology article “Smartphone apps pose heightened compliance risks under new US FCPA Corporate Enforcement Policy”, cited in BSA News Now on Friday, February 9th, 2018, discusses that while smartphones and their powerful applications allow for greater interaction between staff, customers, suppliers and other pieces of the commerce food chain, conducting business through certain high-powered apps can bring significant risks upon a financial institution. Contributors from esteemed global law firm DLA Piper write that some of the challenges that have accompanied the increased use of smartphones and new communication apps (including personal email accounts) in today’s society include the fact that these accounts typically lie outside of the IT networks of an individual’s employer. Writers Nathan Bush, Jason Chang, and Sammy Fang expand on this point, adding:
“Massive amounts of data on communications, payments and activities data generated by super-apps are stored on third-party servers inaccessible to the employer, frustrating efforts to preserve and evaluate evidence in the fact of regulatory probes or litigation. The data is unshielded by the employers’ network security systems, raising risks of unauthorized access or disclosure and resulting commercial losses and liabilities. Live communications through super-apps are obscured from employer network surveillance functions designed to detect prohibited online activities on a real-time basis” (Lexology, 2018).
The article centers on the latest enhancements to the U.S. Foreign Corrupt Practices Act (FCPA) Enforcement Policy that were permanently enacted in late November 2017 following a lengthy pilot period. The program looked to promote transparency and accountability in the financial sector overseas by limiting bribery and financial crime, while motivating companies to come forward with information on FCPA-related misconduct. The program rewarded entities for their voluntary self-disclosure and cooperation, as well as their remediation of any lingering issues. The Department of Justice (DOJ) noted that this reward for full-disclosure would come in the form of a “mitigation credit”, where “if a criminal resolution is warranted, the Fraud Section may grant a reduction of up to 50 percent below the low end of the applicable U.S. Sentencing Guidelines fine range” (DOJ, 2016). The Lexology article also notes however that due to past experience with difficulties in gathering data and evidence in criminal cases due to the “dead-ends” provided by these messaging platforms, they are taking a staunch stance on the use of such programs. The DOJ program also expects that companies will restrict the use of third-party applications for business communications in order to receive such a credit in the future. According to the report, the FCPA Enforcement Policy also prohibits “’the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications’” (Lexology, 2018).
Many have suggested that a simple solution to this potential problem may be to prohibit the use of third-party messaging apps altogether for those employed by a respective financial services organization. Enforcement of such a policy however would be much easier said than done, and limiting the capabilities of staff on their personal devices prompts a debate on ethicality. Nevertheless, new policies for business entities are likely on the horizon in order to avoid risk and to stay in line with the FCPA’s guidance. The key will be for these organizations to not overstep their boundaries when implementing new policies in their quest to mitigate risks.