In the wake of Bank of America preparing to receive an enforcement action, US regulators around the country are cracking down on organizations, specifically financial institutions, over their failure to monitor how employees use personal devices for work-related purposes. In fact, regulators can expect to receive close to $1 billion in fines from five of the biggest US investment banks over this transgression.
In the last year alone, here are some examples of financial institutions in the United States who are in talks with regulators:
With the pandemic forcing many businesses to operate remotely, this has opened a huge gap for confidential information to be passed through unauthorized channels that are harder to surveil. So how can financial institutions and other highly regulated industries keep track and monitor employees' work-related activity on their personal devices? It first starts with implementing robust improvements to your BYOD policy.
We outlined 3 best practices below to ensure your organization has a well-drafted BYOD policy that employees can easily follow:
1. Make sure your policy is to the point and clearly outlines how employees can use their personal devices for work-related matters
Avoid a verbose and lengthy policy document that employees might simply ignore. Get to the point early, and ensure your policy specifically outlines what employees can and cannot do when it relates to their personal devices. For example:
2. Make sure employees are aware that there is a BYOD policy in place
Having policies that are not followed can actually be worse than not having them at all. To address this concern, ensure you store all relevant information in a single repository, provide adequate training to employees and communicate any changes across multiple channels, so they understand what to do and the consequences of not complying with the policy.
3. Invest in good technology
In addition to creating a BYOD policy, investing in the right technology to monitor employee behavior, like Mobile Device Management Software, can save your compliance team time and help them focus on higher value projects. As Stephanie Feldt, Chief Compliance Officer & General Counsel at Trading.com, mentioned in a recent webinar with Clausematch, “The use of technology is very helpful. It allows you to generate reports remotely, monitor interactions with customers, customer training activity, or what traders are doing on the trading floor. Technology helps enable surveillance of email and social media, establish clear procedures as to what emails can and cannot be accessed, and guide the use of social media websites.”
For more information, check out these resources to help you build a mature policy management program for your organization: