Share these talks and lectures with your colleagues
Invite colleaguesResearch paper
Compliance, technology and data risk: Electronic communications and the modernisation of data governance control structures
Journal of Financial Compliance,
8
(3),
198-214
(2025)
Abstract
Record-keeping and supervision rules regarding electronic communications (eComms) for financial institutions have been in place for as long as eComms have existed. The underpinning of these regulations is the view that the security, reliability, integrity and availability of information reflecting a financial institution’s activities are fundamental to the integrity of the financial markets. Over the last few years, the financial regulators have powerfully reminded the financial industry of the importance of the eComms record-keeping rules, launching dozens of off-channel eComms enforcement actions that have resulted in more than US$2bn of fines to date. With the rise in the variety and availability of individual eComms applications and the use of collaboration tools and generative AI (GenAI), the number and variety of channels available to employees for communications purposes are, however, growing exponentially. Even for sophisticated financial institutions, the resources required to effectively manage the pace of technological development and adapt compliance processes in this space can be overwhelming. This paper explores the regulatory approach to eComms compliance in a changing technology world and how financial institutions can appropriately manage eComms risk. It is possible to establish a robust control structure that meets regulatory expectations, accommodates business needs and keeps pace with changing technology. An effective eComms governance structure must, however, encapsulate processes that engage all key stakeholders, embrace innovation and integrate legal, compliance and IT reasoning that moves beyond reliance on individual employees and detection technology and incorporates data governance as a fundamental principle in business operations and technology development.
Keywords: branding; co-creation; community marketing; market research
The full article is available to subscribers to the journal.
Author's Biography
Therese Craparo is a partner in Reed Smith’s Emerging Technologies Group and BankTech practise. She focuses her practise on enterprise data risk management, information governance and record-keeping, technology implementation, cybersecurity and eDiscovery. Therese has worked with some of the world’s largest financial institutions to develop strategies for managing the legal and regulatory issues relating to both traditional and innovative technologies, including the developing policies and procedures for data governance and record-keeping, designing and execution data remediation and retention protocols, eDiscovery strategy and management and the use of data analytics and artificial intelligence (AI) for eDiscovery, compliance and risk management. Therese advises clients on how to execute, defensibly implement and defend data strategies from beginning to end, including remediating billions of records safely and defensibly, investigating and addressing record-keeping and surveillance gaps, evaluating and implementing new technologies and defending data governance protocols before regulatory bodies, including the Financial Industry Regulatory Authority (FINRA), the US Securities and Exchange Commission (SEC), the Federal Reserve and the Commodity Futures Trading Commission (CFTC).
Anthony J. Diana Anthony Diana is a partner in the Emerging Technologies, Records and eDiscovery and BankTech Groups, and focuses his practise on advising on the legal, regulatory and operational risks associated with implementing, operating and upgrading technology at financial institutions and the management of risks associated with data at financial institutions. Anthony is a recognised leader in eDiscovery and enterprise data risk management issues, nationally ranked in this area by Chambers. Anthony counsels large financial institutions on all aspects of the discovery and management of electronic information, including the development of policies and procedures regarding information governance for various technologies, including artificial intelligence (AI), social media, Wi-Fi and bring your own device (BYOD); and the defence of electronic discovery and information governance policies and procedures before federal regulators and the courts. Anthony has decades of experience advising financial institutions on the implementation and upgrading of technology, with a particular focus on legal, regulatory and operational issues with Microsoft 365 and messaging archives. Anthony has advised on implementing M365 features, including Teams and Copilot, and the migration of data into M365 from legacy data sources (home drives, group shares, exchange, etc). He has advised financial institutions on the implementation and migrations of messaging archives. Anthony has conducted numerous internal investigations for potential liability and violations of laws and/or regulations on behalf of audit committees and general counsel offices in connection with inquiries from regulators, auditors and plaintiffs. Anthony has presented and defended the findings of investigations before regulators, including the Financial Industry Regulatory Authority (FINRA), the Federal Reserve, the US Securities and Exchange Commission (SEC), the Public Company Accounting Oversight Board (PCAOB) and auditors.
Philip H. Thomas Philip Thomas is a partner in Reed Smith’s Emerging Technologies Group, specialising in UK and international privacy and data protection laws, as well as technology and intellectual property. He has a particular interest in the developing cyber and data regulatory landscape and counsels technology service providers and customers operating within Reed Smith’s core sectors.
Christian Leuthner is a Partner in the Emerging Technologies group. Focusing his practise on technology and data protection, Christian is a trusted advisor to clients seeking help to navigate the ever-changing risk landscape associated with technological development. With a decade of experience as a commercial lawyer in the field, Christian advises on all aspects of IT and data protection law, including cloud computing, online platforms, international data transfers, technology transactions, company integrations and various e-commerce-related projects. Working with clients ranging from multinational company groups and more mature companies to start-ups, Christian has a particular focus on ensuring that his clients are maximising the opportunities available to them through new and emerging technologies while minimising any associated risk.
Samantha M. Walsh Samantha Walsh is an Associate in the Emerging Technologies group and focuses her practise on enterprise data risk management, information governance, data privacy and artificial intelligence (AI) governance. Prior to Reed Smith, Samantha was in-house counsel at a large US bank.
Ryan J. Fitzpatrick Ryan Fitzpatrick is an E-Discovery Attorney in the Emerging Technologies group. Ryan assists with data remediation as well as legal research on a variety of data privacy and governance matters.
