Name: Communications Archiving in 2026: Comply Solution Showcase
Uploaded: 2026-02-17T16:46:05.501Z
Duration: 30 min 8 s
Description: Communications Archiving in 2026: Comply Solution Showcase

Transcript for "Communications Archiving in 2026: Comply Solution Showcase": Hey, everyone. Super excited to have you joining us today. We're gonna spend the next little while talking about communications archiving, the rules, best practices, and complies approach in 2026, including native capture of mobile channels like iMessage and WhatsApp. I'm Trent Lanning, product marketing manager here at Comply, and I'm joined by Dave Lacer. Sure. Thanks, Trent. Happy to be here. Like Trent mentioned, my name is Dave Lacer, senior vice president of our product management function at Comply responsible for all of our, compliance platforms, including Comply for RA and our communications archiving tools. Thanks, Dave. Now some quick housekeeping. If you have any questions today, please feel free to drop them in the chat. We're going to be following up on questions after today's session. Now, before we dive in, here's a quick overview of COMPLY. We give firms a complete view of compliance, from daily employee oversight to firm wide governance. We bring compliance technology, consulting, services, and education together in one place with the goal of helping you build a stronger compliance program. Today's session will go as follows. We'll set the stage for what today's books and records rules require. Then, we'll address some key challenges and best practices. Next, Dave will walk us through a demo of Comply's communication archiving solution. None of this is new in theory. SEC recordkeeping rules, rule two zero four two for advisers have long required firms to retain written business communications and produce them on request. What has changed is how business actually gets done. Today, communication doesn't just mean email. Platforms like WhatsApp and iMessage have become a top common touch point between reps and clients. Not to mention, we work in different environments now. Remote and hybrid work have become more frequent, and with it, a greater concern from regulators about how and which channels we're monitoring. Taking a closer look at some core record keeping rules here, if you're an SEC registered investment advisor, thousand forty two is likely what you're most familiar with. It's the core books and records rule that requires firms to retain all written business communications and the ability to produce them when requested. That includes electronic communications like emails and texts. State registered firms must abide by their state's own version of these rules. Many states have adopted books and records rules that closely track the SEC framework. Always check your state's specific rule, but in practice, the expectations are usually quite similar. And for broker dealers, see these expectations show up under FINRA Rule 4,511. This requires broker dealers to make and preserve required records, including records of business communications. When these records are electronic, FINRA expects firms to maintain them in a format that cannot be altered and that can be produced promptly when requested. Rule 3,110 is where supervision comes in. It requires firms to establish and maintain a supervisory system. So in this context, it's not enough just to say we archive communications. You need to show how those communications are being supervised. Now, some common challenges. First, incomplete visibility. It can be really difficult to capture every channel an employee uses to communicate with clients. Maybe they keep it mostly within email, but are there times where they do a follow-up or have a quick chat via text? Those details matter. Second, archiving without consistent supervision. Archiving is one component, but these communications need to be regularly reviewed too. And when you have a lot of different communications being sent across channels, that's easier said than done, which leads us to point three, fragmentation. Email in one system, iMessage in another, WhatsApp somewhere else. It it can become really hard to standardize reviews when they're spread across vendors and systems. And then, of course, there's the barriers for employees. For things like iMessage, do they have to use a separate app? What's the UI like? These small things can make it frustrating to carry out day to day communications. Now let's talk best practices. First, pretty straightforward. Regularly update policies and procedures that address these record keeping requirements. In particular, you know, clear expectations for appropriate use of things like email, social media, websites, and texting. Next, employees need to understand these policies. Reinforce what considered a business communication, and clarify approved versus unapproved channels. Regular reviews are also critical. Communications reviews should scan for things like client complaints, MMPI and potential insider trading indicators, inappropriate or undisclosed outside business activities, and promissory language to name a few. I've alluded to this, but it's important to assess that all business communications really are being captured and retained. And finally, application of a risk based review strategy. This includes things like building a keyword lexicon aligned to your firm's risk profile and determining an appropriate review sample based on your firm's size, activity, risk. Typical review ranges often fall between one to 3% of communications, but this varies by firm, and you may want to adjust sampling based on heightened risk areas or events. Now I will level set by noting the idea of feeling secure just because your policies forbid the use of certain communication channels. Text messaging with clients in particular is a big one. So sometimes we hear firms say, we solve the challenge of review complexity by just banning text messaging with clients. The problem is, regulators don't see that as sufficient on its own. Even if texting is prohibited, firms are still expected to monitor employee behavior and prove the policies being followed. That introduces other operational needs, like deploying employee certifications to ensure they're actually following the policies. And in practice, banning channels can push communications further off channel, making risk harder to detect, not easier. This is part of the problem Comply is helping solve. If we can make it easier, more seamless for firms to monitor channels like iMessage and WhatsApp, we can empower reps to communicate through preferred channels while ensuring those communications are captured, reviewed, and retained. Alright. So just recently, a couple weeks ago actually, we saw this exact sort of case pan out. FINRA fined a broker dealer $750,000 for failing to supervise its employees' use of text messages. The kicker? The firm had policies that prohibited the use of text messaging for business purposes. The problem FINRA saw was that, though the policies existed, the firm had no real way of actually monitoring for compliance with these policies. FINRA also discovered that sensitive information was shared through some of the text messages. Put simply, policies are a very important component of communications oversight, no doubt, but they are not the only component. An adequate way to monitor compliance with policies is just as important. This brings us to Comply's communication archiving solution. It's designed to help firms bring more of their communications archiving into one system the same system, by the way, that also supports the full compliance program, from employee monitoring to risk assessments to annual reviews and beyond. More of your compliance activities and documentation together in one UI. So some more about the communication archiving solution. It provides coverage for emails, websites, social media posts, professional messaging services, and now native iMessage and WhatsApp too. Dave will show some of this in the demo, but the solution is very customizable. You can tailor your review periods and your sample sizes to your firm's needs. You can choose which keywords get flagged and which employees get marked for heightened supervision. It's a solution designed to support the way you perform reviews. And while it's a very intuitive system to use, if you're looking to offload the review process, we can handle that too. Our experienced managed services team can handle review tasks, helping monitor messages and flag potential risks. So the native capture element, let's talk about it. Through our partnership with Leap Expert, Comply is one of the very few providers that offers truly native capture of iMessage and WhatsApp. What does native mean in practice? It means employees continue using their existing devices and phone numbers exactly as they do today. No new apps, no workarounds, no changing phone numbers. This matters because a lot of the resistance to mobile capture comes from comes from tools that disrupt how people work. Texting clients is part of everyday business. The compliance challenge here is how to supervise those conversations without creating friction or adoption risk. Native capture removes that trade off. From the compliance side, firms get a complete, tamper proof record of messages. Full conversation threads, timestamps, multimedia, edited and deleted messages, and even reactions to messages. All of that data is stored in a WORM compliant archive, encrypted throughout its life cycle, and aligned with Apple and WhatsApp terms of service. The result is that employees communicate the way they always have, and compliance teams get the full record regulators expect, captured, supervised, and ready to produce when it matters. With that, I'm going to hand it over to Dave who's going to show us what the solution actually looks like. So I'm gonna jump into the archiving tool. First, I'll show showcase a little bit about the setup process, what to expect as a supervisor walking through setting up your users, and then also going into some examples of what messages look like when they when you're doing your reviews. So here at the communications archive review settings page, this is where as you can a Blinds officer or supervisor, you can request each of your individual advisors that you need their devices archived to link their devices for native iMessage or WhatsApp. So as Trent mentioned earlier in the presentation, these are not additional apps or new devices that they have to use. These are their devices they've been using for a number of years and they have apps they're used to messaging their customers and and partners with. It's as simple as checking the boxes of the of the users you want to archive, sending that request, and now we'll create a to do task in their, comply for our account as well as send them an email from the automated onboarding process, which takes about ten minutes to set up for both iMessage and WhatsApp. Then the supervisor would also set up their mobile review frequency. So a key component of the communications and our accounting processes, the review period. How frequently are you going back and looking at messages that were flagged for keyword detection, individual messages that were under heightened supervision or a random sampling to ensure that you are having a proactive program, not just reactive to the items that are flagged. So the options that you have for emergency frequency are weekly, monthly, or quarterly. Additionally, you could set the random sampling percentage between 025% or any custom value that you determine. And then lastly, because this process is managing oversight and monitoring with the operational burden of doing these reviews, you could set the number of items that's aligned with your policy to ensure that you have the appropriate operational teams to review the messages within that PVA. The next key is setup pages and keywords and safe phrases. So these are marketing terms, other types of lexicon that you want to flag for review. So it could be guarantees, promises, angry customers, anything that you determine that you want to review after the fact. Additionally, we know that there are certain phrases that cause noise or false positives, and you can include safe phrases that minimize the amount of noise that ends your review period. And then the last setup is around heightened supervision. Whether there is a new employee or employee that has a past poor behavior or poor communications that you want to monitor a little bit more closely, you can set up heightened supervision for those particular employees. And after that, we'll go straight into a few examples of what to expect when you are going through the review process for iMessage and WhatsApp. I'm gonna go through three examples. The first example is a keyword detection. So as you see here in the dropdown, you can see that with few periods across the entire account. And on this table, you could see the items that you've already reviewed, the items that are flagged for further review, but I'm gonna click on this message here. So in all three, you see the device owner. So this is the employee whose device message was sent to or was sent from, the participants of that particular text thread, the platform, whether it's iMessage or WhatsApp, and then the content of the message. So, this particular case, there are keywords or promise that is in the reference, instance of promise you'll be at the game tomorrow and the person who responds, I promise we could talk investments at halftime. Again, this seems on the up and up and nothing nefarious. You would then go through a review process to either escalate this where it requires further review, add a note to document your findings, and then finally, once you've determined that the message has been appropriately reviewed, you can mark as reviewed and it'll automatically take you to the next message. I wanna show a few other examples though. So I'm gonna switch to a different review period. And I got this first message from WhatsApp. So one of the neat features of WhatsApp in iMessage is the ability to edit and delete messages after they've been sent, which can create a gap or blind spot in any archive process. Fortunately for you, the communications archive tool, any message that is sent that is deleted or edited is captured and flagged and ensured that the reviewers and supervisors have the full picture of what was discussed in that conversation. Similarly, if they to, I want show a random sampling, because as I mentioned before, you have heightened supervision, you have to flag keywords, but also part of it, if a strong program is proactive oversight and random sampling to ensure nothing is slipping through the cracks. So I'm gonna look into this first message. And the other the other important point to make is that these discussions do not are not often a point in time. There's a history, there's an upper days, there's a buildup to get the full context. So in this particular case, the users have added messages across a number of days, and you can click on this get newer to see the full text message history. So as I mentioned before, regulators are expecting proactive monitoring programs that not only identify keywords and potentially problematic messages, but also random sampling. And you can balance that the operational burden of review of these on a weekly, monthly or quarterly basis by setting the limit on the number of messages that enter that regime period. And as I mentioned before, this incorporates other types of communications and archiving capabilities on other channels, such as email, social media, and your firm's website. So thank you for taking a few minutes to through the communications and archiving capabilities for the client. With that, I'll turn it back to Trent. Awesome. Thank you, Dave. Appreciate you showing everybody a first look at this. I'm going to resume sharing my screen for just a second here. And we're going to just share with folks that yes, this is available in Comply for RIA. Dave, also available in Comply platform now too, correct? That's correct. Awesome, Dave. Yeah, definitely excited to get these functionalities in the Comply platform as well. Again, if you're looking to offload any of the review components, even as intuitive as this new solution is, our experts from the managed services team can definitely help. They can help with the review process, with marketing reviews. So definitely feel free to reach out and we're happy to help you there. With that, Dave, any last words before we wrap up today? I just wanna thank you again for your time and attention. We're really excited for the launch of this communications archive capability. As Trent mentioned, both in the Comply4RI platform, as well as the Comply platform. It's really taking us a step forward in ensuring that our customers have a strong compliance program. Awesome. Thank you everybody for attending today and we'll see you in the next session.