The banking sector has always been quick in adopting new technologies to gain a competitive advantage, reduce costs and support improved customer service.

As part of the search for faster information exchange and decision making, banks have widely adopted unified communications systems – integrating email, real time chat and voice into a single platform; social networking tools such as Twitter, Facebook and LinkedIn, and Internet Protocol (IP) telephony such as Skype and Instant Messaging (IM).

The challenge facing banks when using these new technologies is to ensure that they do not result in a failure to comply with financial regulations, and so risk large fines, reputational damage and loss of customers. Management needs to make sure that the users of these technologies follow industry best practices for logging content, blocking threats, and preventing data leaks.

The Markets in Financial Instruments Directive (MiFiD) specifically requires Instant Messaging conversations to be retained when trades are referenced. But it is also best practice to keep content from other Web 2.0 applications, including social networking tools such as Facebook and LinkedIn.

The Financial Services Authority (FSA) has two provisions for organisations using unified communications and instant messaging that require records of any dealings that are subject to the regulatory system, and that all records must be capable of being reproduced in English and on paper.

Osterman Research has developed six steps for Banks wanting to protect themselves from the use of Instant Messaging, social networking and other tools, whilst still benefiting from the benefits that they undoubtedly offer. The starting point is to control the use of these tools so that only authorised users can use specific tools such as IM. Secondly it is absolutely vital that all content sent through Instant Messaging, unified communications systems, social networking tools and websites, even if the use of these tools is unofficial and not sanctioned by the IT department or senior management.

The blocking of threats, and stopping them from being propagated through the network, is the third key action required when using this technology, as malware can rapidly be spread via links provided in IM communications. The key is to monitor the use of all communications platforms and block threats while allowing legitimate traffic through unencumbered. Fourthly, monitoring and preventing the leakage of sensitive, confidential, or other potentially damaging information is crucial for successful compliance. This should include all information covered by the FSA and MiFiD as well as seemly innocuous Twitter posts and comments on social networking sites.

The last two steps cover the archiving of information. All content sent or received, regardless of the tools use to send it, needs to be archived and available. While Twitter, social networking and Skype are not included in current legislation it is expected that FSA regulations will be extended to cover these in the future. Lastly, the archiving of the content from these new communications platforms should be integrated with the primary archive already used. This can save a considerable amount of time when searching for content in response to a regulatory audit, when speed is of the essence.

AVT Systems offers FaceTime solutions that address the compliance issues that the use of these new technologies create.

IMAuditor provides banks with the ability to secure, log, archive and easily retrieve IM and web conferencing chat conversations. It supports all public IM clients, Unified Communications platforms, Microsoft Office Communications Server, and IBM Lotus Sametime as well as specialist IM communities, such as Bloomberg and Web conferencing applications such as Webex. Deployed behind the firewall, IMAuditor gives the IT team the ability to view and control all realtime communications, via a single interface.

IMAuditor works with FaceTime’s Unified Security Gateway (USG)to allow banks to add security and control over P2P, Skype, spyware and other Web 2.0 applications. This is the first secure Web gateway to combine content monitoring, management and security of IM, social networks, Unified Communications with URL filtering, malware and antivirus protection. USG 3.0 offers detailed control of not only websites, but also the content posted to blogs, wikis, webmail and social networking sites. This content can be monitored, secured, and recorded, reducing outbound data leakage and enabling compliance with industry regulations, legal discovery requirements. and corporate policy standards.

Article featured in Banking Technology Magazine, October 2009 Regulation & Compliance.