Financial institutions are failing in their duty to properly manage instant messaging (IM) communication, putting themselves in breach of compliance regulations and increasing the risk of security threats, according to Akonix Systems Inc.
In a survey of 120 executives polled during a recent
Securities Industry News Web seminar, 61 per cent admit to not having an IM archive system in place and 39 per cent have no instant messaging policy at all. This contrasts sharply with the 85 per cent who state they have email archiving systems. Akonix co-sponsored the survey along with Reuters and Iron Mountain.
The results imply that the majority of financial institutions are still not in compliance with the regulations set out by the SEC and NASD, which require formal management and archiving of electronic communications, including IM. These companies risk, at minimum, severe financial penalties by not having IM auditing capabilities implemented in their corporate communications policies.
Despite the lack of IM management, 80 per cent of respondents state that security is their biggest IM concern, putting them at risk for not only compliance infractions but also security breaches, such as viruses and worms. Akonix estimates that while most companies have e-mail virus scanning solutions in place, less than 10 per cent are able to scan IM based file transfers.
The poll revealed that 23 per cent of companies have attempted to ban employee use of consumer IM completely. This approach eliminates the benefits enterprise IM provides, including collaboration, enhanced productivity and real-time communications, as well as presence awareness and fewer e-mails and phone calls.
“”It’s a worrying trend that so many financial organizations are slow to implement the compliance regulations required by the SEC and NASD,”” said Peter Shaw, president and CEO at Akonix. “”With time running short, these companies need a fast, cost-effective auditing solution to track consumer IM services being used by their employees. Whether companies decide either to simply block consumer IM altogether or securely manage its use, action needs to be taken immediately in order to prevent regulatory infringements.””