Unaddressed Compliance Gaps - Navigating Microsoft Teams Archiving and Supervision

Microsoft Teams is a popular communications app used for both video calls and messaging, and it has been included in Microsoft 365 and Microsoft Office since 2017. However, the video calling component of the app was rapidly adopted during the COVID-19 pandemic as a way for people traditionally based in offices to have “face-to-face” meetings when they could not be physically in the same place.

Since the pandemic's end, the remote working trend has continued, with Microsoft Teams and competitor communications apps now deeply embedded in many firms’ cultures.

While many communications channels like Microsoft Teams saw their popularity skyrocket due to COVID-19, it’s taken a while for the surveillance policies and processes at financial firms to catch up with all the new ways people have communicated since the start of the pandemic. For example, in 2022, US banks were fined $1.1 billion for failing to perform proper surveillance on WhatsApp messages. In August 2023, 13 Wall Street firms were fined a total of $549 million for surveillance failures on WhatsApp, Signal, and iMessage by US regulators. Going forward, financial firms need to ensure they have the right policies and processes for archiving and supervision on channels like Microsoft Teams – or potentially risk similar fines.

Contents:

• Regulations surrounding Microsoft Teams archiving and supervision compliance

• Challenges with MS Teams archiving and supervision rules

• Risks of not capturing and monitoring Microsoft Teams
• Best practices for Microsoft Teams archiving and supervision

• How SteelEye can help with Microsoft Teams compliance

Regulations Surrounding Microsoft Teams Archiving and Supervision Compliance

Current regulations that mandate communications surveillance for financial services firms clearly state that Microsoft Teams archiving and supervision is a requirement, alongside other communications channels. For example: 

• The Dodd-Frank Act – This landmark piece of legislation requires firms to capture, monitor, and store trade and communications data so that market abuse can be detected.
• Markets in Financial Instruments Directive (MiFID II) – According to Article 16(6) of the regulation, firms need to capture and store trade and communications data that could relate to a transaction, even if the transaction did not occur.
• Financial Industry Regulatory Authority (FINRA) – FINRA Rule 3170 requires recording communications. FINRA has many other rules on monitoring trades and communications, too.
• Securities and Exchange Commission – The SEC provides rules for trade and communications surveillance for the investment firms that it oversees in the US. Market manipulation rules by the SEC fall within sections 9 and 10 of the Securities and Exchange Act of 1934.
• Commodity Futures Trading Commission – The CFTC also has detailed rules surrounding trade and communications surveillance that firms, trading commodities in the US, must follow.
• General Data Protection Regulation (GDPR) – While there is no personal data in trade data, communications data can contain personal data. So, financial firms need to be careful about storing communications data locally to ensure that it is compliant, as well as alerting employees about the recording of their calls.

Since the UK left the EU, it has transposed over the EU rulebook around trade and communications surveillance – including MiFID II, MAR, and GDPR. Currently, the UK’s trade and communications surveillance rules remain very similar to the EU rules. 

Challenges with Microsoft Teams Archiving and Supervision Rules

MS Teams archiving and supervision comes with a specific set of compliance challenges due to the nature of the media involved and elements of the regulatory requirements. These include:   

• Data volumes – Video calls produce large volumes of raw data. For an individual meeting, there may be several 'Recording Types' captured (Shared Screen, Speaker View, Audio Only etc...), and so archiving and storing Microsoft Teams video calls can quickly result in massive amounts of data being held. If material is not archived efficiently, it can take considerable time for data to be located and downloaded.

• Transcription – Transcription of the video calls needs to be of high quality, or the compliance team will face an excessive volume of false positives and hours of listening to recordings of calls to resolve the issue. 
• Matching the transcript to the recording – Compliance teams can spend unnecessary time locating specific text in a recording unless the surveillance technology syncs the recording and transcript automatically. 
• Security – Video calls contain personal data, so they must be held in a secure environment. 
• Context – Compliance teams may find it challenging to understand the context of a call and can spend considerable time trying to ascertain what is being discussed. They can also often find it time-consuming to locate the source of the red flag in the video call transcript or recording.
  
  

In short, Microsoft Teams archiving and supervision can be one of the more challenging areas of communications surveillance and investigations for compliance teams to operate in. 

Risks of Not Capturing and Monitoring Microsoft Teams

Failing to capture and monitor Microsoft Teams communications data can expose organizations to significant risks, including: 

• Regulatory sanctions and fines – Regulators in the US and UK have made it clear that they will fine firms that are not complying with market abuse rules. In 2022, 19% of the total number of enforcements in the UK were related to MAR or market abuse violations. The total fines for WhatsApp use in the US now exceeds $2.5 billion. 
• Loss of critical data for audits or investigations – Conversations on Microsoft Teams are now just as much a part of doing business as regular phone calls or emails, and so they have the potential to form a vital part of the material needed for audits or investigations.
• Damage to reputation and trust among stakeholders – Fines from the regulators for failure to perform Microsoft Teams archiving and supervision have the potential to grab headlines in the same way that the WhatsApp messaging scandal has – damaging the reputations of the firms involved.
  
  

The self-inflicted damage that can result from a failure to undertake Microsoft Teams archiving and supervision can be substantial. Firms need to be sure they are undertaking this aspect of their overall trade and communications surveillance program correctly.

Best Practices for Microsoft Teams Archiving and Supervision

For communication tools such as Microsoft Teams, it’s important to put in place compliance best practices that are robust enough to ensure that market abuse is being effectively detected and that the program will hold up to regulatory scrutiny.

Key best practices include: 

• Establishing clear and comprehensive archiving policies – For example, policies should state what is being archived, how it is being archived, and the compliance requirements that are being met.  
• Capturing and storing the video and chat – If a Microsoft Teams call is flagged, it will be an essential part of the investigation to review both the video and the chat content. 
• Monitoring in multiple languages – Although English is typically the primary language used in business, other languages may be utilized and should be monitored too. Sudden language changes in communications should be flagged. 
• Ensuring data privacy rules are met – In many jurisdictions, it’s essential to inform employees that they are being recorded, for example. Also, data storage must be compliant. 

• Utilizing automated tools for consistent monitoring – Today, the sheer volume of Teams calls demands automated monitoring to detect market abuse. 
• Providing employee training on compliance protocols – Training employees is essential. They should be aware of what is considered market abuse, what the firm’s policies are, and how they are being monitored for compliance. 
• Reducing false positives – This enables compliance teams to focus on investigations and on improving the overall program. It also reduces compliance fatigue.  
• Supporting investigations – New tools, such as the use of ChatGPT, help summarise communications content, provide context, and highlight flagged text in an effort to support more effective investigations.
  
  

Implementing best practices can improve both the efficiency and the accuracy of communications surveillance, including Microsoft Teams archiving and supervision. 

Having robust Microsoft Teams archiving and supervision in place is essential today as employees embrace the benefits of digital collaboration. Also, regulators are backing up their insistence that newly popular communications tools are archived and monitored for market abuse with enforcement actions and fines.

However, capturing and monitoring Microsoft Teams data has its own particular challenges, so firms need to make sure they are working with a surveillance platform that has experience overcoming these. Additionally, a firm’s surveillance platform should be able to robustly support the kinds of communications surveillance best practices that reduce false positives, boost efficiency, and enhance the ability to detect and prevent market abuse. By understanding regulations, overcoming challenges, mitigating risks, adopting best practices, and leveraging innovative solutions like SteelEye, businesses can navigate the complex terrain of compliance and ensure a secure and compliant digital workplace.

How SteelEye can help with Microsoft Teams Compliance

SteelEye – a pioneering RegTech that created the first and only fully integrated surveillance solution –  provides Microsoft Teams archiving and supervision. The comprehensive compliance and data analytics platform offers various functionalities to help businesses manage and analyze communication data, including integration with Microsoft Teams. The functionalities of SteelEye in relation to Microsoft Teams include: 

Video Monitoring and Archiving: SteelEye allows you to monitor and keep videos from Microsoft Teams meetings. It provides a recording and archiving feature that captures video, audio, and chat content from meetings held on Microsoft Teams. These recordings are stored securely and can be accessed later for compliance, review, and analysis purposes. The active transcription of all the communication allows the users to run detection on video, audio, and messaging used in Teams. This feature ensures that important discussions, decisions, and information shared during meetings are preserved for future reference in keeping with regulatory requirements. 

Meeting Graph Functionality: The Meeting Graph functionality within SteelEye provides insightful visualizations and profiling of the interactions between users within Microsoft Teams: 

• Visual Representation: The Meeting Graph is typically displayed in the bottom right corner of the platform's interface. It visually represents interactions with other users by using lines of varying thickness to indicate the frequency or intensity of interactions between different people. Thicker lines suggest more frequent or substantial interactions. 

• Interaction Profiling: The Meeting Graph creates a profile of your communication patterns within Microsoft Teams. By analyzing the thickness of lines connecting one user to another. Compliance managers can quickly identify the individuals the monitored person interacts with most frequently.

• Meeting Profile Write-up: Additionally, SteelEye's Meeting Profile feature provides a textual summary of the meetings users have participated in during a specific time period. This write-up offers insights into the nature of these meetings, the topics discussed, and the participants involved. This summary can be invaluable for reviewing your meeting history, understanding your engagement, and identifying trends in your interactions. 

  
  

Overall, the Meeting Graph and Meeting Profile functionalities within SteelEye enhance users' ability to visualize and analyze their communication dynamics within Microsoft Teams. These features not only help users to understand their collaboration patterns but also offer a valuable tool for compliance, performance evaluation, and informed decision-making.

Additional features of how SteelEye helps with Microsoft Teams Compliance:

• Seamless integration with Microsoft Teams for streamlined archiving and supervision of video calls and chat
• Real-time monitoring and alerts for policy violations
• Advanced analytics that speed the identification and investigation of market abuse
• A full audit trail to support internal and external audit demands
• Data storage in the cloud, and firms are supported by the robust security of cloud providers like AWS
• Multiple languages with translated lexicon terms, including Afrikaans, Chinese simplified and traditional, Dutch, French, Japanese, and Italian
• ChatGPT functionality that provides a content summary, motives, intentions, and regulatory or compliance issues identified
  

Turn Supervision into Super Vision

Contact our compliance experts to see our platform in action or learn more about how we can help your firm reduce compliance fatigue.  

SPEAK WITH US TODAY