I’ve been thinking about how businesses react to ethical transgressions. Some types of transgressions, such as those recorded by electronic messaging (email, file uploads, IMs etc), contributed to a number of large corporate court cases in the US since 2000 and came to influence the way companies store and monitor data.
Messaging supervision is a series of processes and tools put in place by organizations to monitor employee electronic communications with the goal of catching problematic communications either in real time or soon afterwards. Businesses (often those in financial services) implementing messaging supervision are often required, or influenced by regulations including NASD Rule 3010 and SEC Rule 17a-4 when they put such systems in place. Businesses also implement these systems in order to protect intellectual property and catch undesirable employee behavior, hopefully before it gets out of hand. Transgressions are caught by the system’s mechanical conscience.
But really, businesses just want to automate compliance and adhere to regulations efficiently. While no regulatory body requires a software-based system to check for possible transgressions, the sheer volume of email is too large for anything but spot checks from compliance staff. Nor should an organization want to actively review all communications traffic. Instead, the bulk of email communication, website visits, IMs and file downloads are scanned by rule-based software platforms. That means that if compliance staff look at a fixed number of tracked communications daily, use of these systems should increase their probability of finding something problematic without adding extra content volume to view.
What the mechanical conscience cannot do is account for context, intent, or employees who write for the censor’s eye. Also, these supervision systems are used at a corporate level primarily in the US. Interestingly Americans, who are normally considered to be privacy conscious, accept the right of their employers to look at their email. In France, for example, employees are allowed to set up private email folders which cannot legally be read by corporate compliance supervisors, should there be any. Further, employee knowledge of messaging supervision also pushes potential transgressors to other means of unmonitored communication: the cell phone conversation or meeting for a drink, which an industry worker once told me is just what the presence of the system is supposed to do.
Does regulatory compliance lead to a different approach to ethics in organizations?
Thursday, May 1, 2008
Mechanical conscience
at 1:28 PM
Labels: business, organizational behavior, regulation
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment