Navigating the minefield of personal accountability in the digital era

Navigating the minefield of personal accountability in the digital era

In the rapidly evolving FinTech space, executive-level individuals across various organisations are finding themselves under the microscope. Theta Lake’s Susannah Hammond recently explored the current minefield of accountability. 

The CEOs of an American digital retailer, the chief information officer (CIO) of a British bank, and numerous high-ranking staff members in a US bank, all share a common thread. Each of them has faced individual enforcement for non-compliance regarding technology use, some even bordering on misuse.

In October 2022, the U.S. Federal Trade Commission (FTC) sanctioned a company and its CEO for security lapses that left the data of 2.5m clients vulnerable. Despite being made aware of these issues two years prior to the incident, they didn’t address them effectively. Penalties involved not just data erasure and data collection limitations, but also forced the CEO to meet distinct data safety standards given his role in overseeing unlawful activities. The FTC mandate applies to the CEO regardless of his affiliation with the firm, carrying forward to any future role where he handles consumer data.

Fast forward to April 2023, the UK Prudential Regulation Authority imposed a £81,620 fine on the former CIO of a British bank. His failure to oversee the bank’s outsourcing strategies related to a 2018 IT migration project led to this penalty. The financial repercussions extended to the bank as well, facing a hefty £48.7m fine for operational resilience shortcomings in December 2022. The bank had to part with an additional £32.7m for compensation to customers who were negatively affected. The regulator concluded that the CIO’s inadequacies impaired the bank’s operational resilience, leading to considerable disruption.

January 2023 brought about news of another American bank reclaiming millions in employee fines. These were part of the remedial measures in response to over $2bn in fines incurred in the U.S. due to unmonitored communication channels. The penalties levied, ranging from a few thousand dollars to over $1m, were determined by factors like the number of messages sent, the employee’s rank, and prior warnings received.

All these instances underscore the need for firms to establish rigorous policies and procedures to manage all aspects of security and compliance when deploying technology. This includes every facet, from lax data security to failed outsourcing to unmonitored channels usage. As is becoming increasingly evident, failure to adhere to these standards is not only a theoretical business risk but also a potential personal liability.

Investing in modern solutions to ensure security and compliance is crucial. Adopting legacy solutions could prove expensive in the long run as they may no longer serve the rapidly changing technology landscape. The failure to compliantly archive and monitor voice, chat, or video could potentially lead to significant costs and personal liability.

Moreover, prevention through education is essential. Regular training on regulatory expectations and compliance is necessary to maintain the standards. Detailed record keeping is another critical aspect. Firms and senior individuals should be aware that their communication methods, both internal and external, will not only be under surveillance by regulators but will also be used as indicators of behaviour, risk conduct, and culture.

Theta Lake, an award-winning tech firm, offers patented compliance and security for modern communications. It captures and compliantly archives communications across multiple platforms, which allows firms to meet record keeping and other requirements. Their AI-enabled technology identifies risks and presents them in an AI-assisted review workflow, facilitating an efficient and effective review process for compliance teams.

Theta Lake’s compliance suite ensures that all aspects of messaging can be preserved, providing a full audit trail for supervisors, regulators, or prosecutors. It also meets the stringent standards of SOC2, Type II audits, and ISO 27001 control mapping, so confidential or sensitive data can be automatically redacted to meet data privacy and other legal obligations.

Read the full story here.

Keep up with all the latest FinTech news here

Copyright © 2023 FinTech Global

Enjoying the stories?

Subscribe to our daily FinTech newsletter and get the latest industry news & research


The following investor(s) were tagged in this article.