Top 10 Neglected Email Maintenance Mistakes & 5 New Concerns

Do you really have your email review process buttoned up? Of course, you ‘re reviewing emails (and in a timely manner) and have included social media in that review. You have turned on your filters. You have added your lexicons.

You can deliver a quality presentation and report to a regulator demonstrating such email review. And, yes, you include email review in your annual training. You may even give tailored training to those employees who are charged with reviewing emails. It makes sense to go through the effort of ensuring a solid email review process is in place – this is where the regulators focus – these are the items we have seen in enforcement actions.  But if that is all you are doing you are missing a significant piece of the email review and maintenance process.

Top 10 Neglected Email Maintenance Mistakes

  1. Failure to audit your employee database to ensure that all current employees are represented in the system accurately.
  2. Failure to capture employees moving from one department to another.
  3. Failure to recognize changes in employee positions, which alters the employee’s email status from not reviewed to reviewed.
  4. Failure to review systems generated emails/communications that leave the Firm.
  5. Failure to include Firm social media activity within the email review system.
  6. Failure to regularly update employee social media inclusion in the email review system.
  7. Failure to monitor new developments in new social media (Snap Chat, Slack etc.) requiring inclusion in the email review system.
  8. Employees mapped to the wrong supervisor or no supervisor at all.
  9. Relying on an HR System or Email System to feed directly into the Email Review System without testing periodically to ensure the connections are operating as expected.
  10. Failure to provide sufficient training those individuals/technologists responsible for maintaining the reviewee list.


What to do? Begin by reviewing the above items. Truthfully, the focus has been on content and backlog of review and, to some degree, lack of whole areas of a firm being included in the review process. However, the minor changes that occur within your firm are often not considered when maintaining your email review system.

Regulator requests commonly include testing: email review process; social media inputs; evidence of maintenance; lexicons; and percent reviewed. However, the 10 items above are easy targets for the regulators to focus on as well.

As regulators become users of social media (such as LinkedIn), they are now more likely to notice an employee’s post. Recently I was called by a regulator directly asking if my LinkedIn feed was included in the company’s review system (I quickly verified that it was). However, the call was a surprise.

Wall Street is traditional and highly regulated and Social Media use has been slower to become a major mode of communication – especially for investment banks, trading firms and institutional business.  The effect of regulating social media is yet to be determined as millennials who have grown up with Social Media are rising into senior positions, FinTech is integrating its use into traditional business, and regulatory employees are becoming users as well as regulators of Social Media. Firms will need to continue to monitor developments.

The following 7 questions should be in within sight of firms, compliance departments, and regulators:

Should I be LinkedIn with regulators?

  1. How to properly ensure that nothing posted to social media falls through the advertising and communications pre-review process?
  2. Are regulators scanning social media for mentions of a firm’s name?
  3. What would the reaction be if a firm directed employees not to LinkIn with regulators?
  4. Do firms have an obligation to monitor employees’ social media for false news?
  5. Do firms (and supervisors) have an obligation to address an employee if the employee’s inappropriate or unapproved communication hits their LinkedIn or Twitter accounts?
  6. Can firms be responsible for postings and feeds that the firm wasn’t even aware of?

We will address these upcoming questions in our next post.  However, one thing is clear: social media as well as interaction between social media and the financial sector continues to develop and adjust. As a result, firms need to continue to monitor the pulse of changing communications  and recognize that the acceleration of change will continue.  And as social media continues to transform the information sharing landscape, it is hard to predict the level of scrutiny regulators will require in the future.

Elin is the CEO of Elinphant a financial compliance services firm. Elin ensures compliance officers who serve clients are skilled and knowledgeable in relation to the clients business and needs. Elin is known for looking at compliance challenges as well as marketing and sales in an innovative and direct manner.