Active policy management is business-oriented enterprise software that provides an approach for efficiently and effectively addressing the many risks inherent in electronic communication. With the exponential growth in the use of electronic communication, many businesses are exposed to significant risks every day. These risks range from non-compliance with various regulations, to the leakage of intellectual property, and to inappropriate or offensive employee behavior. Active Policy Management enables a business to accurately detect the violations, to take the appropriate action (even blocking the message from being sent), and to quickly find and review the violation in order to address the situation, preventing further damage.
There are many channels of electronic communication including e-mail, Web-based e-mail, instant messaging, messages sent from a Bloomberg terminal, mobile e-mail sent from a handheld device such as a BlackBerry, general use of a web browser, ftp, file copying (e.g. memory sticks) and many others.
Electronic communication policy
The key to effective detection of violations in electronic communication is policy. Policy for electronic communication defines who can send what to whom, and, if a violation is detected, what action to take. A policy is designed to address a specific issue or risk. Examples include:
Certain reports cannot be sent externally without a proper disclaimer being present
Certain employees cannot communicate about a business matter with other employees
Documents intended for internal use only must not be sent to a recipient who is not a company employee
Policy can only be effective at identifying violations if it can understand the true intent of a message. Policies based only on a list of words or a lexicon generally cannot perform this task.
For any APM solution to be effective, it must have a proven technology to define and deploy accurate policy. And by “proven”, an interested party should inquire as to a particular solution’s successful installation at one or more customers.
APM has three primary application areas. Real-Time Prevention, Intelligent Review, and Smart Tagging.
Real-Time Prevention can detect violations in electronic communication before a message has been sent (and before it has been delivered to an intended recipient). By doing this, a violation is prevented from having occurred. And, in the case where archive software is used, a message that has not been sent will not be ingested by an archive or be retrievable at a later date.
Intelligent Review can detect violations in electronic communication after a message has been sent. Intelligent Review also creates extremely targeted queues of messages that have a high likelihood of having violated an important corporate or regulatory policy. A reviewer or supervisor can easily access these relevant messages in order to thoroughly audit them. An audit can include flagging, exporting, approving, rejecting, and escalating a message.
Smart Tagging analyzes messages and assigns them to one or more categories. This categorization can be used for selective message archiving, to retain messages based on their content, and to enhance message retrieval for investigative purposes.
Virtually all businesses use electronic communication and are exposed to the inherent risks therein. Certain businesses are exposed to more risks than others. Heavily regulated industries such as financial services have a very strong need for APM. Industries where companies have many of their intellectual property assets in digital form would benefit from protecting those assets with APM. Other industries that would benefit from using APM include those where companies are concerned with corporate behavior and governance and those that use archive software to store messages for long periods of time, often for at least 3 years.
Ofer Abarbanel is a 25 year securities lending broker and expert who has advised many Israeli regulators, among them the Israel Tax Authority, with respect to stock loans, repurchase agreements and credit derivatives.