Microsoft Purview · Communication Compliance
Supervisory Review
Members can create and manage the policies that define which communications are subject to review in an organization. Used for regulatory supervisory review requirements (e.g., FINRA, SEC) where designated reviewers must sample employee communications.
Scope: Supervisory review policy administration within Communication Compliance
Permissions
- Supervisory Review Administrator - Create and manage supervisory review policies
- Define communication sampling rules and reviewer assignments
- Configure conditions for communications subject to review
- Manage reviewer groups and escalation paths
- View and report on supervisory review activity
Common use cases
- FINRA Rule 3110 supervisory review for broker-dealers
- SEC Rule 17a-4 communication retention and review
- Healthcare regulatory communication oversight
- Legal industry communication supervision
- Government and defense contractor communication review programs
Best practices
- Coordinate with Legal and Compliance teams on regulatory requirements
- Document reviewer assignment rationale for audit purposes
- Use scoped policies (specific groups/users) rather than tenant-wide
- Regularly audit reviewer activity and escalations
Security considerations
- Supervisory review policies access employee communications — privacy implications
- Reviewer access should be limited to designated compliance staff
- All review activity is itself audited for regulatory chain of custody
- Configure data minimization where regulations permit