A flurry of settlements with investment banks over use of unauthorized messaging apps makes one thing clear: The feds aren’t fooling around. As MirrorWeb’s Harriet Christie discusses, while recent actions have targeted the big guys, the entire finserv industry is on notice.
In September 2022, the SEC and Commodity Futures Trading Commission (CTFC) reached settlements totaling around $1.8 billion with 12 of Wall Street’s leading investment banks. The prominent institutions, which included Morgan Stanley, Citigroup, Goldman Sachs and Bank of America, were penalized for failing to monitor employees’ use of unauthorized messaging apps, like WhatsApp, with colleagues and clients.
The probe followed on from JP Morgan’s $200 million fine in December 2021, with the floodgates apparently opening. Authorities seem to have used that initial $200 million settlement figure as a yardstick for the industry, signifying the end of an unofficial grace period afforded firms adapting to the pandemic.
Such monumental penalties have of course had a seismic impact on the financial services landscape, with the repercussions reaching far beyond the behemoths evidently being made an example of. But how did we get to this stage and how can firms address the employee behaviors that are clearly no longer going to be tolerated?
What’s up with WhatsApp?
The SEC mandates that banks maintain records of all communication between clients and brokers. Private exchanges, like those occurring through WhatsApp, are far more difficult to monitor, and the likelihood of data being compromised only increases as personal devices are introduced to the equation.
It’s important to note that the issue here is not with WhatsApp itself; the same concerns apply with WeChat, Telegram and other so-called ephemeral messaging apps. It is the difficulties in documenting communications on these encrypted platforms, and the subsequent contravention of record-keeping requirements, that is problematic.
Until relatively recently, consumers had limited options available to them if they wanted to reach out to a regulated firm. To discuss their bank account, for instance, they’d need to either get on the phone or head over to their local branch for a personal discussion. Now, they are able to communicate with the organization through a multitude of digital channels.
It’s not just an option but a preference. WhatsApp, Facebook Messenger and Telegram were among the most downloaded apps in Q1 2022, and WhatsApp itself has an astronomical 2 billion active users worldwide. According to Forbes, 93% of U.S. consumers want to communicate via text message, with speed, ease of use and consumer familiarity with the platforms proving decisive advantages.
This works both ways; it’s also easier and more efficient for employees to communicate through tools they’re familiar with using in their day-to-day life vs. one provided by their employer.
Unpacking the SEC’s Executive Compensation Clawback Rule
The SEC has finalized its long-awaited clawback policy mandated by the Dodd-Frank Act, issuing final rules that are scheduled to go into effect in late January 2023.
Read moreDetailsRemote channels
The disruption of the Covid-19 pandemic led to far greater reliance on messaging apps, as physical proximity, even with colleagues, was prohibited. In 2019, 68.1 million U.S. mobile phone users accessed WhatsApp to communicate. This figure is projected to grow to 85.8 million users in 2023. A byproduct of this reliance on new digital channels was an escalation in the number of workers using personal phones or tablets for business, as lines began to blur and professional and personal lives intertwined.
Employees may be more likely to act casually when working remotely, whether that means taking longer breaks or messaging clients or colleagues through an unauthorized channel. Having allowed these communication habits to set in over a sustained period, they’re now very difficult to shift back to a pre-Covid level, given the inherent convenience and usability that employees have become accustomed to.
Paying the bill
JP Morgan’s $200 million dollar fine in December 2021 was the first significant penalty in a probe that has also impacted the aforementioned dozen leading investment banks to the tune of $1.8 billion. The SEC’s crackdown has since continued to expand, as Wall Street’s private equity giants have revealed that they’re under investigation.
The enforcement unit has also launched inquiries about smaller Registered Investment Advisor (RIA) protocols for off-channel business communications. RIAs are subject to the same regulations as the larger firms that were previously penalized, so while they may have been spared the ambush of the initial investigations, they should be mindful that they’re in the regulators’ crosshairs nevertheless.
What now?
The situation leaves business leaders and compliance teams in a quandary. Should they sacrifice convenience and operational efficiency in the pursuit of compliance, banning messaging apps outright and instead relying on the tried and tested solutions of email, phone calls and, to a lesser extent, social media?
This is probably a tempting option given the enormity of the penalties being administered. It has certainly been the more popular approach — in July 2022, just 15% of financial firms were monitoring WhatsApp. But it’s not quite that simple. Banning employees from using particular channels doesn’t necessarily mean that all risks are eliminated. The prohibition of helpful tools will probably lead to disgruntled employees and “compliance gaps” in the workplace. The safer option is for business leaders to understand the platforms that employees and consumers prefer to use, and then developing suitable policies accordingly.
Ultimately, if employees want to use unauthorized apps, they will do so, unless a supervisory procedure is in place to police it correctly. This has had immense repercussions for the likes of Goldman Sachs, Bank of America et al, who have not succeeded with this step, despite their resources.
Can WhatsApp be monitored?
The preferable option here is surely to empower staff to utilize the platforms with which they’re most comfortable, minimizing limitations wherever possible.
To achieve compliance on encrypted platforms like WhatsApp, business leaders must ensure they can capture, preserve and monitor conversations. This is easier said than done, and the process has historically been a source of great difficulty. However, in recent years, new solutions have been developed specifically to tackle this emerging necessity.
Much as they had previously for social media platforms, digital archiving vendors have built the technology to capture and archive communications data from apps like WhatsApp, WeChat, Signal and Telegram. Firms can also allocate secondary numbers on personal devices, allowing employees to differentiate between business and non-work-related contacts and capture pertinent data accordingly. This means that privacy can also be maintained despite heightened levels of professional scrutiny.
Harriet Christie is chief operating officer at MirrorWeb. She graduated from the University of Sheffield in 2010, with a B.A. in management accounting, entrepreneurship, business law, BSR, HR. She entered the tourism space, starting as an accounts executive at LateRooms.com, and earning the title of global accounts manager within three years. She occupied this role for a further five years as the business continued to evolve and flourish, before taking up her role as a key account manager with MirrorWeb, a data-archiving solution based in Manchester. Harriet was appointed operations director in 2020. Since then, she has helped oversee the evolution of the MirrorWeb product and service offering, as well as the business' impressive growth since her taking on the role. 
