By Shaun Hurst, Technical Director, Smarsh
If you had told me a year ago that the world’s major financial services companies would all be operating almost entirely with a remote workforce, I would have broken out in a cold sweat.
Straight away my mind would have jumped to the severity of the compliance issues that such a move would involve. Then I’d worry about the magnitude of the investment that banks would need to make in innovative collaboration tools – a move they had put off for so long. For nights on end, I would have tossed and turned thinking about the creaking legacy archives so many banks still held onto, already struggling to keep pace with the exponential rise in data flowing in and out of modern businesses every nano-second.
What a difference a year makes.
Coming in to 2021, banks are light years ahead of where they were at the turn of the decade. The vast majority have implemented the technology they need to enable their workforce to compliantly use the collaboration tools. Most have either moved their archives to the public cloud or have seriously sped up their plans to do so. And the ‘Future of Work’ is no longer a buzz word. It is now a reality. We will never go back to a situation where employees are only able to work in a physical office.
But there is work still to be done. There is a valuable lesson that banks need to learn from 2020: embrace technology, do not fear it. Fear of compliance issues was one of the main reasons that so many had put off fully adopting the collaboration tools that are now the lifeblood of their businesses. What they need to do now is expand their newfound wisdom and embrace all communications platforms that enable employees to stay connected and work effectively, wherever they are.
WhatsApp and Financial Services Regulations
This is most evident with WhatsApp. Many people working in the financial services industry already know that the end-to-end encryption messaging tool is ubiquitous and widely used to keep in touch with colleagues, clients, and contacts. But while company policies largely prohibit the use of WhatsApp, financial regulators have stayed away from an outright ban. Instead, they have issued guidance requiring companies to ensure that the instant messaging tools used by their employees are supervised and in compliance with already existing record-keeping rules such as MiFID II.
In 2019, the FCA stated that firms need to “take reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy.” Similarly, the SEC issued guidance in late 2018 reminding companies of their responsibility to monitor electronic messaging and encouraged them to “stay abreast of evolving technology.”
Ensuring that these guidelines are adhered to has been complicated by the fact that many companies have brought in outright or partial bans on unmonitored instant messaging tools, while also adopting bring-your-own-device (BYOD) policies. Largely implemented to cut costs, these BYOD policies mean businesses are now less able to police which communications apps and platforms their employees are using. This means that they have now lost the oversight they need to ensure that employees are adhering to the bans.
Despite a mountain of anecdotal and judicial evidence that employees in the financial services industry have turned to WhatsApp even more since the outbreak of the pandemic, banks are still failing to adopt the compliance tools they need to ensure their employees are acting legally.
Legal Issues with WhatsApp
In 2020, there were several legal and disciplinary cases that centred upon the misuse of WhatsApp within banks.
In April, Bloomberg reported that a dozen traders at one investment bank were punished for using WhatsApp at work – one was fired and the others had their bonuses cut. In October, two senior executives working in the commodity sector quit after accusations that they had broken their company’s rules on instant messaging platforms.
While one banker was acquitted over a legal case with the FCA in which he was accused of purposefully obstructing an investigation by deleting WhatsApp messages, the UK regulator stated it would ‘take action whenever evidence we need is tampered with or destroyed.’ A clear message to banks that they will be expected to provide accurate accounts of any messages sent by their employees over WhatsApp.
The Solution: Capturing and Supervising WhatsApp Communications
The compliance challenges of the increased use of WhatsApp have been widely played out in the financial media in recent years, with multiple firms being handed significant fines due to their communications-monitoring oversights. This doesn’t have to be the case.
As I said before: We will never go back to a situation where employees are only able to work in a physical office. Companies working in regulated industries, and especially financial services companies, must embrace the tools that they know are in wide use by their employees.
Very few banks have introduced the monitoring solutions they would need to adequately manage the use of WhatsApp or other encrypted messaging tools by its employees. But encrypted messaging tools like WhatsApp and WeChat can be captured, monitored, and supervised. Firms simply need to invest in the technology in order to do so.