Ten years ago, our working days of communication were heavily reliant on phone calls or email. Fast forward to the present day, our communication methods have been transformed by the addition of collaboration tools and instant messaging platforms such as Microsoft Teams, Zoom, Slack, and WhatsApp.
These systems have dominated the way we work and communicate. However, for organisations in regulated industries, the adoption of platforms such as these, could be the recipe for a non-compliance nightmare.
For many firms, various restrictions may have been introduced when using technology such as this, due to fears of non-compliance.
It’s no secret that applications such as WhatsApp or Slack, to the inexperienced, can lack the ability to capture, archive and monitor the free flow of information and communication data.
In a simple world, a corporate ban on using specific tools for internal and external communications could work. However, evidence has shown that despite corporate bans, employees are still adopting use of these applications leaving companies to deal with potential compliance infringements later down the road.
Should Banks Ban Messaging Apps?
Instant messaging applications like WhatsApp enable global communications over the internet free of charge. With the addition of encryption technology, they now also attempt to offer users improved security. Sharing photos or even large video files is as simple as clicking a button. With roughly 100 billion messages being shared via WhatsApp a day, whilst also being used for business related communications, this platform has established itself as a long running and firm contender in the instant messaging world.
Banks banning messaging apps is not the right answer. If one app gets banned, considering the uptake of various other communication channels around phone and email historically, there is a high likelihood that users may quickly adopt another app.
It’s time for Banks and Financial organisations to embrace instant messaging and take the opportunities for non-compliance more seriously. If there’s one thing regulators do not accept when it comes to matters of the regulation, it’s an absence or lack of visibility into the correspondence between a bank and its clients.
Ensuring WhatsApp Communication Compliance
Very few Banks and Financial Organisations monitor their employee’s WhatsApp conversations, with only 14 percent effectively carrying out effective supervision or surveillance.
When communications being made on platforms such as these are able to be captured, monitored and archived, firms not only have an onus to invest in the processes and technology to do so, but should also be made aware of the possibilities for monitoring instant messaging applications.
A sensible approach for organisations to ensure regulatory compliance would be aligning their policies and technologies to ensure all messages (particularly trade-related) are recorded, monitored, and archived in agreement with compliance standards.
In the interim, financial organisations should also be:
- Conducting a policy review
- Assessing recording and monitoring practices
- Reviewing compliance training
- Carrying out random spot-checks to identify non-compliance
Final Thoughts On WhatsApp Compliance
The fast-paced nature of a financial trading environment as well as the availability of different mediums of communications means that a financial institution’s employees are likely to adopt them. Accountability, surveillance and compliance all need to be considered as part of this adoption. The instantaneous nature of self-serve apps like WhatsApp has paved the way for convenient, real-time comms. For financial institutions to ignore this evolution in communications, they run the risk of being left behind. What matters now is facilitating compliant use of these apps across the organisation.
In the absence of compliant technologies, financial firms could risk getting on the wrong side of the regulatory bodies. With a staggering £568m of fines being issued to UK financial organisations in 2021 alone, non-compliance is not worth the risk.