Member Update

The Use of Private messaging apps falls under the regulatory spotlight

It has been well over a decade now since the early  social media pioneers (i.e. LinkedIn, Facebook)  first started integrating themselves into the world of financial services. However, their arrival was not welcomed initially by everyone –  including compliance departments at asset managers, who  became increasingly alarmed at the regulatory and legal risks, which these online platforms posed.

In contrast to corporate email accounts or mobile phones, private correspondence conducted via social media could not be monitored –  making it hard for firms to spot incidences of insider trading or other inappropriate communication exchanges. Almost immediately, a number of investment firms drafted up strict policies governing the use of social media by staff, with many dictating that any official communications between colleagues themselves or with prospective or existing clients should only be carried out through authorised channels (i.e. company email accounts and work phones, and not social media platforms or personal devices).

This exact same problem is once again repeating itself today.  

Over the last few years, the use of private messaging tools such as WhatsApp – often on personal devices – has become increasingly ubiquitous in the workplace. There are several reasons for this. In the aftermath of the 2008 crisis, a number of financial institutions engaged in aggressive cost cutting programmes, with some even asking employees to use personal mobile phones for work purposes, a policy which resulted in more people – intentionally or otherwise – leveraging private messaging apps for business reasons.  

It was the pandemic, however, that had the most dramatic effect as the introduction of remote working forced staff to rely more on their personal devices and private messaging apps for communication purposes.

Consequentially, the ability for firms to accurately monitor and document internal and external communications has diminished  thereby  increasing the risk of deliberate or inadvertent compliance breaches.  Regulators are taking note of this deficiency.

Even before COVID-19 struck, regulators including the Securities and Exchange Commission (SEC) had been probing banks about the controls and recordkeeping arrangements they had in place over employees’ personal devices. The SEC has since fined a number of leading banks more than $1 billion collectively over failures to keep proper records of employee communications conducted on personal mobile devices. Data regulators are also examining whether sensitive information is being relayed and stored on private messaging platforms – amid concerns that General Data Protection Regulation provisions are being violated.

In response, nearly all banks have now imposed a blanket ban on staff conducting official business on private messaging apps such as WhatsApp. So will asset managers follow banks in restricting these private messaging apps?

It is looking increasingly likely that they will, not least because one major European asset manager has already confirmed  it will be setting aside $12 million to cover any potential regulatory fines linked to its employees’ use of personal devices and recordkeeping arrangements.

In terms of next steps, some investment firms intend on formally banning staff from using private messaging tools or personal devices for work purposes. Others are purchasing technology systems which allow them to monitor employee conversations carried out on WhatsApp, together with other communication channels like Zoom and Microsoft Teams.

This is an issue which the funds industry needs to address urgently, especially as regulators are likely to extend their scrutiny beyond just the banks.