Regulatory hammer looms over bank private messaging

Financial regulators are cracking down on the use of private messaging applications by banks as the number of non-compliant contacts with clients, occurring internally and externally, has increased in recent years. 

In October, the UK’s Financial Conduct Authority (FCA) was in an ongoing dialogue with a number of UK “authorised firms” concerning the use of personal devices by staff, according to a report from Bloomberg. This follows the intervention of the US Securities and Exchange Commission and Commodity Futures Trading Commission in September, which imposed penalties on a string of US banks – to the tune of $1.1bn and $710m, respectively – for a raft of communications-based infractions. 

Under most financial regulatory regimes, including those of the US and the UK, banks are obliged to keep detailed records of all business communications, from emails to messages, to meet far-reaching compliance rules, among others. Yet, changing working patterns linked to the increasing digitisation of the workplace – a trend that was accelerated by the Covid-19 pandemic – has facilitated the use of informal communications tools by some financial service sector staff. This includes the use of messaging services like WhatsApp that provide end-to-end encryption for users. 

“As more communication has shifted to digital channels from office hallways, conference rooms and telephone calls, the security and compliance burdens on financial institutions have also grown. Workers at many institutions have shifted conversations to consumer-oriented messaging apps like WhatsApp for work-related matters,” says Chris Skelly, vice-president of product at Rocket.Chat, an open-source communications platform.

“This poses a significant challenge to regulatory compliance in financial services due to the lack of security safeguards – and the consequences are costly,” he adds.

Interventions and solutions

US lender JPMorgan Chase & Co’s $200m sanction in December 2021, for staff breaches of communication rules, was the first significant intervention in the post-pandemic era. Since then, regulatory scrutiny has increased in the US and elsewhere. 

The UK’s FCA is a case in point, having already issued a newsletter in 2021 regarding the risks of misconduct associated with home working and electronic and telephone communications. Although the UK regulator’s efforts have not moved beyond a request for information to date, the prospect of further and more onerous interventions remain.

As financial penalties and the risks associated with misconduct both escalate, banks and other financial institutions are now looking at ways to address the issue.  Among other measures, this includes turning to third-party service providers that can offer viable and compliant communications offerings. This search for solutions reflects both the scale and complexity of the problem at hand: not only do banks, for instance, have to comply with financial record keeping rules; they must also align with data privacy laws. 

Complications can easily emerge if communications have occurred and are held on an employee’s personal device. Moreover, penalties can apply to individual staff members as well as the businesses for which they work.

“Financial institutions need to move quickly to implement messaging and collaboration systems for their teams that are highly secure while ensuring record-keeping compliance,” says Mr Skelly. “Having the proper architecture to enable remote teams to collaborate internally while connecting and communicating with customers and other external parties is imperative for keeping pace with regulatory requirements and customer expectations.”

Growing risk

In this complex and fast-moving environment, the risks for banks and other financial institutions are stacking up. In the end, the real problem facing the financial services sector is that the most recent spate of fines and investigations could herald a much wider and more prolonged intervention by financial regulators. 

This would reflect the lasting structural shift that has occurred in the workplace since the onset of the Covid-19 pandemic, a change that offers fertile ground for misconduct. As a result, many financial institutions will need to evolve their systems for record-keeping and communications. 

“The current moment we live in will separate institutions into two groups: those who take the lead during this inevitable transformation and those who will pay a heavy price for not adjusting at the right time,” says Mr Skelly.