Since the U.S. Securities and Exchange Commission charged 11 Wall Street firms with recordkeeping violations and levied the WhatsApp fines, the business world has been keeping a close watch on which regulators would follow suit.
One of the most notable of the regulators who have also put their foot down when it comes to off-channel communication and non-compliance with archiving requirements has been the UK’s Prudential Regulation Authority.
The financial services regulatory body has recently undertaken a series of crackdowns, aiming to quell the use of personal devices and especially apps, such as WhatsApp, iMessage, and Signal by employees at 1,500+ banks, building societies, credit unions, insurers, and major investment firms, which it oversees in the UK.
It has gone as far as to issue censures and demand over £8,515,000 in fines from financial institutions, which has prompted many financial companies in the UK to reevaluate their text messaging compliance practices.
The Catalyst for the PRA Crackdown on Wyelands Bank
WhatsApp Business alone has 200 million active monthly users. The consumer version of the app meanwhile has over 2.7 billion active monthly users, which finance professionals regularly use to communicate with clients, often sharing sensitive information, such as investment advice, financial transaction data, etc.
As a result, messages sent across the platform have come under scrutiny from regulators.
A case that particularly drew the ire of the PRA was the one involving Wyelands Bank, which failed to have in place proper systems for WhatsApp archiving.
Because of the bank’s long list of violations, the regulator initially handed down a hefty fine, which was later reduced to a censure of the institution, considering that its operations were winding down.
A crucial reason for the strict action was the PRA finding that its investigations into the bank for violations from December 2016 to May 2020 were hindered by the institution’s ineffective monitoring of its business proposals and transactions, especially the ones conveyed via instant messengers.
Another key area of concern raised was the bank’s lack of policies and procedures to retrieve any business-related communication they had managed to save promptly.
While the action was against a single entity, this served as a clear warning for other institutions in the UK to clean up their act when it comes to monitoring and preserving their employees’ digital communication.
Decoding PRA Regulations and the Consequences for Workplace Communication Missteps
The PRA has already set the precedent for fining companies millions of pounds for non-compliance.
Also, any findings of wrongdoing it makes will be announced to the public, meaning consumers will know of issues, including employee misconduct, insider trading, lack of transparency, mismanagement of funds, etc. This may prompt lawsuits from shareholders, customers, or other stakeholders. Even the PRA may pursue legal action that may set the stage for huge settlements, unnecessary legal fees, and the possibility of criminal investigations.
Given that the PRA has the authority to levy fines and take action that can ruin both the balance sheets and the reputation of a financial institution, it is crucial to keep updated with their requirements.
Companies are supposed to maintain comprehensive records of their business-related communication. Interactions among employees and the company’s communication with its prospects and customers are to be maintained in an easily accessible way so that it can be presented to the regulator upon request. The text message monitoring mandated by the regulator is to ensure that the retained information is accurate and reliable.
It is worth mentioning that complying with these requirements will go a long way in saving companies the hassle of complying with agencies, like the UK Financial Conduct Authority (FCA), which has been sending information requests to firms to ensure they are recording the messages sent across instant messengers in an auditable manner.
Building a PRA-Resilient Communication Framework–Best Practices
Businesses can harness the power of enterprise instant messaging solutions, like WhatsApp for communication in a compliant manner as long as they have in place the right policies.
Employees need to be made aware of beforehand what they can share on these apps and the penalties for violating the rules. The compliance officers/ the IT department need to be constantly updating these policies to stay ahead of the latest messaging trends. For instance, the US-based regulator FINRA recently made heads turn in the business world with a comment about emoji compliance, saying that employees’ use of digital icons could spark a customer complaint.
Further, solutions for WhatsApp archiving and WhatsApp call recording automatically over the network need to be in place to ensure that no act of non-compliance slips through.
The archiving of everything from messages to attachments taking place in real-time ensures that no one can tamper with the communication records for the duration of the regulator-mandated retention period.
Importantly, companies need to take care to capture communication from both personal devices and company-issued phones, irrespective of whether the employees are working on-site or remotely.
The Case for TeleMessage Mobile Archiving for PRA Compliance
When it comes to handling requirements, such as the PRA archiving guidelines, TeleMessage can be a powerful ally.
- Being a network archiver, it can capture messages and calls across devices, operating systems, and network carriers with a proper audit trail.
- The TeleMessage WhatsApp archivernot only retains the messages for as long as needed, but it also preserves the appropriate context with metadata. Compliance officers can retrieve the messages they are looking for using the phone numbers, sender/ receiver information, or even the timestamps.
- Apart from the metadata, compliance teams have the option of filtering messages by keyword or even having alerts sent to them when a keyword is used in the messages. With this functionality, companies can weed out the sharing of sensitive or offensive messages.
- TeleMessage is in full compliance with all the privacy and data security regulations. Notably, the solutions are SOC2, Type IIaudited and have the ISO 27001 certification as well.
- The solution is fully compatible with all the major archiving vendors, so companies can secure their information in the server of choice.
To know more about how TeleMessage can benefit your business, book a demo.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
 Fines Bank for WhatsApp Non-compliance){kind=link}