Between 2016 and 2019, a FINRA broker-dealer respondent “failed to capture, review, and retain thousands of business-related electronic communications sent and received through its representatives personal cellular telephones via WhatsApp Messenger”
The firm’s violations centered on a failure “to capture, review, and retain” thousands of business-related electronic communications sent and received through its representatives’ personal cellular telephones via WhatsApp Messenger, commonly known as WhatsApp.
The alleged violated Section 17(a) of the Exchange Act, Rule 17a-4 of the Exchange Act, and FINRA Rules 4511, 3110, and Rule 2010, which provides that “[a] member, in the conduct of its business, shall observe high standards of commercial honor and just and equitable principles of trade. Violations of FINRA Rule 4511 and Exchange Act provisions are violations of FINRA Rule 2010.” . The company allegedly “.. failed to take any action to either stop this [unmonitored WhatsApp channel] practice or capture, review, and retain business-related communications sent or received in this manner.”
While the respondent had written procedures prohibiting the use of instant messages for business purposes unless the firm granted an individual permission to use them (consistent with existing email procedures), and the firm never granted anyone permission to send or receive instant messages for business purposes. Nonetheless, the firm did not have procedures to ensure that its representatives were complying with this prohibition and no procedures for capturing, reviewing, or retaining business-related communications sent or received via instant message. In fact, the broker-dealer was aware that multiple representatives were communicating with their customers via WhatsApp and that these communications were often business-related. Yet, the firm failed to take any action to either stop this practice or capture, review, and retain business-related communications sent or received in this manner.
During this period, the firm thus failed ” to capture, review, or retain more than 10,000 business-related WhatsApp instant messages sent or received by twenty different firm representatives. The messages were business-related in that they included information about customers accounts, investments, or other aspects of the firm s securities business,” and resulted in the SEA Rules violations.
In response to the FINRA disciplinary action (in the form of a Letter of Acceptance, Waiver, and Consent (AWC) of the alleged rule violations), the respondent agreed to sanctions of censure and a $50,000 fine.
Endemic Non-compliance
Data from compliance software vendor SteelEye showed that 85% of firms do not yet include WhatsApp messages in their surveillance. Even fewer firms are tracking other messaging platforms such as … Signal (3%) while more well-known messaging platforms are still tracked by just a minority of firms.
A 30-day FINRA suspension was imposed on a UBS sales supervisor who had violated company policy through hundreds of communications with a firm customer about securities-related business on the prohibited WhatsApp Messenger and whose contents were not preserved or captured by UBS. Through this conduct, respondent violated FINRA Rules 4511 and 2010 and consented also to a $5,000 fine.
As reported last month, the Credit Suisse Group managing director dismissal highlights the challenges exist for firms developing API WhatsApp for WhatsApp recordkeeping and other IM emulation solutions. At month’s end, the departure of Chief Executive Thomas Gottstein, and slated departure of Investment banking head Christian Meissner were additional fallout related to these difficulties. API vendors have been, so far, limited to archiving WhatsApp chats and BYOD capture of SMS/MMS/Voice calls (compared to the full TeleMessage mobile archiver portfolio and unparalleled vendor agnosticity). Focusing on WhatsApp, the API approach is inherently less supportive of full functionality and feature nativity/friendliness.
