iPhones have become the go-to device for corporate communication, given their massive global market share of nearly 30% and reputation of being highly secure.
The device is much sought after by companies looking to issue phones to its employees for business collaboration, knowing the devices along with Apple’s flagship messaging platform iMessage and its iconic blue bubble signifying communication between phones of the same brand, are status symbols.
Since millions in the US and all over the world have made iPhones their main method of being reached, regulators, especially in the finance domain, are increasingly concerned that unsupervised sensitive business communication is happening over the devices.
Complexities of supervising employee communication amplified by iPhone and iMessage security features
The messages that are sent via iPhones, while being protected by end-to-end encryption, still pose security and compliance risks to companies as long as the conversations aren’t recorded.
In many ways, the iPhone’s design contributes to compliance officers being stumped when it comes to maintaining an iPhone SMS archive. Typically, they encounter challenges, including:
- Monitoring iMessage conversations that are encrypted end-to-end, even if they are company-issued
- iPhones allowing ephemeral messages that disappear once the recipient has read it
- Keeping up with constant iPhone updates that end up making it harder to capture and retain messages
- Retaining messages sent on iPhone devices that use personal Apple IDs, given that many employees work remotely or choose to BYOD (Bring Your Own Device)
- Employees using apps other than iMessage to communicate, including WhatsApp, WeChat, Signal, or Telegram
- The existence of regulations, like the GDPR that make it mandatory for companies to get employee consent to undertake WhatsApp call recording or archive iPhone text messages, while also informing them of how their information will be handled
The imperative for regulated entities to monitor employee communication on iPhones
While the challenges associated with capturing business texts between iPhones are widely acknowledged, regulators, such as the US SEC, FINRA, CFTC, etc., still expect companies to have fool-proof processes in place to demonstrate compliance.
US regulators made that much clear as recently as late 2023, with over $500 million in fines for Wall Street firms that had employees using personal messaging apps, including iMessage for talking about deals, trades, and other business-related matters.
In a separate case, FINRA fined Deloitte Corporate Finance $200,000 after it was revealed that it failed to retain iMessage conversations sent and received by its representatives on 95 devices issued by the company. The firm had initially planned to disable the iMessage functionality before handing out the phones because their third-party archiving vendor couldn’t capture the end-to-end encrypted conversations. However, they later found that because of an issue with Apple’s new OS, they couldn’t disable the iMessage function.
Despite all these hurdles the company faced, the regulator took the violations of Rule 17a-4 of the Exchange Act, Section 17(a) of the Exchange Act, and FINRA Rules 4511 and 2010 quite seriously to levy the appropriate penalty.
Going beyond regulatory compliance reasons, there are also other use cases for monitoring iPhone messages that make it vital for regulated entities. For instance:
- Retained iMessage chats will serve as a “single source of truth” when it comes to handling internal disputes and legal issues
- Monitoring iMessages will go a long way in ensuring safe and productive workplace communication, given the increased transparency and accountability
- Company trade secrets and other sensitive information belonging to clients or employees will be safeguarded with a communication monitoring system in place
Navigating iPhone compliance can be a daunting task. You can disable imessage and have all traffic via the carriers and capture it with our network archiver. To know more about how TeleMessage can be customized for your needs, contact us for a demo / consultation.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
