You cannot use a double-edged sword and expect not to hurt yourself. Let’s find out whether Mobile IM applications can be used with fewer compliance risks.
The use of Mobile IM applications like WhatsApp, WeChat, Signal, and Telegram in business communication has increased over the past couple of months. Such messaging applications have become the preferred mode of communication by employees and customers alike. But the regulatory compliance risk posed by these IM applications is a challenge for compliance managers.
While people have started working from home due to the Covid-19 impact, establishing proper communication became a real challenge. Modern Mobile chat applications allow a user to send a message within the blink of an eye, people tend to move away from the traditional way of communication such as calls and emails. While it is true that one still has to depend on e-mails for proper formal communication, sending a mail just to say a “Yes” or a “No” sometimes seems less appropriate and time-consuming. Options like read receipts in modern messaging solutions ensure that the sender knows whether the message was received and read or not.
Even before the Covid-19 lockdown, financial regulatory authorities had issued notices for ensuring communication compliance in firms. In the wake of the lockdown, such reminders became more crucial than ever before. The FCA reiterated its expectations of firms to monitor, record, and store all forms of communication used by their employees to communicate with the customers. It was highlighted in its newsletter Market Watch 66 and was also mentioned in the Coronavirus (Covid 19) Information for Firms.
As per the SYSC 10A, a firm must take appropriate measures for recording telephonic conversations. A copy of the recorded electronic communication that falls within the scope of recording rules must also be preserved. The FCA also reminds firms to record internal conversations concerning in-scope activities, considering the circumstances. Recording the conversations is not sufficient. Firms should also monitor these conversations to confirm that no trading malpractices are being undergone. The MiFID Org Regulation [Article 76(6) of Regulation (EU) 2017/565] instructs investment firms to monitor records of transactions and orders, and also the relevant conversations.
All these regulations are framed to arrest any malpractice that could occur from an inability to properly monitor and record the conversation between an employee and customer. Compliance teams in the firms are responsible to frame policies that suit the firms and also allow regulatory compliance.
Even though proper policies and monitoring measures are adopted to discourage malpractices in the market, occurrences of non-compliance are still at large.
What can we learn from a few public investigations published?
A former banker who worked in a financial firm in London was set free due to insufficient proofs for insider trading. The accused was charged with insider trading in September 2018 and had made millions of dollars by then. But during the time of arrest, he managed to delete his WhatsApp account where all trading-related conversations got deleted. If a proper tool capable of WhatsApp recording and WhatsApp archiving was used, the information deleted by the accused could have been retained by the firm.
In another event, FCA fined an individual in 2017 because of the violation of Statement of Principle 2 in the FCA handbook. The accused had shared confidential information regarding a client with another client, while he was working in a financial firm. The information includes client identity, client mandates and fees payable to the firm, possible acquisitions, and profit warning views. Such details could have given an upper hand to the second client. All this information was shared using WhatsApp.
The two cases mentioned above are very good examples of why financial firms should be serious in ensuring regulatory compliance. Such events not only bring financial losses to the firm but also bring about reputational risks and legal proceedings. And this could harm the company’s growth in the near future.
Cases like these should be studied in detail so that precautionary steps can be taken by other compliance managers to prevent any such happenings in their firms.
Identifying the reason for regulatory non-compliance is often difficult. One of the possible reasons may include the firm’s incapability of framing an appropriate policy to ensure regulatory compliance. Firms must introduce more stringent policies to prevent all types of trade malpractices in the firm.
Framing a policy alone cannot make a difference. Lack of proper leadership is another factor raising compliance risks. It is the responsibility of the compliance manager to make sure that all employees are aware of such policies. Even if a proper compliance policy is adopted, execution and monitoring of the said policy must be overlooked by a compliance manager. A compliance policy is of no use if managerial supervision is absent. According to the SYSC 10A, the FCA expects senior managers to make sure that the firm is equipped with all requirements to prevent any trade malpractice. Hence senior managers will be accountable in the event of such a malpractice.
Moreover, professional ethics and personal accountability must be expected from all employees. For the employees to show such an attitude, the leaders in higher management must set good examples to follow.
Both the examples of regulator’s cases mentioned in this article have an IM application as a common element. The use of WhatsApp, WeChat, or any similar IM application was restricted by the regulators sometime before. While considering the current scenario regulators have become lenient and allowed the usage of these applications. But this will not contradict in any way to the FCA’s stance on trade malpractices. The firms must encourage the use of company-owned devices for business purposes that is capable of recording all types of communication. If an employee is using their privately owned device for business communication, then it is the responsibility of the firm to place proper measures for recording and retaining these conversations.
Sometimes clients themselves will expect firms to communicate through IM applications. In such cases, if a firm sticks on to their hardbound rule of not using such applications, then it may cost them a valuable customer. Hence modernization and compliance must go hand-in-hand. Firms that allow the usage of IM applications such as WhatsApp, WeChat, Signal, or Telegram for business communication must also find methods for the proper monitoring, recording, and archiving of the conversations happening through these applications. In most trade-related cases the accused will try to delete their conversations in the message application or uninstall the application. This will lead to insufficient evidence. This may be considered a supervisory failure from the firm’s end. And it can in turn cost the company’s reputation.
Firms must be serious about ensuring communication compliance. In case an enterprise instant messaging tool is being adopted, a tool to capture voice calls and to monitor text messages must also be used.
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
- Network Archiver
- Enterprise Number Archiver
- Android Archiver
- WhatsApp Archiver
- WeChat Archiver
- Telegram Archiver
- Signal Archiver
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.