What is FFIEC and What Are the Mobile Texting Risks It Addresses?

Contact Us

Contact Us

[contact-form-7 404 "Not Found"]


The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body under the United States government. The council was established on March 10, 1979, and is a conglomeration of five U.S. financial regulators, namely the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB).

The council is responsible for prescribing uniform principles, standards, and report forms for the federal examination of financial institutions, and the council also makes recommendations to promote uniformity in the supervision of financial institutions.

The use of mobile devices in workplaces is increasing day by day across organizations around the world. The case of financial firms is also not different. Both the employees and clients find it easier to communicate via text messages, calls, and mobile chat applications. Even though email remains the official mode of communication, it is very far from offering the ease that mobile communication can offer.

Identifying the potential that mobile devices can offer, the financial industry has also geared up to use mobile devices for business prospects.

The products and services that financial firms offer their customers using mobile devices are known as mobile financial services (MFS). Using mobile channels allows financial firms to better engage their customers with the services and it also reduces the operational costs. All the risks that apply to traditional delivery channels also apply to MFS, but the strategies used for risk management may be different.

It is vital for all organizations to identify, measure, mitigate, and monitor the risks associated with MFS, as they do with any other technology-related risks.

Financial firms use short message service (SMS)/text messaging, mobile-enabled websites and browsers, mobile applications, and wireless payment technologies to offer MFS for their customers.

MFS provides more convenient forms of financial transactions compared to the conventional practice of using desktop computers. But the risks associated with MFS are also high. Device security, authentication, data security, application security, data transmission security, compliance, and third-party management risks are often accompanied by the ease that MFS offer. Coupled with the risks, the majority of the customers may not have security controls, virus protection, or personal firewall functionality on their mobile devices, which further complicates the situation.

SMS is a text messaging service that is usually transmitted, without any encryption protocols, over widely used telecommunications networks. SMS is used by financial firms and customers alike for performing financial transactions and also as a means of communication.

Customers use SMS to provide transactional instructions to their financial firms, while the firms use SMS to provide general information, account alerts, or customer verification. In brokerage firms, it is a common practice for clients to text brokers or traders on matters relating to their accounts. Traders and brokers also use text messages to share market analysis, additional references, and all sorts of information that benefit the clients.

Some employees even take a step further to wish their clients birthdays and anniversaries, which is indeed a good practice to maintain a rapport. But employees must know the right time to call, text, email, or WhatsApp a customer. Otherwise, it could lead to an awkward situation, or may even result in reputational damage to the firm.

SMS is not the only way of text messaging anymore. Mobile instant messaging (IM) applications like WhatsApp, WeChat, Telegram, and Signal are dominating the text messaging domain.

As said earlier, SMS messages are transmitted unencrypted over widely used telecommunications networks. But most of the modern mobile messaging applications offer end-to-end encryption for the messages sent and received, which means that the messages can be viewed only by the sender and the recipient.

But text messages are still vulnerable to spoofing, where unauthorized personnel can send messages to customers asking for sensitive customer information. Such parties falsify their identities to mislead the customers. Fraudulent messages asking customers to reveal their financial institution account information or information used to access financial institution systems can also be expected from such illegal entities.

Another aspect of the risks involved with text messaging is its use for inside trading, and other market malpractices done by employees of financial firms. Financial regulators like the SEC, FINRA, FCA, HKMA, and MAS require financial firms to capture and archive all business records, including employee mobile communication.

But many financial firms are still confused when it comes to capturing mobile communication. This gives rogue employees an advantage to perform market malpractices using their mobile devices.

Adding to these risks is the ephemeral messaging feature offered by mobile chat applications. Individuals can delete sent messages and also has the option of sending messages that get automatically deleted after the preset time. Deletion of text messages has also put many organizations in legal as well as regulatory hurdles.

Financial firms can mitigate the risk by redacting customer account numbers or by employing any other solution to compensate for the inability to encrypt SMS messages. Also, SMS banking functionalities must be limited for transactions where the risks are high. Pre-registration and the use of security tokens are options that can be considered for risk mitigation.

Even though security PINs can be used, they are hard to remember and are easier to break. But firms may ask their customers to frequently change their PINs if PINs are used. Customers must be regularly educated about the risks of phishing SMS and must be made aware not to click on insecure web links, or furnish personal and account information on dubious websites.

For mitigating risks associated with inside trading and other such market malpractices financial firms must capture and archive all sorts of employee communication. This includes emails as well as mobile communication. Organizations must capture mobile text messages and also capture mobile calls.

Instant messaging archiving is another area where firms must focus on. Since many organizations are adopting the use of popular mobile IM applications for business communication, they must be capable of performing WhatsApp archiving, WeChat archiving, Telegram archiving, and Signal archiving.

RegTech offers advanced solutions to the ever-increasing demands of compliance within the financial industry. A recent study predicted that by 2022, RegTech will account for 34% of all regulatory spending. The RegTech expense explosion is expected to continue after a 4.8% increase in 2017

In an era when smartphones and personal devices are increasingly being used in business, firms will have to employ automated tools that are capable of capturing mobile calls and texts sent via smartphones. Globally, financial institutions have placed a strong focus on risk management and compliance.

In the wake of the Covid-19 pandemic, financial firms face even greater obstacles than before. Banking and financial firms have always been able to improve their risk management capabilities by utilizing regulatory technology (RegTech). Financial firms are increasingly depending on technology to meet their compliance needs due to a variety of factors, including the evolution of business models, regulatory practices, and a dynamic outside environment.

Financial firms use RegTech tools to automate compliance processes. As a result, compliance program costs can be reduced, and coverage, consistency, and effectiveness can be improved. In order to monitor financial firms effectively, financial regulators are incorporating SupTech or supervisory technology into their work processes.

Implementation of the RegTech solutions offered by TeleMessage can help regulated financial firms meet their regulatory compliance requirements, and can avoid any chances of being non-compliant.

Organizations must begin to consider the possibilities of archiving mobile communication to know the benefits it has to offer.

Using an automated mobile archiving solution aids financial firms to ensure regulatory compliance and also helps traders to be present on the communication channel where their clients are, thus attaining client satisfaction and improving business.

About TeleMessage

TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat and WhatsApp conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of data storage vendor.

Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:

TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.


Skip to content