In late 2022, the US Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC)—unleashed a series of brutal penalties on major Wall Street firms.
Banks, asset management firms, and other financial institutions suddenly found themselves liable to pay nearly $2 billion in total in what is now known as WhatsApp fines. As part of the widely publicized crackdown, it was clarified that the firms’ employees were found conducting business through personal messaging apps without oversight or compliance with recordkeeping requirements. Nearly a dozen prominent players in the world of finance got caught in the sweeping regulator action that sent shockwaves through the industry.
The investigations, penalties, and negative publicity were all glaring signs of the need for an industry-wide revamp of communication compliance culture and policies.
The WhatsApp fines’ aftermath: Incremental changes and persistent patterns
The penalties undoubtedly have moved many banking institutions into investing in compliance tech and implementing policies to facilitate communication via approved and supervised devices and apps.
But even after nearly two years since the historic action, executives at financial firms routinely get fined, suspended, lose their license, or even have criminal charges initiated against them over actions or communication that took place over instant messengers or devices that neither the company nor the regulators knew about.
As per reports, FINRA fines in 2023 shot up by 63% to $89 million compared to penalties levied in 2022, which stood at $54.5 million.
Compliance experts have also pointed out that FINRA was increasingly handing out supersized fines of over $1 million and mega-sized fines of over $5 million.
While the SEC has not yet topped its $2 billion penalty record, it has still fined non-compliant firms to the tune of $400 million in 2023.
Similar trends have emerged globally as well. From the Monetary Authority of Singapore to the UK’s energy regulator, Ofgem, authorities have ramped up pressure on financial and other institutions with penalties and investigations to combat the lack of oversight in employee communication.
It’s official—There is a culture of non-compliance
Almost all the companies that make it into various regulators’ monthly or yearly lists of entities they penalized have in place policies to issue company phones with pre-installed apps and recordkeeping mechanisms for their employees.
However, the use of personal devices and unsupervised instant messengers where communication is not archived or supervised is prevalent and takes place for months before it is noticed, meaning there is a pervasive culture of non-compliance.
The reasons for the cultural rot behind the widespread lack of communication compliance that can’t be solely fixed through regulator action or company pledges for transparency and accountability are varied:
- As evidenced by the WhatsApp fines case and many subsequent others, even senior executives are using unapproved devices and/or channels, setting a poor example for the entire organization.
- Given that the bank employees have stringent targets to achieve, they may resort to making inaccurate or exaggerated claims to sign on customers, which they feel more confident doing over their unsupervised personal devices or instant messengers that allow for the mass deletion or modification of text messages.
- Owing to trends, like hybrid work/WFH, IT or compliance professionals may be unable to supervise all electronic communication and ensure regulator-mandated initiatives, such as WhatsApp archiving, especially when the conversations are happening through a device they aren’t aware of.
- Keeping up with the rapid pace of communication technology advancement, especially putting in place systems to capture or supervise instant messenger calls, files, emojis, GIFs, video conferencing, etc., at every level of the financial institution may be daunting.
- Investing in extensive organization-wide training for employees to use their instant messengers, calling apps, and other collaboration tools in a compliant manner may be seen as a drain on resources.
- There may be a culture of inaction when employees witness non-compliant behavior from colleagues for fear of retaliation from the company.
AI may complicate compliance further
AI chatbots becoming a mainstay in the workflow of the employees at financial institutions will soon raise pressing compliance issues. Increasingly, there have been reports of employees inputting sensitive business information into tools, such as ChatGPT, potentially compromising client details and even company trade secrets.
But AI can also possibly help with compliance because it can be employed to monitor conversations in real time and identify red flags as and when they happen. The technology can even identify if employees are directing clients to an unapproved channel of communication and warn them before leaving, which can foster a culture of compliance with the company’s device and instant messenger policy.
Notably, it has major implications when it comes to detecting the context of conversations and enforcing compliant behavior on newer communication technology, like video conferencing. The former may pan out to be especially useful in discerning the meaning behind conversations that include emojis and other elements open to interpretation, especially since FINRA has warned that the digital icons could lead to potential customer complaints. Similarly, AI vision capabilities can be used to identify the transfer of sensitive information via video calls, which can come in handy, given that regulators have caught up to the widespread use of video conferencing tech in financial institutions.
Revamping compliance culture to address evolving technology and employee behavior
With the rising use of gen AI tools, new instant messenger features to make communication near impossible to access, like disappearing messages, and the regulators breathing down their necks, financial firms have no option but to fix their dysfunctional communication compliance culture.
Crucially, the focus has to be on:
- Getting executive buy-in, as employees will follow the lead of their management when it comes to conversing with clients through approved channels
- Having in place clear policies on the use of instant messengers and personal devices for texting and calling clients
- Providing extensive training for employees to utilize their devices in a compliant manner, informing them of what can be said or texted to clients
- Implementing anonymous reporting mechanisms for whistleblowers seeking to expose non-compliant activity of coworkers or top-level executives
- Putting in place a system that quickly identifies non-compliance and hands out the appropriate penalty
While getting to a point where the employees value compliance with the communication policies of the organization as well as regulators as much as their performance in other aspects of the job is a long road ahead, implementing a network archiver can secure you some quick wins:
- Capturing employee texts and calls in real-time through an archiver that makes a digital copy that can’t be tampered with goes a long way in convincing employees to follow communication policy.
- Even personal devices of employees engaged in hybrid work can be included in the recordkeeping since the archiver can capture all the communication happening within the network.
- All the important aspects of a conversation, from the text to the attachments and the relevant context, including sender and receiver details are recorded so there is maximum accountability.
- Since there is automatic and comprehensive text message retention and WhatsApp call recording, and the data can be stored for the duration of the regulator-mandated retention period, specialized employee training for compliance purposes can be minimal.
- Being able to filter out relevant conversations based on keywords or dates gives compliance teams an upper hand while dealing with audits, investigations, and e-discovery requests.
To know how the TeleMessage network archiver can play a key role in your journey toward fostering a culture of compliance, contact us for a demo.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls WhatsApp, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
