WhatsApp Usage in the Regulators' Crosshairs

The current regulatory enforcement probe of traders and bankers initiated by the SEC and the US attorney for the Southern District of New York is largely WhatsApp-usage-motivated and continues apace unnerving professionals with possible loose lips. As reported by Bloomberg News, the probe has already targeted “100 personal mobile phones carried by top traders and dealmakers.” The authorities appear to be focusing on key position holders “including heads of certain investment banking teams or trading desks—that are subject to the review, according to people with direct knowledge of the requests. Personnel in those roles are being ordered to hand over phones so devices can be examined by lawyers,” as we previously reported. In addition to already cited inquiry targets of Goldman Sachs Group Inc., Morgan Stanley, Citigroup Inc., HSBC Holdings Plc, and Credit Suisse Group AG, Deutsche Bank AG admitted to being one of the banks under investigation in the bank’s recent annual meeting.

SEC & DA Urge Proactive Compliance

“Since the 1930s, record keeping and books-and-records obligations have been an essential part of market integrity and a foundational component of the SEC’s ability to be an effective cop on the beat. As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight,” said SEC Chair Gary Gensler in a 2021 statement about the 2021 JPMorgan charges.

The sensitivity of the probes, with the potential exposure of years of office and personal chat, has led to well-endowed targets lawyering up on pre-response vetting. A consensus understanding has emerged that regulators are presently seeking only to define the extent and usage of various message channels, rather than content, per se. Personal (and personnel) gripes are out of range (at least initially). Only after the SEC gains an understanding of dealmaker use of unauthorized messaging platform communication is Chairman Gary Gensler expected to initiate disciplinary action or assess fines on banks. This heightened sensitivity and enforcement comes as part of a massive increase in SEC enforcement staff, with the Crypto Assets and Cyber Unit expanding 66% (to 50 lawyers) last month.

Separately, Damian Williams, US attorney for the Southern District of New York (SDNY) told Bloomberg this week: ““If I were head of a fund, and I had folks communicating about business on encrypted channels or personal devices, I would want to know…That’s where the bomb could be that blows up the whole shop.” He repeatedly urged financial firms to step up compliance so they could find out what might be going on before the government does and, ideally, self-report any illegal conduct. In his recent assuming of full SDNY responsibility Williams seems confident that whatever white-collar cases his office may have in mind, they’ll find evidence on the players’ phones. And when Williams’s prosecutors decide to bring a case, they strike fast.

BaFin Initiatives

Meanwhile, in the EC, the German financial watchdog BaFin has requested that Deutsche Bank AG clarify how its staff use private messages for business purposes. Senior Deutsche Bank executives, including management board members, have been relying on WhatsApp, other messaging tools and private email accounts to conduct business, people familiar with the matter said, according to a Bloomberg report. Deutsche Bank launched an internal investigation and recently reminded employees that they shouldn’t delete business-related WhatsApp messages, according to Bloomberg.

Deutsche Bank “responded at an early stage to indications that private short message services were being used for business communications in the industry and the board immediately initiated measures to ensure, in particular, the proper documentation of business transactions and compliance with retention requirements,” it said in a statement provided to Bloomberg. “We already started implementing technical solutions that enable employees to use short messages with cell phones for business communications in a better, more up-to-date manner and in line with legal requirements.”

WhatsApp GDPR Violations

In addition to the US and BaFin oversight of questionable financial firm WhatsApp archiving compliance violations, suspicions are being raised about the behavior of firms subject to WhatsApp GDPR constraints. Specifically, the firm YourBusinessNumber reports that UK property professionals are in varying degrees overlooking GDPR requirements:

Starting with only 15% of professional firms using WhatsApp for Business, with 77% using the consumer version and 8% using a mixture, with the firms typically not providing an initial welcome message and (as per GDPR requirements) how they will use the data or provide an opt-in option.
The majority also did not offer a ‘Right to be Forgotten’ above and beyond the consumer’s ability to block them on the app.
Almost half used unsecured devices, networks or both for communication and nearly 90% did not record any of the personal data being obtained via WhatsApp.

Firms seeking WhatsApp call recording and compliance are forever playing catch-up and projecting future requirements on shifting understanding and toolsets. Nevertheless, to ensure WhatsApp compliance with GDPR, firms must have a Privacy Notice (also called a Privacy Policy) on their website and make sure it is easy for customers to find, detailing exactly what data is being collected and how you plan to use it. You must also get from customers explicit consent before collecting or using certain types of data. And finally, you need to ensure that when you record WhatsApp, the recording and your other data security practices meet GDPR requirements.

FCA Continues Extending Recording Requirements

In the UK, after indicting bankers for deleting WhatsApp Messages in an insider dealing case,the FCA has repeatedly reinforced the need for financial firms to record and monitor relevant telephone and electronic communications, noting that WFH can lead to an increased risk of misconduct. Furthermore the FCA WhatsApp efforts—on behalf of the US CFTC—concern WhatsApp communications by a group of oil traders, suspecting collusive behavior in the ‘Essex Group” profit of £570million

Meanwhile, the pressure on banks to closely monitor business communications continues apace with this week’s victim an HSBC trader who was dismissed after a bank-initiated review of his WhatsApp messaging activity. According to Bloomberg, “(t)he bank’s review of the trader’s phone found communications it deemed problematic, including a chat several years ago with a broker who had bought the banker tickets for a sporting event….The industry has long prohibited staff from doing business on non-approved platforms. HSBC has recently reiterated to its staff that they should not use WhatsApp with clients…” Separately, a Credit Suisse Group managing director Anthony Kontoleona—former global head of equity capital markets syndicate— was removed from his position after being found to have used unauthorized personal messaging services when communicating with clients.

Compliant Company Policies

With the reality of rising WhatsApp use impacting corporate communication (and sales!), several core policies should be implemented to ensure instant message capture:

Employees must opt-in to oversight for comprehensive inclusiveness
The WhatsApp experience should be as friendly, native and intuitive as possible to eliminate unnecessary frictions
Compliance with all relevant governing regulations
Archiving and monitoring solutions must be scalable

About TeleMessage

TeleMessage offers employees the freedom to use WhatsApp for mobile and cloud environments. Our mobile archiving products securely record content from mobile carriers and mobile devices, letting companies meet recordkeeping regulations and compliance requirements and be WhatsApp recordkeeping compliant.

With multiple archiving solutions, you can always find the right tools or blend for your requirements:

TeleMessage offers cross-carrier and international mobile text & calls capture and archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

SEC & DA Urge Proactive Compliance

BaFin Initiatives

WhatsApp GDPR Violations

FCA Continues Extending Recording Requirements

Compliant Company Policies

About TeleMessage

Products

About

RESOURCES

Developer APIs & Docs

Contact Us

FIND US HERE

Solutions

Verticals

Blog

Customers

WhatsApp Usage in the Regulators’ Crosshairs

Contact Us

SEC & DA Urge Proactive Compliance

BaFin Initiatives

WhatsApp GDPR Violations

FCA Continues Extending Recording Requirements

Compliant Company Policies

About TeleMessage

Products

About

RESOURCES

Developer APIs & Docs

Contact Us

FIND US HERE

Solutions

Verticals

Blog

Customers