Banks and financial institutions are accountable for their employees’ communications. Recent regulatory enforcement actions, as well as rigorous fines, have highlighted the digital communication challenges that the financial sector is experiencing – especially when remote work is so normalized, and employees are using unofficial communication applications to conduct business and drive sales.

In October 2020, Morgan Stanley fired two of their executives for breaching internal policies and protocols by using unsanctioned WhatsApp instances for business-related discussions. Six months later, JPMorgan Chase let one of their senior traders go (and cut off bonuses for more than a dozen more), again because of unsanctioned WhatsApp use.

Cases like these are likely to increase. Recent changes to the regulatory environment – and rigorous fines and enforcement actions – pose substantial risk to financial institutions, as they are forced to clamp down even harder on employee communications if they want to avoid fines.

How should enterprises react? By embracing this trend, rather than working against it. By automating compliance supervision and archiving for new communication apps across social and mobile chat.

Compliance is One of the Major Digital Communication Challenges

The not-so-new era of remote work has accelerated the trend of employees using BYOD devices and unofficial communication applications to conduct business and drive sales. Unfortunately, ensuring compliance for these apps and devices is difficult for most organizations.

In October of 2021, the US Securities and Exchange Commission (SEC) performed a “sweep” of Wall Street banks, peering into how they are keeping track of the digital communications of their employees.

This broad inquiry from the Commission’s enforcement staff was a check on how well companies were documenting and archiving work-related communications – from text messages to emails – from their employees, particularly those using personal computers, phones, and other devices.

This recent industry sweep has highlighted:

  • the SEC’s move to ramp up the recent regulatory enforcement actions of the Biden administration
  • the digital communication challenges that banks face in keeping track of staff missives and messages in this prevailing era of work-from-home set ups

SEC: “Be More Proactive”

In a speech, the Director of the SEC’s Division of Enforcement, Gurbir Grewal, acknowledged that this “time of rapid and profound technological change” we are experiencing has two sides:

“[This change] can help amplify the dynamism of our markets and increase access for investors. But at the same time it also creates new avenues for misconduct, and new responsibilities for compliance.”

Grewal invites everyone to be more proactive in terms of record-keeping violations. Firms need to rigorously consider how their business models and products interact with enforcement priorities and the emerging risks of digital communication, and tailor their compliance policies and protocols accordingly. This helps the SEC, as an investigating body, to conduct proper investigations and maintain market integrity.

Unfortunately, the opposite happens in real life, and this affects financial institutions and firms negatively:

“We continue to see in multiple investigations instances where one party or firm that used off-channel communications has preserved and produced them, while the other has not. Not only do these failures delay and obstruct investigations, they raise broader accountability, integrity and spoliation issues.”

New call-to-action

Success Story: Fast-Growing Mortgage Company Reduces Security and Compliance Risks

Walking the Fine Line of Employee Privacy and Data Security

The SEC is clear: a proactive compliance approach should not be a waiting game for market participants. Instead of holding out for the SEC or other authorized bodies to establish policies and procedures and demand the preservation of these communications, financial institutions need to anticipate these.

“You need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps.”

Successful enterprises are already finding ways to embrace this trend rather than try to work against it. Their solution? Automating compliance supervision and archiving for new communication apps across social and mobile chat.

Banks and similar institutions often walk a fine line between safeguarding employees’ data privacy and securing their business-related communications. However, with the right solution, companies can secure both sides without violating user privacy or increasing the risks of digital communication.

What companies need is a compliance and governance solution that empowers them to automate regulatory reviews, and detect and flag non-compliance without viewing private messages and missives. Such a solution should be able to isolate business-related messaging from private threads and chats, monitor and archive violations, and send alerts to teams and regulatory agencies within and out of the company. These archives should be ready to access and review anytime, which will help any investigations that follow, without ever needing to expose private and sensitive information from the employee/executive in question.

Crucially, coverage should extend to every device, across social and mobile chat. This way, whatever apps employees are using can be folded into company oversight. The reality of communications can be embraced rather than resisted, and companies can protect themselves.

SafeGuard Cyber provides those capabilities and more. To continue learning about the capabilities of SafeGuard Cyber and how it helps banks, firms, and financial institutions address digital communication challenges, visit us here.

Related Content