With a series of enforcement actions totaling about $1 billion in fines from the five biggest US investment banks, the SEC has made it clear there will be significant financial consequences if firms don’t start policing the use of communications channels, specifically the increasing use of SMS text and messaging apps, like WhatsApp, in their workforce.The seismic shift towards heavier enforcement comes after a warning was issued last October by the SEC that firms "need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps."

Clearly regulatory bodies have served notice - and the race is on to not only comply, but balance productivity gains with increasing regulatory scrutiny. How can firms avoid the worst case scenario of fines and sanctions (and resultant bad PR) while also not disrupting their mobile workforce and lastly, minimize complexity in their mobile/IT infrastructure?

IT: Caught in the middle between business and compliance requirements

Recent regulatory enforcement efforts describe only part of the story when looking at the current state of governance and the hybrid workplace. Two years after the start of the COVID-19 pandemic, it's clear that “work from anywhere” is here to stay for the foreseeable future. Like many industries, financial services firms have been looking at ways to more effectively engage and support their clients on their preferred channels, which includes SMS and WhatsApp. The real-time communication has enabled increased productivity and richer interactions but has come at a cost. Those firms are now grappling with how to provide WhatsApp, and related services, but in a controlled manner and balanced with a strong focus on compliance, security and corporate IT standards. Users have also made it clear that they will alternate the personal use of technology with their work efforts. The days of carrying two different mobile devices, like cowboys with two holsters, are in the rearview mirror.

Legacy approaches to supporting sanctioned WhatsApp usage do not fit the current hybrid workplace. Tools that can’t capture the full spectrum of WhatsApp services – WhatsApp Voice, SMS and Mobile Voice, while also protecting the fidelity and context of the conversation for compliance purposes, can add more complexity, and another set of challenges to the ones firms are already facing today. For mobile communications compliance, the challenge is having a comprehensive capture solution for all employees’ mobile and modern communication platforms and archiving them in one central location. This solution also needs to be able to be deployed across all users effectively and efficiently at an administration level, while ensuring personal communications are separated from business communications.

The need for mobile productivity with integrated compliance and security are not oppositional- and shouldn’t require making tradeoffs. It's clear that we can’t ask users to retreat and sacrifice productivity gains that will put the organization at a competitive disadvantage.

Introducing our partnership with Movius

Digital transformation has been a fundamental enabler for financial services firms. It is hard to underestimate the opportunities and regulatory benefits firms can derive from the implementation of technological solutions but maximising their potential can present challenges. Thomson Reuters Regulatory Intelligence's sixth annual survey and report on fintech, regtech and the role of compliance explores these challenges, particularly in the context of corporate governance and risk management.

If you didn’t have a chance to attend Zoomtopia this year, there’s still time to watch the sessions as all are available on-demand. Theta Lake was a sponsor of the show and is a long-time partner of Zoom, offering its users the ability to leverage every aspect of the platform and have full coverage for security and compliance across those communication channels.

As enterprise communications technologies have evolved, the related challenge of managing business rules for groups permitted to use them and communicate with one another have become more complex. In financial services, business information barriers prohibit communications between specific groups to mitigate the risk of misuse of material non-public information (“MNPI”) to prevent market abuse and insider dealing. Information barriers requirements are spelled out in FINRA Rules 2241 and 2242, Section 204A of the Investment Advisers Act, in FCA’s SYSC 10.2 Rule as well as the SEC’s Exchange Act Section 15(g), which requires broker-dealers to:

Financial services firms have long used technology to supervise the communications and activities of employees, to ensure compliance with regulatory requirements and be able to detect issues such as market abuse, mis-selling or data privacy. It’s a key control for meeting regulatory obligations including MiFID II,  CFTC, FINRA, IIROC and GDPR and a standard feature of working in a regulated industry. Likewise data loss prevention tools are commonplace across businesses to reduce the risks of data loss and exposure.  All designed to protect consumers, employees, and shareholders.