Chris Lehman is CEO of SafeGuard Cyber. Views are the author’s own.
The Securities and Exchange Commission and the Commodity Futures Trading Comission recently charged Wall Street firms $549 million in penalties for failing to maintain electronic records of employee communications.
Financial institutions and other organizations should not take the compliance action as a threat to stamp out the use of messaging apps by their employees. Rather, take it as a reminder that, when it comes to compliance, please handle these communications with care.
Using messaging apps for business communications can introduce compliance risks, especially for companies that handle sensitive or regulated data, like those in the financial services industry.
Messaging apps like WhatsApp, Telegram, Signal, Line, SMS, and enterprise collaboration apps like Slack, Teams, Zoom and even social media platforms like LinkedIn are critical for business productivity. They can increase efficiency for engaging with people outside your organization and give you a competitive advantage.
WhatsApp, Signal, Telegram and Line offer end-to-end encryption for their users' communications, which means that the content of messages is only accessible to the sender and the recipient. However, like any software, they still have potential cybersecurity risks and concerns that users should be aware of.
How can companies confidently allow employees to use apps like WhatsApp, Signal, and Line on their own devices and on company-owned devices for communicating with each other and with clients without violating SEC recordkeeping rules?
U.S. regulators are cracking down on firms that do not take action to address the security and compliance risks posed by messaging apps that are commonly used for client engagement. The recent SEC fines are a stark reminder of the potential consequences for failing to properly monitor employee communications on these apps.
Be aware of risks and take the necessary steps to mitigate them.
It is important to understand that the fines resulted from inadequate supervision of employee communications. The SEC expects companies to have effective systems to monitor and archive all forms of communication, including those through popular messaging apps. With adequate supervision of employee communications, fines can be avoided.
Messaging apps used for business communications may provide convenience and efficiency, but they also pose significant security and compliance risks. Their use can make sensitive data vulnerable to unauthorized access or cybercriminals. With the rise of cyber threats, you must prioritize data protection and implement robust security measures to safeguard client information.
Compliance and security risks arise from using messaging apps because they can potentially violate regulations regarding recordkeeping and supervision of communication. Your organization must ensure it has appropriate systems to monitor and archive all interactions, including those through business communication channels.
To remain both successful and compliant, organizations must strive to find the perfect harmony between meeting customer and client needs and adhering to government regulations when it comes to their use of mobile messaging apps.
Compliance and security teams must work in unison with others in the organization to enable effective customer and client engagement via business communication channels.
One of the first steps is to develop a comprehensive app usage policy. This policy should clearly outline the permitted apps, their associated compliance requirements, and guidelines for usage. It is important to involve key stakeholders, such as IT and compliance teams, in the policy development process to ensure a comprehensive and effective policy.
Once the policy is in place, it is essential to empower your team to navigate the risks of app usage. Provide them with training and guidance on best practices for app usage, data protection, and compliance. This can include educating them on secure messaging practices, encryption protocols, and the importance of proper recordkeeping.
By addressing app usage risk management post-fines, wealth managers can demonstrate their commitment to compliance, protect client data, and navigate the complexities of app usage in the financial industry.
It is crucial to stay informed about future SEC enforcement actions and keep up with regulatory expectations. The landscape of compliance is constantly evolving, and being proactive in monitoring changes is essential.
To navigate future enforcement actions, organizations should regularly review regulatory updates and industry best practices related to app usage. This can include staying informed about any changes in regulations regarding recordkeeping, supervision, and data protection. By staying up to date, organizations can ensure that their policies and practices align with regulatory expectations.
By paying attention to the actions taken by regulatory bodies like the SEC and CFTC, organizations can gain valuable insights into the types of behaviors that are being targeted and the potential consequences for non-compliance. This information can inform decision-making and help organizations stay ahead of potential compliance issues.
In summary, navigating future enforcement actions and keeping up with regulatory expectations requires ongoing vigilance and staying informed.
By staying proactive and adaptable, organizations can navigate the ever-changing compliance landscape and protect them and those they do business with from potential risks.