Banks still aren't monitoring workers’ WhatsApp usage. Why?

Only half of financial institutions are monitoring employee communications over WhatsApp despite hefty fines recently being imposed by the Securities and Exchange Commission (SEC), new research shows.

Last September, an SEC investigation found that employees at several large banks had frequently used off-channel communications for business purposes over a period of three years, representing a sizable compliance risk. The regulator has already handed down roughly US$2bn’s worth of fines on a dozen different firms.

Now new research – carried out jointly on behalf of Shield and LeapXpert, which offer solutions around financial communications compliance – has found that almost three-quarters (73%) of compliance officers are confident in their organisation’s ability to enforce bans on mobile communications through unapproved channels.

As well as nearly half of organisations failing to monitor WhatsApp communications, only 29% of institutions are capturing messages from services like iMessage, Telegram, WeChat or Signal. Highlighting the slow-to-adapt attitude holding the industry back, just 34% of those surveyed cited multi-million dollar fines as the primary driver behind greater monitoring within their organisation.

Root out employees using unmonitored channels

The findings undermine the outward appearance that banks and financial institutions like to give off: that they are doing everything they can to secure data and secure employee communications. So why aren’t they getting a firmer grip on unmonitored channels like WhatsApp?

“It’s a bit of a catch-22,” says Chris DeNigris, Director of Product Marketing and Compliance at NICE Actimize, which supplies the industry with financial risk solutions. “People are using WhatsApp because it’s easy and it’s unmonitored. Once we start to monitor channels tightly, then people will move to the next unmonitored channel. What firms need to think about is how they can deter this kind of behaviour to begin with, and that starts at the top with compliance built into the culture.

“Then firms can start to monitor for breaches of policy, and use consequences as a deterrent. One major bank fined some of its own bankers more than US$1m each for conducting business on WhatsApp and other messaging platforms. Firms can leverage behavioural tools, and those tools need to be able to look into many data sources across communications channels – and other organisational data like HR, trading systems, unified communications, SMS, and chat – in order to help spot who is in breach of a policy and exposing the bank to risk of fines.”

Change not happening as fast as expected

“When the massive SEC fines were issued, it seemed imminent that widespread changes across the industry would occur,” adds Shield Co-founder and Chief Business Officer Eran Noam. “Our report shows that this has not happened. While data capture, monitoring, and user experience challenges are real, confidence in banning policies is low. Technology gives companies the option to monitor these channels rather than simply implementing policy bans, which don’t provide full coverage.”

Avi Pardo, Co-founder and CBO at LeapXpert, continues: “The surge in demand for comprehensive compliance solutions in 2023 reflects a clear realisation among financial institutions that closing compliance gaps is imperative.

“From installing messaging capture solutions to seeking robust governance controls, organisations are now determined to transform all popular messaging apps used by their team members into approved and compliant channels. As regulatory scrutiny intensifies, companies understand the need for decisive action and solutions that help minimise risk by ensuring messaging compliance.”