WhatsApp-related fines and dismissals have dominated the financial press for some time, most recently with the announcement that Morgan Stanley and Bank of America are expected to pay $200M to the SEC for “the use of unapproved personal devices.”
Citigroup and Goldman Sachs have also had advanced discussions with regulators to pay a similar figure. This follows the SEC's inquiry into how Wall Street banks monitor their employees' work-related communications - as they are obliged to do to meet regulatory rules. In total, US banks risk facing $1BN in fines for not stopping the use of unauthorized communications by employees - demonstrating the scale of the issue.
Capturing and monitoring communications data is a vital regulatory obligation. However, the pandemic and shift to hybrid working have increased the reliance on electronic communications channels like WhatsApp – many of which aren't being monitored by firms. This has accelerated the regulators’ concerns surrounding communications rules, and not without reason.
Despite being one of the most popular instant messaging platforms and one that employees and clients like to communicate on, only 15% of firms are capturing communications on WhatsApp today. However, at the same time, data shows that 41% of firms view communications monitoring as one of their top investment priorities in the coming year - potentially indicating that the industry recognizes the need to improve the status quo.
In this blog, we take a look at the increasingly complex communications landscape, why regulators care about communications, and why communications monitoring has become a key investment area for nearly half of all compliance teams.
Regulations and laws dictate that financial firms need to archive and monitor all business-related communications carried out by financial services employees. As the world shifted to a remote or hybrid working model during the pandemic, a trend that continues today, the formal supervision, governance, and control synonymous with the office environment was compromised as the reliance on digital communication channels increased.
This challenged many firms’ processes and procedures for communications monitoring. It also put many compliance teams in a tricky position of deciding which business communications tools to enable and ensuring that all data on these platforms was being captured. In many cases, this resulted in company-wide bans of channels like WhatsApp as many firms discovered that their legacy systems were unable to keep up with the pace of digital transformation.
However, straight-out bans don’t work as evidenced in the recent fines handed out to Morgan Stanley, JP Morgan, and Bank of America. How do you know that your traders aren't communicating on unauthorized platforms anyway? You just don't unless you are able to monitor for the intent among employees to communicate on unauthorized channels.
Additionally, banning channels puts employees in an awkward and challenging position if clients prefer this mode of communicating.
Regulatory requirements are clear - regardless of the channels they use, firms need comprehensive oversight of all business-related communications.
Without tight controls and governance, the use of unmonitored channels can lead to policy breaches, accidental data leakage, unauthorized information sharing, misuse of MNPI, and other compliance breaches. Robust communications monitoring is a key pillar of compliance as regulators strive to protect the financial markets and ensure they are stable, secure, fair, and just.
By firms failing to store and supervise communications data, regulators fear that they have less information available to effectively oversee the markets they regulate and investigate suspicious activity.
They also view the use of unauthorized communications channels as a red flag - a sign that traders are trying to slip under the radar and evade compliance and supervision.
Regulators are prioritizing communications compliance failures over other risks as they are much easier to prosecute than trading-related market abuse failings. For example, to prosecute market manipulation like Spoofing, the SEC needs to prove that the trader(s) intended to Spoof the market. However, a failure to capture and supervise communications doesn't require proof of intent - making it easier for the regulator to go after firms for non-compliance. Consequently, the firms that continue to turn a blind eye to the use of unauthorized communications channels are easy targets in the eyes of the regulator.
While figures on current adoption of e-comms monitoring are low — with only 25% of firms capturing Zoom, 15% capturing WhatsApp, 9% capturing Slack, and 3% capturing Signal — 76% of firms rank surveillance as one of their top two investment priorities for the next 12 months, with 41% specifically focusing on communications surveillance.
This data points to a move among industry participants to improve the monitoring of their communications in light of the mounting pressure. Another positive signal is that when asked about investment in regulatory technology, 44% of firms said they intend to spend more on compliance in the next 12 months - a promising sign that firms are recognizing that they will have to innovate to future-proof their operations. However, it is worth noting that when asked about their overarching compliance priority, only 12% said “increasing the coverage of different communications channels”.
Breaking down the figures, it is unsurprising that communications monitoring is a higher investment priority in the US (at 48%) compared to the UK (at 40%) and is higher among banks (at 47%). This figure increases to 50% if you look at the US banks alone. Turning to brokers, 38% view communications monitoring as a top investment priority, which increases to 50% in the US. Yet only a third of buy-side firms in the US see communications surveillance as a priority. By comparison, 47% of UK asset management firms view communications monitoring as a key investment priority. This data was uncovered in SteelEye's recent Annual Compliance Health Check survey and report.
Monitoring and archiving communications is an ongoing challenge. New communication channels will continue to emerge, and regulators will continue to keep a close eye to ensure no violations go unnoticed.
To stay compliant and protect themselves from potential risks, firms need a future-proofed approach to their communications requirements. The good news is that the findings from our Compliance Health Check Report show that firms are clearly thinking about how they monitor their communications and that communications surveillance is a growing investment priority for a large number of firms.
SteelEye’s complete communications compliance platform enables efficient communications monitoring by letting you capture, oversee, manage, and control all your eComms and vComms data on a single platform. This allows you to effectively monitor the communications channels that are important to your clients and staff, while also ensuring complete compliance.
Recognized in the Chartis Research Communications Monitoring Solutions Market Quadrant as a category leader, SteelEye provides a communications monitoring solution that enables firms to :
Communicate compliantly through their preferred means
Seamlessly meet record keeping and surveillance obligations
Set up robust and effective surveillance alerts and watches that detect potential instances of information leakage, MNPI breaches, insider trading, and other forms of market abuse
Natively combine communications with transaction data for enhanced analytics and risk detection
Easily query their data, build reports for audit or MI purposes, and create cases for investigation
United Kingdom - 5th Floor, 55 Strand, London, WC2N 5LR
France - 4 Place de la Défense
92974 Paris la Défense 4
United States - 600 Fifth Avenue, New York, NY 10020
India - No. 613, 12th Main, HAL 2nd Stage, Bangalore - 560008