{"id":19775,"date":"2022-08-08T02:30:07","date_gmt":"2022-08-08T10:30:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/08\/08\/news-13508\/"},"modified":"2022-08-08T02:30:07","modified_gmt":"2022-08-08T10:30:07","slug":"news-13508","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/08\/08\/news-13508\/","title":{"rendered":"Banks face a WhatsApp reckoning as regulators clamp down on messaging apps"},"content":{"rendered":"

<\/p>\n

Credit to Author: Matthew Finnegan| Date: Mon, 08 Aug 2022 03:01:00 -0700<\/strong><\/p>\n

As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant.<\/p>\n

\u201cThe explosion of new electronic communications channels \u2014 and the pervasive use of these \u2014 raises lots of red flags for the regulators,\u201d said Anthony Diana, a partner at law firm Reed Smith\u2019s Tech & Data Group. \u201cThe fear is that, if bad things are happening, they’re happening on these personal apps, not on the sanctioned communication channels that are surveilled.\u201d<\/p>\n

Anthony Diana, a partner at law firm Reed Smith\u2019s Tech & Data Group.<\/p>\n

Apps such as WhatsApp<\/a> have been around for years, but their use in the financial sector grew during the COV ID-19 pandemic as financial advisers and traders worked from home and sought ways to keep in contact with colleagues and clients.<\/p>\n

Banks typically banned such consumer apps outright, but that stance has begun to shift for some firms who are now opting instead to capture conversation data for compliance purposes. That allows staffers to use the communication tools they prefer \u2014 and, most importantly, the tools their clients prefer \u2014 while staying on the right side of regulators.<\/p>\n

“Addressing regulatory requirements around capturing, archiving, and monitoring the use of mobile communications is a difficult problem,\u201d said Ra\u00fal Casta\u00f1\u00f3n, senior analyst at 451 Research, a division of S&P Global Market Intelligence. \u201cThe shift to hybrid work and the growing use of mobile communications post-pandemic make it increasingly relevant for organizations to enable compliant communications.\u201d<\/p>\n

Said Diana: \u201cThere’s recognition that people are still going to use some email, but there has to be other ways of communicating. Now, the rush is on is to identify the channels that make the most sense from a business perspective, and then make sure the technology is in place to make sure it’s captured and surveilled correctly.\u201d<\/p>\n

With two billion active users, WhatsApp is the most popular consumer messaging tool, though it\u2019s far from the only one. iMessage, Facebook Messenger, WeChat, Telegram, and Signal have all made their way into the workplace as smartphones have proliferated and corporate \u201cbring your own device\u201d schemes mature.<\/p>\n

It comes down to simplicity and convenience, said Ari Lightman, distinguished service professor, digital media and marketing, at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy. \u201cWhy would you use a platform that’s theoretically not provided by your company? Because of ease of use. We spend so much time in email that it becomes a time sink; everybody becomes horribly inundated so they go to messaging apps.\u201d<\/p>\n

While the use of unsanctioned communication apps can be a headache for any company, the problem is more acute in highly regulated industries. Banks are compelled by regulators to keep a record of employees\u2019 business-related communications to help tackle fraud, insider trading, market manipulation, and other forms of misconduct.<\/p>\n

Ari Lightman, Distinguished Service Professor, Digital Media and Marketing at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy.<\/p>\n

Even if the vast majority of messages sent are harmless, the use of social messaging apps means regulators lose visibility into what\u2019s being said. \u201cThat’s the crux of it: if you don’t know what’s happening on those platforms, there’s suspicion associated with it,\u201d said Lightman.<\/p>\n

It\u2019s not a new problem in the finance sector. Fines have been levied for uncompliant use of various communications technologies for years, but regulators have begun to take an even tougher stance around personal messaging apps in recent months.<\/p>\n

Most notably, JPMorgan was hit with a combined $200 million in fines<\/a> from the US Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) in December for failure to monitor and store electronic communications between 2018 and 2020. The SEC cited the use of WhatsApp, text messages, and personal email accounts for business matters \u2014 a common practice even among senior staff members tasked with enforcing compliance with corporate policies.<\/p>\n

And it\u2019s proved to just be the start: Citigroup, Goldman Sachs, and HSBC were among the banks that announced cooperation with an SEC investigation in annual financial results statements earlier this year. Reports have since emerged<\/a> that Citi, Bank of America, and Goldman Sachs are in talks with regulators to pay around $200 million due to a failure to monitor unauthorized messaging apps. Barclays and Morgan Stanley have both reportedly set aside a similar amount for related fines.<\/p>\n

But while it\u2019s the large banks that have drawn the ire of regulators so far, the issue is widespread across the industry. \u201cEvery financial institution that\u2019s subject to these regulations is in the crosshairs of the regulators,\u201d said Diana. \u201cThey\u2019re starting with the big [banks] because that sends the message to the entire industry that this is a focus.\u201d<\/p>\n

Banks have long been able to access software and services from compliance technology vendors that enable the recording of SMS and voice data. As the use of social messaging apps has become more pervasive, some vendors have added capabilities to track social messaging apps in recent years too.<\/p>\n

There are different approaches to achieve this. For some, it involves provisioning a separate, corporate version of WhatsApp on user\u2019s phone, with a different phone number to hand out to clients. A WhatsApp \u201cwrapper\u201d can be deployed via a mobile device management (MDM) or enterprise mobility management (EMM) platform to provide archiving for WhatsApp messages on iOS and Android devices, as well as desktop versions of the app. \u201cOther options include the use of virtualization technology that enables co-hosting of two or more secure virtual environments on a single mobile device,\u201d said Casta\u00f1\u00f3n.<\/p>\n

It\u2019s typically possible to capture instant message data from direct messages and group chats, as well as voice and video calls, shared links, files and other attachments.<\/p>\n

Some of the main vendors offering WhatsApp capture include Guardec<\/a>, LeapXpert<\/a>, Movius<\/a>, Symphony<\/a>,\u00a0TeleMessage<\/a>, and\u00a0Voxsmart<\/a>.<\/p>\n

Movius, which also sells software to monitor and record voice calls, SMS, and WhatsApp messages on mobile devices, counts JPMorgan Chase and UBS among its customers. The Financial Times<\/em><\/a> recently reported that German lender Deutsche Bank has told its staff to install the app on smartphones.<\/p>\n

Movius’ software can monitor and record voice calls, SMS, and WhatsApp messages on mobile devices.<\/p>\n

Movius declined to comment on its customers. but\u00a0Movius CEO Ananth Siva said banks are increasingly aware of the need to provide staff with whichever tools they use to conduct business.<\/p>\n

\u201cIf you don’t equip them with a channel that the clients of the firm are asking to interact on, then you’re going to have all these challenges [with regulators],\u201d said Siva. \u201cAll the firms we’re working with right now are very, very conscious of this. Some of them have been working at it for a number of years and are better equipped to address these challenges, others can be fast followers.\u201d<\/p>\n

Movius\u2019 approach is to provide an app that can be downloaded on an employee device, creating a separate phone number that is used for business-related communications. All messages sent or calls made via the number can be automatically recorded. With the app installed, finance professionals can send WhatsApp messages to clients, who receive a notification asking them to \u201copt in\u201d to monitoring on of the conversation \u2014 though clients don\u2019t need install the app on their own device.<\/p>\n

The prospect of monitoring messaging apps inevitably raises privacy concerns, even in an industry that\u2019s already subject to extensive monitoring. A requirement that employees install monitoring apps on their personal smartphones could lead to some difficult conversations, not least with senior executives.<\/p>\n

However, Siva said the Movius app siloes communications from the rest of a user’s smartphone, enabling them to have an independent WhatsApp profile for personal use. In that case, personal messages should \u2014 theoretically, at least \u2014 be exempt from monitoring. \u201cOur technology facilitates that work\/personal separation on the same device,\u201d he said. \u201cThe instances are completely separate.\u201d<\/p>\n

Once conversation data has been captured, it can be treated like any source of communication data that\u2019s monitored for compliance purposes.<\/p>\n

Bank staff rely on a variety of authorized digital tools to communicate internally and externally, such as chat functionality within Bloomberg and Thomson Reuters Eikon terminals, as well as widely used collaboration platforms such as Microsoft Teams, Slack, and video platforms including Zoom.\u00a0By capturing WhatsApp conversations, the data can be made available for e-discovery and monitoring, just like any other channel, said Shiran Weitzman, CEO of Shield, a communication compliance software vendor. \u201cIn the same way that we’re doing this for Bloomberg chat or an email, it’s being done also on WhatsApp,\u201d he said. \u201cWe basically make the channel irrelevant for the compliance work.\u201d<\/p>\n

In addition to collating and archiving communications for audits, natural language processing can be applied to the conversation data to flag signs of potential misconduct. It\u2019s also possible to monitor and raise alerts when employees try to shift a conversation to unapproved channels, highlighting phrases such as \u201clet\u2019s move the conversation to Telegram,\u201d that might appear in an email exchange or Teams chat.<\/p>\n

Brian Lynch, president of SteelEye Americas.<\/p>\n

\u201cWe have a module in our surveillance platform that looks specifically for words like, ‘Let’s move this WhatsApp, or to Telegram,\u2019 \u2018Ping me on Signal,\u2019 or whatever it might be,\u201d said Brian Lynch, president of US operations at SteelEye, a compliance monitoring and reporting software vendor. \u201cIt gives an indication in the existing monitored channels that might belie some use of WhatsApp.\u201d<\/p>\n

Despite the prevalence of WhatsApp as a business communication tool, relatively few actually monitor the app’s use.\u00a0Only 15% of financial institutions currently monitor the platform, according to a survey of 170 senior compliance professionals conducted by SteelEye. Even fewer track popular workplace collaboration app Slack (9%), while Microsoft Teams (40%), Bloomberg Chat (40%) and Zoom (25%) are more likely to be on the monitored. (The survey data covers finance firms in a range of sizes, so the results may not be representative of the stance taken by the largest, \u201ctier one\u201d firms.)<\/p>\n

The\u00a0SteelEye research<\/a> also found that 41% of\u00a0financial services firms see communication monitoring as an priority in the next 12 months, indicating a potential shift in attitude.<\/p>\n

It\u2019s unsurprising that so few institutions monitor the use of WhatsApp, said Lynch,\u00a0given that many rely on internal policies to enforce bans on the use of such tools. \u201cThere’s a significant number that have decided that \u2018policy\u2019 is how they’re going to manage [the use of messaging apps],\u201d he said.<\/p>\n

John\u00a0Lukanski, a partner in Reed Smith\u2019s Financial Industry Group.<\/p>\n

Even in the face of increased regulatory scrutiny, many financial services firms will be content to double down on enforcing policies to limit the use of messaging apps. But for those that choose this approach, it\u2019s important to recognize that these apps are still likely to be accessed by staff, and to take sufficient steps to enforce policies.<\/p>\n

\u201cA firm can choose which way it wants to go, but it can’t just be, \u2018We’re going to ban it,\u2019 versus \u2018We’re going to allow it,\u201d said John Lukanski, a partner in Reed Smith\u2019s Financial Industry Group. \u201cIf you’re going to ban it, you certainly need a supervisory process in place to police that. I don’t think you can say, ‘We’re not going to let you use this,’ but then, with a wink and a nod, know that it’s going on nevertheless.\u201d<\/p>\n

Whichever approach they take, financial institutions should be considering their strategy as regulators loom. \u201cThe regulators are looking to have a reckoning moment, so you’ve got to be smart enough to recognize that and do something about it,\u201d said Lukanski.<\/p>\n

Whichever approach banks adopt, it\u2019s clear that personal messaging apps aren\u2019t going anywhere \u2014 and while WhatsApp is the most popular tool currently, the landscape can quickly change. \u201cWith the different ways that people can communicate, it’s going to be an ever-present, evolving challenge to keep up,\u201d said Lukanksi.<\/p>\n

Beyond the proliferation of different mobile messaging tools, the frequency with which they’re used is likely to have increased during the pandemic as staff worked from home and turned to a variety of digital tools. The UK\u2019s Financial Conduct Authority warned\u00a0last year<\/a>\u00a0that \u201cthe risk from misconduct or market abuse may be heightened by homeworking\u201d with increased use of unmonitored messaging tools.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Matthew Finnegan| Date: Mon, 08 Aug 2022 03:01:00 -0700<\/strong><\/p>\n

\n
\n

As regulators hand out hundreds of millions of dollars in fines for record-keeping failures related to the use of social messaging platforms such as WhatsApp, the finance industry faces a choice: properly enforce bans on the use of these apps or find ways to make them compliant.<\/p>\n

\u201cThe explosion of new electronic communications channels \u2014 and the pervasive use of these \u2014 raises lots of red flags for the regulators,\u201d said Anthony Diana, a partner at law firm Reed Smith\u2019s Tech & Data Group. \u201cThe fear is that, if bad things are happening, they’re happening on these personal apps, not on the sanctioned communication channels that are surveilled.\u201d<\/p>\n

\"Anthony<\/a> Anthony Diana<\/small>
\n

Anthony Diana, a partner at law firm Reed Smith\u2019s Tech & Data Group.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11063,21359,11066],"class_list":["post-19775","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-data-privacy","tag-financial-services-industry","tag-mobile-apps"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19775"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19775\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19775"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}