Dr Vincent Pignon, Founder and CEO of Wecan Group, discusses the compliance and privacy features around instant messaging applications that are necessary for financial services firms to operate efficiently and smoothly within the regulatory and legal requirements.
The unprecedented fine from the SEC, exacted on 16 Wall Street banking giants in 2022, caused ripples on both sides of the pond last year. Over $2bn in punishments doled out to a group consisting of names such as JPMorgan Chase & Co., Bank of America Corp., Citigroup Inc., Goldman Sachs Group Inc. and Morgan Stanley, was executed as staff were found to have discussed deals and trades on private messaging applications such as WhatsApp, that weren’t being suitably monitored. At the beginning of 2023, banks began to penalize employees as much as $1 million for WhatsApp breaches. At the beginning of 2023, banks began to penalize employees as much as $1 million for WhatsApp breaches for Morgan Stanley and after paying more than $200 million in fines, Deutsche Bank is docking the bonuses of employees who misuse WhatsApp. And this is only the beginning of a long series, Wells Fargo & Co having announced to be the next on the list. And while the U.S. regulator has been proactive, it is inevitable that all global regulators will follow suit.
First of all, were these fines avoidable?
Inappropriate use of WhatsApp has been at the center of several banking scandals in 2022. In addition to being the motive for this latest round of fines, it was also widely reported as the reason for which several senior executives lost their jobs at Credit Suisse and other such major banks In reality though, the story didn’t start this year – it can be traced all the way back to 2016 when WhatsApp first came to prominence as the messaging platform of choice. Ever since, it has only grown in popularity and has become more and more interlinked with the communication ecosystem of most major global financial markets. The pandemic and subsequent shift to hybrid working certainly helped to amplify the extent to which market participants relied on WhatsApp to operate smoothly, but the real issue is that firms have not historically invested the appropriate levels of funding into technological solutions, which are instead regarded as back or middle office issues.
The Size Of These Fines Are Huge And Others Regulators Will Follow Suit
This is not an issue that is exclusive to US investment banks –this is something that is rife across the global financial services sector. However, from my perspective, it shouldn’t necessarily be viewed negatively. There are a lot of benefits to using applications such as Instant Messaging provided they comply with regulatory, legal and cyber security requirements. There are a lot of benefits to using applications such as Instant Messaging provided they comply with regulatory, legal and cyber security requirements. It gives a lot more flexibility to communicate with clients and counterparties, and in an increasingly competitive landscape, being able to communicate with clients in a way that makes life easier for them is now a commercial necessity. The focus should instead be on enacting strong risk management and using technology to liberate staff to operate in the way that they feel is most effective from a commercial perspective. Moreover, clients are more prone to installing and actively using a multi-purpose app compared to a closed one. The first to understand this trend will gain market share and improve their customer experience by systematizing the use of open instant messaging solutions and not unilateral or bilateral communication channels, as we have with E banking for example.
The Recordkeeping Requirements
In my opinion, the Swiss and European regulators would benefit from being more prescriptive and taking a lead from the US approach. The US is very clear through regulations such as the recordkeeping requirements. Their operating models are also extremely different. And as such, the way that they address the question of WhatsApp’s role in their business will differ. Whilst banks are geared towards a high volume of trading activity, wealth managers generally operate at a relatively slower pace. The volume of data that they deal with is vastly different. The problem is that communications, texts, audio and video from WhatsApp are not recorded. And even if recording all these exchanges, WhatsApp will never be a professional application. As with email, a customer expects a response, even if a wealth manager is not present. This is not possible with WhatsApp.
The Cybersecurity Risks
With the use of email and instant messaging solutions, all banks are subject to fraud. Customers who communicate with financial intermediaries have their emails or applications hacked every day. Banks are putting in place palliatives such as call backs that have high costs, penalize the customer relationship, and do not eliminate these risks. At every meeting with a bank, a family office, or a financial intermediary, I hear that there has been a 400k, 500k, 200k fraud due to the hacking of the client’s account, which is not made public due to reputation damage concerns. Hackers are becoming increasingly sophisticated, and this trend will only grow. On the other hand, the uses of WhatsApp are not controlled by the banks at all. Hundreds of groups co-exist without the knowledge of the management. And employees leave the bank and still have access to sensitive data. For these reasons, keeping personal instant messaging applications is not sustainable, it will be necessary to find professional ones.
The Protection Of Privacy
If the fines are severe in the US while WhatsApp data is stored in the US, it is possible to imagine that the fines in Europe, Switzerland and the UK will be much larger as bankers and banks send customer data over Whatsapp to the US, which becomes subject to the Cloud Act. The 2 billion in fines we saw in 2022 is just the tip of the iceberg. What comes next is going to be much more painful for banks, financial intermediaries, and all regulated professions due to GDPR, nLPD or even local regulations. WhatsApp is a peer-to-peer messaging app that was designed primarily for personal communication between individuals. As such, the service does not offer the stringent compliance and privacy features that are necessary for financial services firms. Messages can be stored indefinitely on WhatsApp servers and may be freely shared with third parties. In addition, WhatsApp lacks the proper safeguards and compliance features that are expected from wealth managers providing investment advice, such as sensitive data storage compliance and authentication protocols. Without these protections in place, wealth managers cannot ensure that their clients’ and partners’ information will remain secure and compliant. It is most certainly, in my opinion, the main Technology Traps Wealth Managers Must Avoid in 2023.
What are the next steps?
There will be no turning back on the uses of instant messaging applications. Customers are used to it and will want this type of interaction. Regulators will gradually sanction all banks and financial intermediaries for using non-compliant applications such as WhatsApp. This is inevitable. And if all banks ban the use of WhatsApp, they will start sanctioning their employees one after another. However, this is a stopgap measure, not a solution. The solution is to offer wealth managers and financial intermediaries and customers a compliant, secure solution that has the same functionality as WhatsApp but for dedicated high-net-worth customers or for regulatory and legal requirements.