Banks & WhatsApp Compliance: One Step Forward, Two Steps Back?

Bloomberg reported yesterday that Deutsche Bank AG recently issued a memo warning employees against deleting business-related messages sent through private channels. Staff was reportedly reminded that using messages sent from private phones for business purposes violates company policies and may be considered a crime in the US. Employees were also advised against deleting WhatsApp messages from their devices.

Facing myriad challenges surrounding messaging apps and compliance risks, one must wonder: are banks creating more problems than solutions with their choice of security platforms?

It’s well known that financial institutions face strict compliance guidelines regarding archiving internal and external communication. But given the recent state of affairs that several big-name financial institutions have encountered, the industry as a whole may be unprepared.

Banks Tightening the Reins on Messaging Apps

Interestingly, earlier this month, it was reported that the same bank plans on deploying a new digital solution to increase its ability to store and monitor the use of third-party messaging apps, with WhatsApp being a primary target.

Such a solution was supposed to serve the dual purpose of allowing staff to continue using their preferred messaging applications (and adapt to customer and partner preferences) while ensuring that the bank stays compliant with regulations from the U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC).

No surprises there – several secure platforms do create accessible digital records of electronic communications, and with the boom in mobile messaging brought on by recent pushes for remote working, it’s clear why securing digital transmissions on user devices has become a top priority for businesses.

Incomplete Solutions Just Create More Problems

Industry readers may recall a similar story from 2021 when JPMorgan Chase & Co. tried a push for messaging archiving. But employees were said to be “panicking” after being asked to sift through three years of text messages, WeChat, and WhatsApp correspondence and save all business correspondence.

Later that year, the bank faced a staggering $200 million settlement that the SEC said “reflects the seriousness of these violations.” It added that “firms must share the mission of investor protection rather than inhibit it with incomplete recordkeeping.”

While the two situations have some distinctions, comparisons can certainly be drawn that illustrate the need for lenders to strike a balance between personal freedom and meeting regulations.

Here’s the rub – if banks have a secure solution in place, why are employees warned against  deleting WhatsApp messages? 

Depending on tens of thousands of employees to comply with such requests nearly guarantees some loss of data, as users can decide whether to play along. And this exposes banks to potential fines.

 

Responsible Business Communication Requires a Holistic Platform

Rather than relying on incomplete solutions that depend on the whims of each individual, banks would be better off with a sophisticated solution that secures both internal and client-facing business communications.

In addition to archiving data, such a solution should take a governed approach to messaging – controlling exactly what type of communication is permitted at the employee level, with real-time alerts for policy violations.

LeapXpert’s platform, which was designed with this exact challenge in mind, provides accessible records of all communications that occur on instant and mobile messaging applications.

It’s a holistic platform that works for every channel, on the majority of messaging apps, in every location.

LeapXpert’s platform ensures customers can continue using the mobile-first applications they love while guaranteeing complete compliance with SEC & CFTC regulations. This security offers another important benefit to banks: peace of mind.

As we’ve seen, the line between compliance and accessibility is a fine one. Banks should seriously consider their options when deploying new solutions and ensure that any platform chosen can provide a complete approach built on security, responsiveness, and customer management.

Anything less simply won’t cut it. And the consequences, as the JP Morgan fine demonstrates, can be grave.