LeapXpert The fallout of major crises in the financial sector is profound, affecting the ability of individuals, communities, and organizations to sustain themselves. There has been an increased focus on trying to ensure the stability of national economies and avoid the disruption and distress of events such as the Global Financial Crisis of 2007/2008 and the Mortgage Foreclosure Crisis of the late 2000’s.
The Prudential Regulation Authority (PRA), a subsidiary of the Bank of England, is a financial regulatory body in the United Kingdom (UK) that is responsible for the prudential regulation of around 1,500 banks and financial institutions.
The PRA Rulebook establishes clear regulations that these firms are expected to follow. In addition to the rules that require them to maintain sufficient capital and have adequate risk controls in place, they also supervise the activities of the organizations in order to ensure they are being run in a safe and sound manner, and that consumers are adequately protected.
This means that the PRA is not only interested in the financial stability of these institutions but also their governance practices. On top of the list of areas of concern is that of adequate recordkeeping. Maintaining thorough records and books is the primary way the PRA can ensure regulations are being followed and standards met, and is the only way in which consumers can be properly protected should problems occur.
The sheer volume of records that financial institutions create is overwhelming, particularly regarding electronic communications. As the number of communications platforms proliferate and communication preferences veer towards online or mobile messaging, organizations are having difficulty keeping up with the storage and archiving standards the PRA expects of them. And the biggest concern? WhatsApp.
The Growing Popularity of WhatsApp for Business Communication
With over two billion users worldwide, WhatsApp has been downloaded over five billion times – a rarity for any app – and it is the most popular messaging app in over 100 countries. As clients are used to using this app to communicate with friends and family, it’s only natural that they would gravitate towards using it to communicate with financial advisers and for other business purposes.
So where does the PRA stand with regard to WhatsApp messaging?
PRA Regulations on WhatsApp Messaging
The PRA requires companies to keep accurate and reliable records of their activities and communications. For this, you need to have a robust – likely automated – system that captures and stores all relevant records. This includes all business communications, both internally and with customers.
That means all electronic messaging, including those on platforms like WhatsApp, are expected to be tracked and kept and the PRA expects regulated firms to have policies and procedures in place to manage and control these communications. So to safely use WhatsApp as a communication platform, companies need to:
- Implement a process to capture and save all business-related WhatsApp messages, whether they are sent and received on work or personal devices.
- Have a way to monitor WhatsApp message exchanges so that employees can be checked for inappropriate behavior on WhatsApp.
- Use suitable measures to safeguard the confidentiality of WhatsApp messages, regardless of the device used.
The PRA has clearly recognized the role of WhatsApp in communication practices for the financial industry and takes very seriously the need for UK companies to bring this once peripheral messaging into mainstream record keeping.
The importance of this issue has been reinforced by the UK Financial Conduct Authority (FCA) which has been sending information requests to a number of firms regarding the use of private ‘off-channel’ messaging apps such as WhatsApp, emphasizing that these messages must be recorded and auditable.
The Importance of Compliance with PRA WhatsApp Regulations
The PRA has the authority to impose significant financial penalties on firms that breach regulations. These penalties can be substantial, often running into millions or even billions of pounds, which can be hugely detrimental to a firm’s profitability.
For example, the PRA recently fined Wyelands Bank £8,515,000, partly because it failed to keep records of business-related WhatsApp messages. The PRA found that this oversight had prevented the bank from effectively monitoring its transactions, and had obstructed the PRA’s investigation.
In addition to financial penalties, companies run the risk of damaging their reputations if they are found to be violating the rules of trusted regulatory bodies such as the PRA. Public trust in financial institutions has been shaken as numerous accounts of unethical and illegal activities have come to light and recession looms in the UK. The PRA is obligated to report organizations that are found guilty of misconduct, and, as such knowledge becomes public, it will be very difficult for these companies to repair the damage done to their reputation and restore customer confidence in them.
Another risk of failing to comply with PRA regulations is that of potential legal action. Regulatory violations may lead to legal actions, including litigation from affected parties, shareholders, or the PRA itself. Aside from the costs of the litigation, companies can be forced to pay out large settlements and may even face criminal investigation.
The PRA enforcement action regarding Wyelands Bank is a clear warning to all companies under their supervision to have comprehensive record-keeping in place when it comes to electronic communication, particularly WhatsApp messages.
Ensuring Compliance with PRA Regulations on WhatsApp Messaging
With the right policies, procedures, and technology in place, it is possible to continue using WhatsApp for business communication. Companies need to make sure they:
- Have clear policies and procedures that outline how WhatsApp can be used and what the consequences for violating regulations will be.
- Are clearly communicating these policies and procedures, and any changes to them, to all staff.
- Are regularly asking staff to attest to the fact that they are sticking to the rules and following the procedures.
- Are monitoring and testing compliance with the procedures and rectifying any gaps that are identified.
It is almost impossible to capture and store these types of communications manually. Organizations need to find the best software solutions for capturing and storing electronic messages, including WhatsApp. Some key features to consider when selecting a solution include:
- It must automatically capture all incoming and outgoing WhatsApp messages, including any attachments.
- Context is critical, so it should retain critical metadata like timestamps and sender/receiver information.
- It should also comply with relevant data security and privacy regulations, including encryption to protect archived messages from unauthorized access.
- Very importantly, any good solution should make searching for and retrieving specific messages easy and should allow for a wide range of search criteria.
- Ensure that it is compatible with your IT infrastructure and can seamlessly integrate with your compliance and record-keeping processes.
WhatsApp is Here To Stay – It’s Time To Bring It Into The Fold
WhatsApp is an inevitable, and useful, part of business communication. There is no point in trying to stop employees from using it, as it is an intrinsic part of the way people communicate nowadays. By finding the right archiving and retention solutions partner, financial firms can effectively use WhatsApp for business communication while maintaining compliance with PRA regulations.
The LeapXpert Communications Platform offers full WhatsApp integration and maintains a complete record of all conversations between employees and customers to ensure that data privacy and governance standards are met. Our user-friendly dashboard allows for easy auditing and reporting, and displays the real-time status of all messages, conversations, and data sent, as well as flagging when conditions and rules have been breached. Integrated with leading third-party archiving, surveillance, and analytics platforms, all messaging records are securely stored and available alongside all the existing business data.
Book now for a demo.
SUBSCRIBE TO OUR NEWSLETTER
Useful tips and helpful information.
You can unsubscribe at any time - obviously!
