With over 2 billion users, it’s no surprise that people are using WhatsApp (and WeChat and others like it) for business purposes and not just for personal messages. When the Covid pandemic increased the number of remote workers and blurred the lines between home and office, it was a natural transition for clients to communicate with their financial representatives using their favorite messaging apps.
Firms were especially anxious to provide good customer experiences, so they did not necessarily think about the potential risks of using WhatsApp for business. While the usage of WhatsApp and others like it came with good intentions, the problem is that financial firms and others in regulated industries are required to capture and archive all communications with clients. Unfortunately, many firms have not taken the steps necessary to be able to effectively monitor the use of WhatsApp, WeChat and other messaging apps.
In this article, we will delve into the consequences of such recordkeeping failures and what companies can do to remain compliant.
Each country has their own rules and specific regulatory bodies responsible for the oversight of certain industries. In the United States, for example, it is primarily the SEC and FINRA (Financial Industry Regulatory Authority) that govern the financial industry. It is their job to make sure that broker-dealers and other financial institutions are operating fairly and in the best interest of investors.
As part of the regulations, financial firms are required to keep copies of business-related communications for at least three years. This recordkeeping regulation applies to all electronic communications that are sent both internally and externally, and includes emails as well as instant messaging applications.
The rules clearly state that “firms may not permit the use of any type of electronic communication if they are unable to satisfy the applicable recordkeeping requirements with respect to that particular type of electronic communication.” This means that companies have two choices when it comes to apps like WhatsApp and WeChat. They can either prohibit employees from using those apps for business purposes and have enforcement mechanisms in place or they can put a system in place that will allow for the proper capturing and archiving of communications using those apps.
Failure to adhere to WeChat and WhatsApp compliance regulations is more than likely to result in significant penalties and fines. In recent years, the SEC has become much more stringent, cracking down on firms that haven’t been monitoring employees’ use of personal devices for business communications.
Recordkeeping Failures: The Insight Securities Story
Although management at most companies are well aware of the fact that their employees are using WhatsApp and WeChat to communicate with clients and other employees, surveys show that only around 15% of firms are actively monitoring the use of these apps.
Illinois based Insight Securities is a prime example of a company that faced the consequences of the risks of using WhatsApp for business. The company was fined $50,000 for failing to capture and save over 10,000 WhatsApp messages sent and received by employees’ personal devices.
While Insight Securities did have a written policy relating to the use of instant messaging apps, they failed to adhere to their own rules. The company’s written procedures included a clear prohibition against the use of apps like WhatsApp and WeChat for business purposes unless special permission was granted. The problem was that there was no evidence that any employee had ever been given this permission. Nevertheless, many Insight representatives were using WhatsApp on a regular basis to communicate with clients.
What’s a Company to do? Best Practices for Effective Recordkeeping
In today’s business environment in which hybrid and remote working conditions are a given, there’s almost no point in a company trying to prevent employees from using instant messaging apps or their own personal devices to communicate with their clients. Instead, companies must put systems in place that will enable them to bring this usage into full compliance with broker-dealer recordkeeping requirements in their geographic location.
In the United States, this means learning how to archive WhatsApp messages in accordance with FINRA recordkeeping requirements. Best practices for doing this, include:
- Implement an automated system – most companies already have solutions in place for monitoring voice calls and email messages. They now need to expand those tools to also be able to track and monitor other electronic communications. Solutions like LeapXpert provide an all-in-one platform that integrate with existing systems and provide visibility into data from any communication channel.
- Staff training – it’s important to provide ongoing training for all employees to remind them of the risks and consequences involved in business communication failures. They need to be updated on the systems being used to monitor and track WhatsApps and other instant messages and understand how to install and use these systems on their own devices.
- Ensure privacy – employees will need to understand that business-related communications on their own personal devices are technically the property of the company and will be monitored. At the same time, employees are still entitled to their own privacy and their personal conversations using those same devices should not be captured and archived.
If your company is not already up-to-date with WhatsApp and WeChat compliance, archiving messages and ensuring that regulators can have access to them, now is the time to put a system in place. Rather than being the next to get on the SEC’s watchlist, make sure you address any and all messaging concerns and allow your employees to use these apps (or others) freely to communicate with clients.
SUBSCRIBE TO OUR NEWSLETTER
Useful tips and helpful information.
You can unsubscribe at any time - obviously!