A total of 11 banking institutions have been fined by regulators to the tune of nearly $2 billion dollars after they used instant messaging apps such as iMessage and WhatsApp for business communications. It’s alleged that the financial institutions allowed and, in some cases, even encouraged the use of consumer-grade messaging apps, resulting in scores of recordkeeping violations.
The banks that were fined a combined total of $1.8 billion by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) for using unapproved messaging apps included some major industry players like Goldman Sachs, Morgan Stanley, Bank of America, Citigroup, Credit Suisse, Cantor Fitzgerald & Co, UBS Group, Deutsche Bank, Barclays, Cantor and Nomura Holdings, Inc,
The nearly-$2 billion in fines issued to nearly a dozen banking institutions for “pervasive off-channel communications” using messaging apps like iMessage and WhatsApp has been described as a “landmark case” for the SEC and CFTC, with a broad investigation that began in 2021. Many were surprised by these messaging app fines since the SEC, in particular, has historically reserved these sky-high penalties for fraud cases.
“Today’s actions — both in terms of the firms involved and the size of the penalties ordered — underscore the importance of recordkeeping requirements: they’re sacrosanct. If there are allegations of wrongdoing or misconduct, we must be able to examine a firm’s books and records to determine what happened,” SEC Enforcement Director Gurbir Grewal told the Wall Street Journal.
The highest single CFTC fine went to Bank of America, after the institution was found to have “widespread and long-standing use of unapproved methods to engage in business-related communications.” That’s according to a settlement order issued by the CFTC.
What Led to Regulatory Non-Compliance Fines for Using Instant Messaging Apps?
Recordkeeping is the primary issue at the core of these banking industry fines. Laws and U.S. regulators alike require financial institutions and investment firms to keep a detailed record of all client communications, transactions and so forth. These stringent recordkeeping requirements are in place because regulatory organizations and federal agencies routinely perform investigations and monitoring to ensure banks, broker-dealers and traders are fully compliant with all applicable laws, regulations and rules.
But the banks failed to preserve the messaging data, which included a wide range of topics, including trades, debt and equity deals. Preserving messaging data is extremely challenging when it comes to consumer-grade IM apps like WhatsApp because each user’s account is installed on a personal device that is fully controlled by the employee.
According to the CFTC, they uncovered a 2020 message from a trader to a colleague that said, “We use WhatsApp all the time, but we delete convos regularly.” The CFTC also revealed that a head of a Bank of America trading desk told employees to delete messages off their personal devices, encouraging them to communicate on Signal, an encrypted messaging app. That individual reportedly resigned in 2022, although it’s believed that Bank of America was aware of these actions as early as 2021, according to the CFTC.
Even more deception was uncovered at Nomura, according to the Wall Street Journal, which reported that in 2019, a trader deleted messages on his personal device after he learned that the CFTC sought to secure the messaging data as part of an investigation. It’s alleged that the trader also “made false statements to the CFTC about his compliance with the records request.”
WhatsApp, iMessage and other popular instant messaging apps also lack tools that allow for efficient auditing and exports of messaging data, making it nearly impossible to comply with recordkeeping requirements. Lots of these apps also retain messaging data for a finite period of time, so much of the data in question was already lost by the time the banks’ regulatory non-compliance came to light.
What’s more, the employee is in control of both the WhatsApp account and the device. In theory, the employee could decline the company’s request to gain access to their messaging data and there’s not much — if anything — that the business could do about it.
Compare this to enterprise apps where the business can maintain a high degree of control over the mobile app, its data and the device that it’s installed on. Business instant messaging apps like SayHey Messenger® also include data export capabilities, auditing tools and other features that allow companies to achieve and maintain full regulatory compliance with recordkeeping requirements, reporting requirements and more.
Staying Compliant With a Business Messaging App
7T’s SayHey Messenger® offers a comprehensive messaging platform for compliant communications in highly regulated industries such as finance and banking, among others.
We’re guided by the approach of “Digital Transformation Driven by Business Strategy.” As such, the 7T development team works with company leaders who are seeking to solve problems and drive ROI through Digital Transformation and innovative business messaging solutions such as SayHey Messenger®.