Article Image

Messaging Apps Introduce Growing Compliance Risks

Author

Kip Soteres

More by Kip
Author

Kip Soteres

More by Kip

The media is only just beginning to cover the threats created by digital communication in the workplace. Employees increasingly use personal devices and new messaging apps to communicate business information. The consequences are particularly severe in highly regulated industries such as financial services and health care. As communication applications evolve, organizations must address the legal, financial and reputational risks made possible by those tools.

Messages Simply Disappear Within Seconds of Receipt

Bloomberg notes that apps like WhatsApp, Wire and Signal allow for communications that disappear within seconds and with no way to retrieve them for records or investigatory purposes. This opens the door to a host of communication challenges from breaches of client privacy, to illegal collusion and insider trading, to the sharing of off-color, discriminatory or derogatory comments, jokes and images.

In informal interviews with anonymous employees of financial institutions, Bloomberg uncovered examples of employees sharing dirty jokes, gossip, client data and more. Untraceable communications even make it possible for managers to circumvent overtime rules for hourly workers.

Competitive Advantages Make Messaging Tools Especially Tempting

Compounding the matter, some clients prefer the new channels. Ignoring their messages and invitations to "friend" and "follow" could potentially be bad for business. "Financial firms need to keep records of all written business communications, no matter how innocuous, according to the Securities and Exchange Commission and the Financial Industry Regulatory Authority," notes Bloomberg. But new tools make it virtually impossible to capture all communications, and the conflict potentially rewards those people willing to bend the rules and use the new apps.

Current Solutions

When messages leave no trails, are on personal phones instead of business-owned devices and disappear without leaving a record, how can organizations adapt?

Firms in sensitive and highly regulated industries are fighting back with software that scans for phrases such as "take this offline" or "sent you a text" for potential follow up. But so long as there is a strong profit motive and potential competitive advantage to using new channels to share information, the regulators, compliance and ethics officers and investigators will always have an uphill fight.

Some common practices from the financial industry, specifically, to consider:

  • Scan emails, chats and other business-owned devices
  • Restrict personal phones and messaging services in prescribed locations
  • Provide training and have employees sign documents where they attest they will not use personal, unmonitored digital communication in the workplace

Could Hacking Ironically Be Part of a Better Solution?

In 2017, a theme is emerging around mobile messaging apps being vulnerable to hacking, which may serve as a deterrent to heavy users. The Guardian pegged to revelations that "attackers could exploit a security vulnerability in WhatsApp to snoop on its users."

Hackers may well have the incentives to keep pace with new technologies among a welter of messaging options. Educating employees about these kinds of vulnerabilities may prove to be a stronger disincentive than policies and compliance protocols.

Stay up-to-date on the latest workforce trends and insights for HR leaders: subscribe to our monthly e-newsletter.