WhatsApp has become a favored communications tool for financial advisers and traders looking to arrange deals and provide clients with investment advice – but the potential risks and consequences necessitate a reliable compliance recording and recordkeeping solution.
With an active user base of 2.1 billion people and over 1 billion daily users, WhatsApp has become one of the leading communication platforms across the globe. Offering free calls and messaging across borders, with end-to-end encryption to ensure privacy and security, the app has gained popularity not only among private users but also professionals in the financial sector.
Often used by financial advisers and traders to arrange deals, set up transactions, and provide investment advice, WhatsApp is a prime example of how digital innovations have changed the communication structure in a highly-regulated financial sector – highlighting both the benefits of being able to communicate with clients through multiple channels and the potential risks of doing so.
The latter was made apparent in January 2020, when a senior credit trader at JP Morgan was suspended for communicating with colleagues through WhatsApp, as several of the world’s largest financial corporations were investigated for similar incidents.
WhatsApp recording requirements and regulations
When using digital channels and platforms such as WhatsApp to contact clients, your employees must be aware of laws and regulations relating to finance, security, privacy, and transparency.
As a means of communication equal to traditional channels such as calls or email, WhatsApp is subject to recording and recordkeeping requirements defined by regulations and directives defined by MiFID II, FCA, SYSC, Dodd-Frank, SEC, FINRA, MAS, and the SFC.
The FCA warned about the risks relating to communication through the app as far back as 2017, and recently highlighted the importance of WhatsApp recording and recordkeeping.
Simply put, if your organization does not already have a dependable solution for recording communication through WhatsApp and other digital channels, implementing one should be at the top of your list of priorities. Failing to provide auditable documentation of a proactive approach to compliance may have costly consequences.
Potential consequences of subpar recordkeeping
While the encryption and security measures implemented by WhatsApp may provide an added layer in protecting sensitive information from the eyes of outsiders, it may also leave you at the mercy of your employees’ discretion in regard to compliance.
Without effective recording and monitoring controls in place, employees can potentially use the app as a tool for avoiding audits by your compliance department or relevant authorities.
This leaves your organization vulnerable to compliance breaches and incidents of market abuse and presents a real risk of loss of monitoring and surveillance capability. Additionally, there may be an absence of protection through loss of evidence to resolve disputes between your firm and your clients over transaction terms.
Subsequently, the lack of a dependable recording and monitoring solution may increase the risk of fines, penalties, and reputational damage.
There is a long list of challenges and requirements to take into consideration when implementing a compliant and reliable recording and recordkeeping solution for WhatsApp and other digital channels.
First and foremost, you need to be aware of your compliance department’s top business needs, such as:
Automatic, policy-based recording
Ensure that your recording solution is automatic and policy-based and that it meets the requirements of global directives and regulations, such as MiFID II and Dodd-Frank.
Your recording and recordkeeping system should provide:
- Configurable retention policies (typically 5, 7, and/or 10 years)
- Legal hold
- Whatsapp recording in both iOS and Android devices
- Compatibility with Mobile App, WhatsApp Web, WhatsApp Desktop
- Complete separation between private and business texts on BYOD devices
- Automatic archiving operating in the background without any user intervention
Implement a solution that provides you with global oversight of all communications data necessary for efficient compliance.
Your solution should have the capability to record, securely store, and retrieve communications data across channels, including web apps, office phones, trade boards, mobile phones, and email. Additionally, you should be able to easily add additional recording sources such as Microsoft Teams, Bloomberg chat, Refinitiv Eikon Messenger, etc.
Easy retrieval of data from across all channels and platforms is key to efficient compliance.
To provide you with proof of regulatory compliance, your recording solution should register all interactions and ensure that only authorized personnel – typically your compliance department – can retrieve and access Whatsapp communications data.
For a complete audit trail all interactions, such as replays, exports, external accesses, openings and listens should be systematically logged.
Far too many organizations still rely on homemade recording solutions that do not satisfy safety and security regulations, increasing the risk of unauthorized people being able to view and replay recordings without the interaction being tracked and registered.
In addition to the above-mentioned features and tools, your recording and record-keeping solution should include functionality for:1) Automated risk management and reporting
- Automatic transcription
- Review queues
- Risk detections
- Reporting tools
2) Whitelisting capabilities to avoid recording private calls and surplus information
- Privacy is as critical for your employees as your clients, and your system should provide whitelisting capabilities for private contacts and devices.
WhatsApp recording with guardREC® Compliance
guardREC® Compliance is a centralized compliance solution specifically designed for financial services to support all relevant requirements and regulations. Our solution provides a global view of your communications data, including multiple interchangeable plugins to capture audio, text, screens, and video.
The additional state-of-the-art compliance functionality enables financial services to assure regulatory compliance in an easier, less complex, and far more cost-effective way.
guardREC® Compliance is used by leading investment banks and financial services. Constantly improved based on customer feedback, our solution includes compliance recording and support for WhatsApp and other popular digital communications apps.
Want to learn more about Whatsapp recording for financial institutions with guardREC® Compliance?
Click here – or contact one of our consultants below.
GuardREC is a Norwegian Reg Tech company providing leading recording and compliance solutions. The solutions are aimed towards international customers in Banking and Finance and Air Traffic Control. GuardREC has 20 years of experience in development and delivery of security-critical solutions.
The recording solutions are specifically designed to help organizations comply with increasingly stringent legal and industrial requirements and regulations. GuardREC is a subsidiary of Hatteland Technology AS and a part of Embron Group.