Compliance Tips for Unauthorized Communications Apps
Today, digital communications apps and texting are the de facto ways to stay in touch with friends, family, and, increasingly, colleagues and clients. Business practices and preferences commonly mirror personal or consumer behaviors, and how we communicate is no exception. With the work-from-home boom and increased use of smartphones, people are blending their personal and business communications to a worrying degree. Information on trades or deals that used to be reserved for email or written memos is now mingling with daily banter and camaraderie shared through texting platforms. It’s not as easy to separate the personal and professional when everything can be accessed from the same device.
But just because people prefer to use certain apps personally doesn’t mean they’re acceptable to use in business settings. This is especially true for WhatsApp, an unauthorized messaging platform that’s been the subject of multiple SEC probes. Regulators are cracking down on the use of these unauthorized communications platforms to prevent fraud and other industry violations, resulting in hefty fines and an uncomfortable level of scrutiny into people’s personal lives as these regulators sift through private communications.
Despite the individual nature of WhatsApp communications, compliance is still responsible for monitoring and analyzing these messages. If left unchecked, fines, firings, and other penalties will be the uncomfortable result.
Compliance officers face significant challenges in addressing and preventing unauthorized communications via WhatsApp. These platforms are often outside compliance’s traditional purview, and there aren’t many solutions on the market that can address the threat they pose to good governance. Still, compliance teams at banks and other financial institutions are taking steps to mitigate these platforms’ risks. Here are the most common ways compliance teams are trying to meet this challenge today:
Blanket Ban
One solution is a blanket policy banning WhatsApp for business. While a commonsense, reasonable first step, it’s still unrealistic that employees will adhere to these restrictions long-term. It’s just too easy for employees to use these platforms to conduct business—especially internationally—for them to agree to abandon them forever.
Company Device Restriction
Another common route is providing company devices that block unauthorized apps like WhatsApp. However, this method can backfire quickly as employees may return to using their personal devices for work because it’s more convenient. Despite the risks to their privacy, employees don’t always consider the importance of separating their business and personal lives because the likelihood of a probe seems so remote (even if it’s not).
There’s no clear, one-size-fits-all solution to this challenge, but in addition to clear policies and training, we recommend risk scoring.
Risk Scoring
Compliance leaders can monitor and risk score communications sent through WhatsApp to analyze them, detect risk, and work to mitigate it. This is a similar method to recording customer service calls for quality assurance. While there’s no way to evaluate or track messages in WhatsApp in real-time, these communications can be collected and assessed regularly to understand and address their risks. Fairwords’ Archive uses an advanced risk scoring engine and is a vital tool for clients who want to conduct a “Review in the Past” to stay current and aware of how employees communicate on these platforms.
Despite the rules to the contrary, WhatsApp will remain a key area where business is done. Ensuring employees stay in compliance while using these communications methods is possible, even if the compliance monitoring methods aren’t as straightforward as they are for email and other business platforms and applications. Start by defining the rules for WhatsApp and the risks involved in breaking them, followed by regular message evaluation and analysis. Sometimes, simply knowing there will be routine check-ins is enough to remind and motivate employees to stay within the lines.
For tips, insights, and advice on supporting a strong compliance team and protecting your organization, subscribe to the Fairwords newsletter.