In a move signaling alignment with US regulatory actions, the Financial Conduct Authority (FCA) is preparing to survey City firms to scrutinize their use of encrypted messaging services such as WhatsApp.
This follows growing concerns about the potential for market abuse and insider trading through off-channel communications. The survey, which will examine how banks manage and monitor these communications, comes in the wake of similar US enforcement actions where financial firms have faced fines totaling over $3 billion over the last three years for failing to properly capture and store employee communications.
In the United States, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have led a robust crackdown on the use of unauthorized communication platforms. This issue came to the forefront in December 2021 when the SEC levied a staggering $125 million fine on a tier-one bank for record-keeping failures, marking the beginning of an intense regulatory crackdown that has since reshaped the industry. The failure to capture and store communications on platforms like WhatsApp has been a key factor in all off-channel communications fines since, which US regulators argue hinders their ability to prevent and prosecute market abuse.
For larger banks, this development from the FCA should come as no surprise. These institutions have likely been in dialogue with the regulator for months. However, it is crucial to remember that simply having policies in place is not enough. Communications compliance procedures must be genuinely effective and regularly enforced.
To mitigate risk, firms need to conduct comprehensive risk assessments across all communication channels—not just WhatsApp. An assessment of 100% of communication channels is essential to ensure there are no blind spots in how regulated staff communicate. Failing to properly address off-channel communications, even after receiving guidance, could lead to significant fines and enforcement actions in the future.
While much of the regulatory focus in the US has centered on the capture and archiving of electronic communications, it’s critical to remember that surveillance of those communications is equally important. The fines and this upcoming FCA survey highlight the need for firms to maintain accurate records of their communications. However, if conversations take place on unauthorized platforms, they are not only missing from the firm’s archives—they are also not being actively surveilled. This lack of surveillance is a significant regulatory concern, as it prevents firms from detecting potential market manipulation and conduct issues.
Capturing communications on platforms like WhatsApp, which was once a major challenge, has become far more manageable due to technological advancements. Today, firms have access to a range of solutions that allow them to capture and store data across a variety of messaging platforms. However, the real challenge now lies in how effectively firms can monitor and analyze this data.
It’s no longer enough to simply store communications data; firms must actively surveil it to identify patterns and behaviors that may signal misconduct. With regulators increasingly emphasizing the importance of both capture and surveillance, financial institutions must ensure that they not only have systems in place to archive communications but also robust tools for detecting market abuse and other risky behavior within that data.
The issue of communications compliance is critical for several reasons. Unauthorized, off-channel communications create gaps in audit trails, making it challenging for firms and regulators to detect misconduct. As digital channels proliferate, banks must ensure that their surveillance systems can track and capture all relevant conversations, especially those that may contain sensitive or work-related information. With the FCA now focusing on this issue, UK banks need to ensure they have the appropriate systems in place to avoid potential fines and enforcement actions that could follow a US-style crackdown.
In this evolving regulatory environment, communications surveillance is not just a matter of compliance—it’s a safeguard against significant financial and reputational risk. The FCA’s actions should serve as a clear reminder to City firms that the scrutiny around encrypted messaging services is only intensifying.
The platform captures and secures communications data from any communications channel—voice, chat, email, meetings, and social messaging—storing them in a compliant, immutable format that meets regulatory standards. But we don't stop there. SteelEye leverages advanced surveillance algorithms, AI, and intelligent lexicon technology to detect early signs of misconduct and market abuse. At the same time, SteelEye’s Compliance CoPilot can be deployed to streamline the communication surveillance workflow, reducing false positives and enhancing detection.
Finally, SteelEye's proactive monitoring capabilities can identify and flag attempts to switch to unauthorized communication channels, helping you stay ahead of potential risks and ensure regulatory compliance.
Discover how SteelEye can future-proof your communications archiving and surveillance efforts—learn more here >