Nicole Lienemann - stock.adobe.c

Finance regulator cracks down on use of messaging apps

The Financial Conduct Authority is taking a closer look at how staff at banks are using WhatsApp in work

The Financial Conduct Authority (FCA) is in contact with banks over the use of messaging apps by staff, following fines in the US.

Last month, US regulators fined 16 banks about $2m for failures related to monitoring the use of private messaging apps, including WhatsApp, by staff.

The UK financial services regulator has begun discussions with banks in relation to their practices around the use of private messaging by staff.

“We are actively discussing personal device use with a range of UK authorised firms, not limited to those who may have been subjected to other regulatory enquiries,” said the FCA.

According to a Bloomberg report, Deutsche Bank, Citigroup, JP Morgan and Nomura have been contacted by the FCA with information requests about how often and for what purpose staff use texts and messaging apps.

Rik Turner, senior principal analyst of cyber security at Omdia, said that beyond compliance issues there are big risks for banks allowing the use of messaging apps, with potential for human error when it comes to people using messaging tech such as WhatsApp on work-related issues.

“For example, we both work at a bank and I mention to you on WhatsApp that the brass are considering the launch of a new mortgage offer with a very unusual repayment scheme; you forward it to your friend Bill at another branch, but inadvertently send it to another Bill who you went to school with, and he works at a rival,” he said.

Read more about messaging apps in the workplace

Turner said there is also a cyber attack or scam issue, with threat actors infiltrating the app and “abusing it for their nefarious ends”.

“Clearly there is the issue of actual financial damage for the banks, not to mention the reputational hit,” he said. “And of course, this is yet another example of employees bringing a SaaS [software as a service] app into the workplace that is either unsanctioned or, at best, only partially sanctioned by their employer, so clearly some tightening up [monitoring and control actions] needs to be instituted.”

Read more on IT legislation and regulation