Despite more than $2B in fines, financial industry still uses risky communications

Report reveals texting and messaging apps common at RIAs and broker-dealers.

The use of messaging apps has become a major talking point in the financial services industry following the eye-watering fines given to some big names in the industry, totaling more than $2.5 billion.

But despite the SEC’s action against firms including Wells Fargo and BNP Paribas along with separate penalties from the CFTC, a new report reveals that many in the industry are still using communications that do meet compliance requirements.

Archiving and compliance firm Smarsh surveyed people from across the industry, mostly in RIA and broker-dealer firms, to discover how widespread the use of messaging apps and other communications channels are, and which ones have already been banned by firms.

Collaboration platforms, SMS text, and social media are the platforms most commonly allowed for business purposes under firms’ policies.

Texting is a communications tool that divides the room and has done for the past decade or so. It’s an allowed channel used by 47% of respondents, although banned by 43% and considered a risk by 65% of respondents (compared to less than 40% for email and less than 30% for social media such as Facebook, Instagram, and Twitter (X)).

“In 2016, we were highlighting this disconnect between reality and what policies were telling us,” said Steve Marsh, Smarsh founder and chairman “Everyone was using text messaging, no one was archiving it, and at that point, the regulators weren’t really enforcing the rules like they are today. So here they are many years later issuing some gigantic fines.”

Marsh added that business communications is happening over text messaging whether it’s allowed or not.

GOVERNANCE GAPS

While just 17% of firms allow the use of encrypted messaging apps such as WhatsApp, more than 20% do not have a governance policy for the use of these platforms and policies for emerging social media apps are even less common.

The report, titled “An Unprecedented Year in Enforcement,” also found variations among different groups, including those that are full-time office based, those who are mostly remote, and those who are hybrid workers. Overall, collaboration platforms, LinkedIn, meeting solutions, and file sharing platforms are the most commonly used and allowed business communications technologies for financial services firms.

Asked about the biggest compliance concerns and perceived risks, cyber security threats of communications channels is far ahead (59%) of others such as vendor data security/capabilities (38%), and uncertainty around regulation and appropriate use of generative AI (24%). However, it’s worth noting that the latter is an emerging concern that was not cited in Smarsh’s 2020 research.