FCA warns advisers on using WhatsApp and social media
In its Market Watch briefing earlier in the year, the Financial Conduct Authority warned advisers on the risk of using messaging apps such as Whatsapp especially given the increase in home working.
The FCA warns, “The pandemic has had a significant effect on how businesses are run, with changes to technology and increased homeworking, which may, in some cases, be long-lasting.”
Risks from misconduct through electronic communications may be heightened or increased by homeworking, This includes increased use of unmonitored and/or encrypted communication applications like WhatsApp, Facebook Messenger, and others. The FCA’s guidance suggests that using such unregulated communication platforms for client interactions can present significant compliance challenges.
In summary, the FCA state that there is no specific restriction on the technologies or apps firms can use for communications. However, in all cases firms must understand the recording obligations and have effective policies, controls and oversight to ensure that these are met.”
We welcome the FCA providing guidance for advisers to be wary with social media messaging. What’s missing from this is guidance on using email. During the first lockdown the FCA encouraged email over traditional methods such as the post but failed to reference the danger of using unsecured email.
Firms must be vigilant in choosing secure communication applications that are both auditable and compliant with the FCA’s recording obligations.
The message from the FCA to UK financial advisers is clear: safeguarding client data requires a secure and compliant channel of communication. Platforms like WhatsApp, along with other messaging apps, should ideally be avoided or used with stringent oversight to avoid compliance risks. Adopting secure messaging solutions not only mitigates data breaches but ensures that communications included in the compliance record are adequately protected.
Secure messaging refers to the use of compliant messaging applications that safeguard sensitive information through end-to-end encryption and maintain alignment with regulatory data protection standards. Unlike common social messaging apps, secure communication platforms provide audit trails, data retention options, and other features specifically designed to meet the rigorous compliance standards outlined by both the Financial Conduct Authority (FCA) and international counterparts like the U.S. Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC).
By implementing secure communication platforms, advisers can confidently share sensitive financial information and facilitate actions like document signing without risking non-compliance. These messaging applications enhance data protection, allow firms to retain control over data, and, importantly, ensure that all communication records align with FCA and SEC requirements.
Want to get valuable insights like this straight to your inbox?
Sign up to our newsletter below.
The FCA's stance on platforms like WhatsApp and similar messaging applications
The Financial Conduct Authority has raised significant concerns about using unmonitored and encrypted communication channels such as WhatsApp for business purposes. In Market Watch 66, the FCA warned that using these messaging apps introduces substantial compliance risks since unregulated communications are more challenging to monitor. Furthermore, firms are expected to proactively review their channel communications policies to ensure all in-scope communications are recorded and auditable, regardless of the platform.
Global regulatory trends in messaging platforms
Concerns about encrypted communication are not limited to the UK’s primary regulator. In the United States, both the SEC and the Commodity Futures Trading Commission (CFTC) have levied over $2 billion in fines since 2021 against firms failing to control or monitor channel comms conducted on platforms like WhatsApp. Such enforcement actions underscore the regulatory focus on unmonitored communication channels, and UK advisers should consider these global trends when implementing communication policies.
Best practices for firms using communication platforms
To align with the FCA's expectations, and to avoid enforcement actions, firms should adopt the following practices for compliant communication:
- Develop clear policies : Establish policies that govern the use of channel communications, including prohibiting unauthorized messaging platforms for business use.
- Use secure messaging applications : Implement communication platforms that provide audit trails and comply with FCA and SEC data retention standards.
- Conduct employee training : Regularly educate employees on compliance risks linked to unauthorized communication applications.
- Schedule compliance audits : Consistently review and monitor communication records to ensure regulatory alignment and improve data security.
By embedding these measures into everyday operations, firms can effectively manage risks related to messaging apps and achieve regulatory compliance with both the FCA and international regulators like the SEC and CFTC.
Ready to collaborate with a technology provider that truly listens and values your input?
Schedule a discovery call with us today to learn how moneyinfo will help you meet your clients' digital expectations.
