In a move signaling alignment with US regulatory actions, the UK’s Financial Conduct Authority (FCA) is preparing to survey City firms to scrutinize their use of encrypted messaging services such as WhatsApp. Regtech firm SteelEye has shared informative insights to help industry participants with gaining a better understanding of these key developments.
Steeleye notes in a blog post that this follows concerns regarding the potential for market abuse and insider trading through “off-channel communications.”
The survey, which will examine how banks manage and monitor these communications, comes after similar US enforcement actions where financial firms have faced fines “totaling over $3 billion over the last three years” for allegedly failing to properly capture and store employee communications.
In the United States, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have led a crackdown on the use of “unauthorized” communication platforms.
Steeleye further noted that this issue came to the forefront in December 2021 when the SEC levied a $125 million fine on a “tier-one” bank for record-keeping failures, marking the beginning of an “intense regulatory crackdown” that has since reshaped the industry.
The team at Steeleye also mentioned in their update that the failure to capture and store communications on platforms like WhatsApp has been a key factor in all off-channel communications fines since, which US regulators “argue hinders their ability to prevent and prosecute market abuse.”
For larger banks, Steeleye explained that this development from the FCA should come as “no surprise.
These institutions have likely been in “dialogue” with the regulator for months.
However, Steeleye pointed out that it is important to remember that simply having policies in place is “not enough.”
Communications compliance procedures must be “genuinely effective and regularly enforced.”
To mitigate risk, Steeleye noted that firms need to conduct risk assessments across all communication channels—not just WhatsApp.
An assessment of 100% of communication channels is essential to ensure there are “no blind spots” in how regulated staff communicate.
Failing to properly address off-channel communications, even after receiving guidance, could lead “to significant fines and enforcement actions in the future.”
Although much of the regulatory focus in the US has centered on the capture and archiving of digital communications, it’s vital to remember that surveillance of those communications is equally important.
Steeleye also mentioned that the fines and this upcoming FCA survey highlight the need for firms to “maintain accurate records of their communications.”
But if conversations take place on unauthorized platforms, they are not only missing from the firm’s archives—they are also “not being actively surveilled. This lack of surveillance is a significant regulatory concern, as it prevents firms from detecting potential market manipulation and conduct issues.”
Capturing communications on platforms like WhatsApp, which was once a major challenge, has “become far more manageable due to technological advancements.”
Steeleye added that now, firms have access to a range of solutions that allow them to capture and store data across “a variety of messaging platforms. However, the real challenge now lies in how effectively firms can monitor and analyze this data.”
It’s no longer enough to simply store communications data; firms must actively surveil it to “identify patterns and behaviors that may signal misconduct.”
With regulators emphasizing the importance of capture and surveillance, financial institutions must “ensure that they not only have systems in place to archive communications but also robust tools for detecting market abuse and other risky behavior within that data.”
The issue of communications compliance is critical for a number of reasons.
Unauthorized, off-channel communications create gaps in audit trails, “making it challenging for firms and regulators to detect misconduct.”
As digital channels become more widespread, banking institutions are going to have to ensure that their surveillance systems can track and capture all relevant conversations, especially those that may “contain sensitive or work-related information.”
With the FCA now focusing on this issue, UK banks need to ensure they have the systems to avoid fines and enforcement actions that could “follow a US-style crackdown.”
In this regulatory environment, communications surveillance is not just a matter of compliance—it’s a safeguard against “significant financial and reputational risk.”
The FCA’s actions should serve as a “clear reminder” to City firms that the scrutiny around encrypted messaging services is only intensifying.
The platform secures communications data from any communications channel—voice, chat, email, meetings, and social messaging—storing them in a “compliant, immutable format that meets regulatory standards.”
SteelEye explains that it uses surveillance algorithms, AI, and intelligent lexicon technology to detect early signs of misconduct and market abuse.
SteelEye’s Compliance CoPilot may be deployed to streamline the overall communication surveillance workflow, thus helping with “reducing false positives and enhancing detection.”
SteelEye’s monitoring capabilities are able to identify attempts to switch to unauthorized communication channels, helping clients ahead of potential risks and “ensure regulatory compliance.”