How many times a day do you send or receive a message?
Statista reports that – as of January 2023 – there are roughly 2 billion individuals using WhatsApp each month. Messaging apps are convenient – they remove the barriers of office hours or time zones, allowing a quick exchange of information (sans all the small talk those in-person conversations often require).
But for broker-dealers and other financial professionals, messaging apps offer as much risk as they do reward, largely due to compliance concerns surrounding these third-party applications and social media-powered tools.
Even after a recent string of WhatsApp-related penalties (totally north of $2 billion), Global Relay reports that “two-thirds of financial firms aren’t capturing LinkedIn communications data from their staff and just 3% have been able to monitor employees’ use of Zoom’s conferencing technology.”
Today, we’re examining the pros and cons of third-party messaging apps for your broker-dealer firm, including compliance considerations and best practices to keep in mind should you choose to utilize these apps.
What Are Third-Party Messaging Apps – And Why Are Broker-Dealers Using Them?
Messaging apps are communication platforms (sometimes linked to social media accounts) that use the internet to send and receive texts, share multimedia files, and engage in real-time conversation. Popular messaging apps include WhatsApp, WeChat, and Facebook Messenger.
Third-party apps can make communication between broker-dealers and their clients, prospects, or colleagues easier. When a prospect finds your firm’s Facebook page, for example, it’s quicker to reply to their message within the platform than to collect their contact information and follow up later.
Many of these apps are entirely free to use, unlike traditional texting, and require only an internet connection to function. To clarify: while most mobile plans today offer unlimited texting, these apps often provide additional features and conveniences, like in-platform messaging and end-to-end encryption, all without relying solely on traditional text messaging capabilities. Platforms like WhatsApp also boast end-to-end encryption that traditional texts lack, which can help keep conversations more confidential and secure.
Compliance concerns about third-party messaging apps
Third-party messaging apps, however, are not without their risks, including:
- Data security.
Ensuring the security and privacy of client information is paramount in your profession. Per FINRA’s regulatory guidelines, broker-dealers must carefully assess the data protection measures implemented by third-party vendors (including messaging apps) and choose platforms that align with industry standards. While some apps like WhatsApp use end-to-end encryption, others, such as WeChat, do not.
- Recordkeeping.
Compliance with regulatory recordkeeping requirements is a cornerstone of successful broker-dealer operations. If you aren’t keeping meticulous records of any and all messages, you put your clients (and firm’s reputation) at risk. You could also incur heavy fines with poor records – the SEC fined sixteen firms for widespread recordkeeping failures involving off-channel communications.
*Note: Both FINRA and the SEC have distinct reporting and formatting rules for recordkeeping, archival, and communication, including FINRA’s Exchange Act Rule 17a-4(b)(4) and SEC Rule Rule 17a-4.
- Monitoring.
Even if you have a strong grasp on the proper use of third-party messaging apps, your firm must implement policies and procedures, training, and ongoing monitoring to ensure all staff are using the communication channels properly. However, that becomes more difficult when these exchanges occur on private profiles, like employees’ personal LinkedIn accounts.
Related: Firms Re-evaluating Supervision and Technology as SEC Levies Over $1.1 Billion in Fines
Three Best Practices For Using Third-Party Messaging Apps
If you do choose to employ third-party messaging apps at your broker-dealer firm, there are three best practices to keep in mind throughout both initial implementation and ongoing use, including:
1. Choose compliance-friendly apps.
Consider choosing one or two approved third-party messaging apps that are equipped for compliance and monitoring, rather than allowing staff to use any and all messaging platforms available.
The first step is to ensure that all messaging platforms your firm may be using can facilitate secure communication, recordkeeping, and monitoring capabilities. Look for end-to-end encryption capabilities, two-factor authentication, and other robust security measures.
Keep in mind that archiving and “backup systems” are not interchangeable for broker-dealer compliance. Backup systems simply create a copy of records, while archival systems typically involve moving data off the primary storage device in such a way that the data can’t be overwritten. Archival systems are also focused more on long-term storage.
It’s wise to reach out directly to the app’s customer support team to ask any specific questions, as well as to look over user reviews of the app, before signing up.
Related: RIA Off-channel Communications are Under Increased SEC Scrutiny: What Advisers Should Know
2. Conduct regular risk assessments.
Regular risk assessments are essential for identifying potential vulnerabilities associated with third-party messaging apps. To conduct a comprehensive risk assessment of third-party messaging apps, your firm should:
- Identify areas of risk such as archiving, devices used, training, and more.
- Consider adding an all-team meeting to the calendar so your staff have an opportunity to voice concerns and stay apprised of proper usage.
- Stay updated on SEC, FINRA, and state-required compliance rules surrounding third-party messaging apps and vendors.
Once a risk assessment has identified any areas of concern, be sure to make a plan of action to mitigate them.
3. Develop policies and procedures for staff.
Lastly, establishing clear and comprehensive communication policies is vital to monitoring success. While developing your policies and procedures, include guidelines for both internal and external (client/prospect) communications.
Consider adding regular training sessions for your staff, as well as initial training tools for any new members of your team. Training materials should detail use cases, approved devices, next steps in the event of an error, and any other relevant information. It’s important to note that staff should also be required to attest that they are not using any unapproved communication channels on an annual basis. This can be incorporated into the annual rep questionnaire.
Related: Tips & Tricks for Chief Compliance Officers: Onboarding Employees
Navigating Compliance: Third-Party Messaging Apps
The allure of third-party messaging apps for broker-dealers is undeniable. They offer improved communication, collaboration, and client engagement. However, the regulatory landscape surrounding these apps can be daunting, leaving many firms teetering on the edge of non-compliance.
Here’s where COMPLY steps in, acting as your safety net and guiding you across the tightrope. For instance, COMPLY’s communication archiving and review solutions offer:
- Automated archiving.
Imagine a world where capturing, reviewing, and storing client communications – across emails, webpages, social media, and yes, even third-party messaging apps – is effortless. COMPLY makes this a reality with its automated archiving solution. Every interaction is meticulously documented, providing an irrefutable record for regulatory scrutiny.
- Streamlined review.
Manual content review is a time-consuming beast. COMPLY tames it with automation. Auto-flagging of keywords streamlines the process, highlighting potentially risky messages for swift review. This frees up your compliance team to focus on complex issues, not tedious sifting.
- Risk mitigation.
Compliance violations can be costly and damaging. COMPLY minimizes these risks by providing robust supervisory capabilities. You’ll gain invaluable insights into communication patterns, identify potential breaches early, and take corrective action promptly. This proactive approach mitigates financial, legal, and operational risks, allowing you to trade with confidence.
COMPLY isn’t just a compliance tool; it’s your partner in navigating the ever-evolving regulatory landscape. By automating archiving, streamlining review, and mitigating risks, COMPLY empowers you to leverage the benefits of third-party messaging apps while ensuring seamless compliance.
Are you ready to embrace the communication revolution and let COMPLY guide you? Let’s talk!