With financial institutions struggling to meet their regulatory obligations regarding messaging apps, the sector could have saved billions of dollars by using Symmetrium to minimize their exposure.
When JPMorgan was hit with $200 million in SEC fines in Dec 2021, for letting employees use WhatsApp, it should have been a warning sign. Less than a year later, the US Securities and Exchange Commission (SEC) struck again, fining 16 Wall Street firms $1.8B for using private text apps.
This avalanche of fines was imposed on banks and financial institutions for allowing employees to discuss business via unapproved and unmonitored messaging systems, such as WhatsApp. Such discussions are legally required to be recorded, stored and available to government authorities to review when required.
The sector has been cracking down heavily on the use of unsecured messaging apps for business. In 2020, for example, a senior credit trader at JPMorgan was suspended for communicating via WhatsApp with colleagues at Jefferies, KPMG, and VTB Capital.
Financial Institutions Struggling to Meet Regulatory Requirements
With the pervasive use of mobile phones as hybrid work policies become more normal, the exposure firms face has risen sharply since the time when only email was being used. All email messages could be stored and archived on corporate email servers to meet regulatory requirements, but now with BYOD (Bring Your Own Device) policies and the widespread use of messaging apps, banks are struggling to meet SEC requirements.
WhatsApp remains the most popular messaging app, but more than a half dozen others are regularly used, such as Facebook Messenger, iMessage, WeChat and Telegram. Their prevalence is giving Compliance Officers at financial services firms sleepless nights as workplace smartphones and BYOD policies create a perfect storm for users to intentionally or even accidentally breach SEC rules.
How The Sector Could Have Avoided Billion-Dollar Fines
Sharing data using unauthorized messaging apps and personal email accounts not only flouts SEC regulations but can also expose sensitive data to security risks. Symmetrium’s zero trust mobile access solution has been specifically designed to help organizations operating in highly regulated sectors to remain compliant by keeping data protected, particularly in BYOD environments.
Symmetrium is device agnostic, and works by the creation of virtual mobile devices (VMDs) within the organization’s own IT environment. These VMDs sit within this protected environment and when remotely accessed these virtual devices act as extensions of all organizational security and compliance policies using end-to-end encrypted streaming. So when messaging using Symmetrium’s mobile access solution, all regulatory obligations are adhered to in this highly controlled environment. The result is a completely secure, compliant and native mobile experience with seamless deployment and management.
Ensuring All Data Remains SEC Compliant
With messages sent by authorized users virtually accessing Symmetrium via the organizational network, the messages and any associated data never sits on the user’s actual device. The result is that data remains secure and archived to meet SECs requirements.
Each mobile device acts as an on-prem laptop, allowing for full control over employee messaging to shield financial institutions from any risks associated with using messaging apps, such as WhatsApp.
This allows for minimum-resources mobile messaging management via a central management console for all devices, OS and brands. All is integrated smoothly into existing security and GRC data access protocols through one single app. The result is organizations can finally be confident their data and messaging remains secure and compliant at all times, avoiding crippling fines and potential data breaches.
Discover how Symmetrium can keep your data and employee messaging compliant by booking a demo here.
