SEC examines WhatsApp use in banks – what financial institutions can do now

WhatsApp use in the bank? Investigators at the Securities and Exchange Commission (SEC) are questioning US banks about the extent to which they use consumer messenger for professional communication. There is a threat of significant fines. Find out why this is the case and what financial institutions can do now in this article.

Teamwire, Sep 22 2022

The background to the SEC investigations is that WhatsApp and other private messengers are increasingly spreading into the business world due to their convenient use. Here, however, they are part of a shadow IT that also brings considerable disadvantages for banks. Although bank employees are aware of the requirements for communication and data handling, this is quickly forgotten in the fast-moving day-to-day business, so that they almost automatically reach for the familiar consumer messenger. SEC is particularly concerned that banks have no control over internal communications that take place via WhatsApp. Here, bank employees could willingly or unintentionally share or even delete information that is important or must be handled or archived according to legal and compliance requirements. At the SEC, separate probes revealed a troubling dynamic: key conversations across finance were happening beyond the government’s reach, according to bloomberg, among others.




Why SEC is interested in WhatsApp


As SEC acts in the public interest, it is its task to ensure a functioning, stable and trustworthy financial system in the US. Bank customers, investors and insurance policyholders must also be able to trust them with regard to the communication that takes place within financial institutions. SEC also ensures that fair and transparent market conditions exist and that the financial system and its components are not misused for unlawful purposes.




WhatsApp usage in banks as a secondary means of communication


An exciting question – also for SEC – should be: Why do bank employees resort to WhatsApp and other services as a means of communication in the first place? After all, many financial institutions already use Unified Communication & Collaboration (UC&C) solutions such as Microsoft Teams, which can be used on the desktop PC as well as via mobile app. The only way to prevent the almost automatic use of familiar consumer messengers is to offer an appropriate range of alternatives. It is therefore the task of the IT department to provide adequate secondary tools for communication that are just as convenient to use. It is advisable – for every operator of critical infrastructures – to establish a secondary communication channel that is completely separate from other systems, for example in a separate private cloud or on-premises. Only then can a company remain capable of acting in emergency and crisis situations.




The messenger as a security network for emergencies


Just imagine a power outage cutting off all communication channels in a bank – or worse, it becoming the target of attack by cybercriminals who manage to shut down the IT infrastructure. With a decoupled messaging solution based on the zero-trust model, all internal crisis communication could be carried out and the flow of information can be maintained in both cases:

  • The crisis team can exchange information reliably in a group chat – even across multiple locations.
  • Employees receive reliable instructions for actions and todos via alerts or push-to-talk.
  • Responsible parties can track who has actually received messages and can drive all activities in a coordinated way.


For emergency communication a separate messenger is therefore definitely recommended. However, banks should not rely on WhatsApp and similar consumer messengers. IT managers need to get an overview of which tools are in use – ideally before SEC does. Afterwards, you can provide a suitable, but authorized solution that can be used on business desktop and mobile devices with equal ease and security.




WhatsApp alternative for banks and financial service providers


Of course, financial institutions now have the option of burying their heads in the sand and hoping that SEC’s investigations on WhatsApp use will not have an overly serious impact on them. Or they can take this as an opportunity to roll out a secure messenger solution like Teamwire as a WhatsApp alternative across the organization and benefit from the advantages of a bank messenger:


#1 Banks get a secure secondary communication channel that complements existing solutions such as email and Microsoft Teams by allowing direct, fast and mobile chat via image, text and voice.


#2 As with WhatsApp, bank employees can exchange information one-to-one as well as in group chats and virtual meeting rooms for teams, departments, work or project groups.


#3 Voice-over-IP and video calls as well as video conferences enable efficient communication processes in the office, in the home office and on the road. Switching between devices runs smoothly and without any data loss.


#4 In addition to internal collaboration, external communication with customers and business partners can also be managed via guest accounts, chat widgets and a privacy-compliant WhatsApp connection.


#5 You get a scalable, highly performant messaging solution that can be operated in the public or private cloud as well as on-premises in your own data center.


#6 Financial institutions meet all requirements in terms of data protection and data sovereignty, security standards, company-wide compliance and other regulations, such as MiFID II.


#7 An audit-proof archive through the messenger solution documents internal and external communications and enables all messages to be retained for ten years.


#8 Innovative corporate functions (e.g. alerts) as well as the connection of third-party systems of the bank are significant plus points of a business messenger that WhatsApp cannot offer banks.


#9 You get a conveniently administered communication solution with multi-client and multi-device management, where they never lose track of anything and have full control over all users and data at all times.


#10 Last but not least, the banks will not be threatened with fines from SEC or other financial authorities because they will have already stopped using WhatsApp by the end of the investigation. A quick and uncomplicated roll-out of Teamwire makes this possible at any time.


So in general, banks are well advised to look around for a suitable second solution for internal communication and take a detailed look at Teamwire. After all, the company was named by Forrester as the leading European provider for secure communications with the highest level of data sovereignty and customer-focused innovations.




We are here for you


If you also want to prevent warnings or other consequences from financial authorities due to WhatsApp use, we would be happy to advise you in a personal meeting about the deployment options of Teamwire. Feel free to contact us!