Compliance Management, Critical Infrastructure Security, Endpoint/Device Security, Privacy

Security concerns with messaging use cost Wall Street banks over $1B in fines

The WhatsApp icon is seen on a smartphone screen.
The federal government collectively fined several banks more $1 billion for traders using private messaging services such as WhatsApp in their work over security and privacy issues. (Photo by Justin Sullivan/Getty Images)

Several well-known Wall Street U.S. banks will be dipping into their own pockets to pay more than $1 billion all together in regulatory fines because their traders used private messaging applications such as WhatsApp in their work, due to potential security and privacy issues of this practice.

On Aug. 19, the news broke that Bank of America, Barclays, Citigroup, Deutsche Bank, Goldman Sachs, Morgan Stanley and UBS will each have to fork over roughly $200 million each in fines levied by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), based on both agencies’ investigation into their trading professionals’ use of personal messaging applications to communicate internally and with clients.

Two other investment banks with smaller bases of operations in the United States, Jeffries and Nomura, will likely be forced to pay lower (as-yet unknown) fines for the same offense, according to initial reports from the Wall Street Journal, which first broke the news about the fines. (Official news of the regulatory violations and the subsequent fines is expected to be released in September.)

Growing security concern with use of personal devices in work-from-home era

This development underscores the increased concern coming from regulators (as well as financial customers and C-suites and boards of directors) over the potential and growing security issues that could arise when banking employees are using personal messaging applications to communicate sensitive financial data and information. While some financial professionals have long used their own mobile devices or laptops for work, using personal computing devices and applications spread like wildfire in the past couple of years, as the line between personal and professional access has blurred.

“Using encrypted apps like WhatsApp to discuss business became more common during the pandemic with the rise of flexible working practices,” according to an Aug. 24 research post from Will Paige, an analyst with eMarketer’s Insider Intelligence.

“But these communications have come under increased scrutiny from watchdogs because they fall outside of official channels and are harder for regulators to monitor,” Paige added. “They also increase the risk of hackers stealing confidential information.”

Compelling these large financial institutions to pay these substantial fines is hoped to encourage these firms to finally crack down on their employees using personal applications for work-based communications with colleagues or customers alike, due to the growing likelihood of incursion here. However, the question of how banks will be able to kibosh this already well-established behavior remains a significant one, even for financial firms that want to stem the tide of messaging misuse.

Paige pointed out that with so many traders and other financial professionals using encrypted apps, where message histories can be easily deleted, tracking this behavior is “exceedingly difficult.” 

“But the threat of big fines may not be enough to change a culture where employees are accustomed to using apps like WhatsApp to discuss confidential business,” Paige added. “Regulators are likely to slap down more fines as they look to stamp out rule breaking and send a strong message about the consequences.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.