encrypted messages; regulatory; mifid II; compliance

Communications Monitoring: Regulating Encrypted Messages

Encrypted IM apps growth in popularity has seen an increase of their use in conducting business Financial firms require constant communications monitoring in order to meet…

  • Encrypted IM apps growth in popularity has seen an increase of their use in conducting business
  • Financial firms require constant communications monitoring in order to meet compliance standards
  • Difficulty regulating encrypted IM apps can lead to major fines by the FCA, FINRA and SEC
  • Hentsū, powered by Actiance Socialite, can capture native metadata in near real-time, ensuring all content are captured in full conversational context

To many, using Instant Messaging apps like WhatsApp to connect with people, is something we do daily without much of a second thought. However, the financial world is full of compliance and regulatory measures that require the monitoring of communications between firms, their employees, and their clients.

Thus far, IM apps like WeChat and WhatsApp, have evaded these measures thanks to their encrypted messaging services, however, a number of high-profile cases have highlighted the growing issue with the regulation of these encrypted messaging services.

For example, Bloomberg recently reported on how some employees of big financial firms have been secretly conducting business over encrypted IM apps, with one ex-Jeffries banker being fined by the FCA over $40,000 USD for using WhatsApp to share confidential client information.

These cases are increasingly common, and are exposing the unlawful and unethical practices that could end up costing firms big money. While attempting to monitor the data and information shared on these encrypted IM apps may seem like a lost cause, with the right technology and expertise, there are ways to ensure IM apps are being regulated.

What are Encrypted Apps and Why They Matter

Over the years WhatsApp has grown rapidly to become a staple in most people’s phones as their go-to for instant messaging. With over 1.2 Billion active users daily, the app’s popularity cannot be understated. It’s relative straightforward to use, able to connect people instantly, so-long as they have access to Internet, and best of all- free.

Equally, WeChat, an IM app popular in China, presents the same benefits as WhatsApp, and is used by over 800 million people daily, an increasing amount of which are businesses. With so many people using these free and easy apps, it’s plain to understand why they are so popular by firms and their clients alike. The fast-response rate, coupled with the fact that many employees and clients use these apps in their everyday life, makes them an easy place to conduct business.

The problem arises because many of the features they present are not compatible with the compliance and regulatory requirements of the FCA, FINRA and SEC. Firstly, their content is encrypted end-to-end, making collection and monitoring very difficult.

Additionally, the lack of APIs impedes automated capture of content, meaning it requires someone to manually capture, a time-consuming process, where human error can lead to critical content accidentally being omitted. Furthermore, even once captured, the dynamic, feature-rich content is converted to email form by most archives, complicating monitoring and eDiscovery response time.

All these issues mean that, despite their popularity, encrypted IM apps do not meet financial firms requirements to keep records of all written business communications. It is down to firms to ensure their compliance requirements are being met, and to guarantee the regulation of their communications. Nonetheless, as seen, these IM apps are presenting a new challenge in compliance- especially when it is highly likely that these applications are currently in use, unmonitored.

How to Manage, Secure, and Ensure Compliancy

Often times technology evolves faster than we can keep up, leaving many clueless as to how to tackle the many loopholes they create. While this may have initially been the case with these encrypted IM apps, the real challenges they present to compliance has pushed for innovative solutions.

Hentsū Connect, powered by Actiance Socialite, captures WeChat and WhatsApp native metadata in near real-time, ensuring all content including encrypted messages, conversations, emojis, photos, links, and shared documents, are captured in full conversational context. With this unique method, the entirety of communications are preserved- even deleted content. It also provides compliant storing, monitoring and reporting across user, group, and global data in order to meet the most stringent regulatory requirements.

Thus, not only is this the best and first solution to the market, it deploys in a matter of hours, by simply leveraging the existing WeChat/WhatsApp authorization process without requiring the installation of new applications on user devices. This effectively ensures that firms can are compliant in no-time at all, minimising regulatory risks with minimal hassle.

How Hentsū can Help

Hentsū enables firms to conduct business on these encrypted messaging applications and over 80 different channels compliantly. Contact us at: hello@hentsu.com