News and resources on cyber and physical threats to banks and fintechs worldwide.
Firms failing to monitor social messaging

Firms failing to monitor social messaging

Financial services firms are falling short in their efforts to monitor employees' use of social media messaging despite ear-marking communications surveillance as an investment priority, according to recent research.

Data from compliance software vendor SteelEye showed that 85% of firms do not yet include WhatsApp messages in their surveillance. 

Even fewer firms are tracking other messaging platforms such as Slack (9%) and Signal (3%) while more well-known messaging platforms are still tracked by just a minority of firms.

Only a quarter (25%) are monitoring Zoom while 40% are capturing messages on Microsoft Teams and Bloomberg Chat.

SteelEye's Compliance Health Check report, which surveyed 170 compliance professionals, comes at a time when regulators are clamping down on off-channel communications within regulated firms.

Bank of Amercia, Morgan Stanley and JPMorgan have all been issued with multi-million dollar fines for fialing to properly monitor the use of personal devices. 

In fact, such is the increase in regulatory scrutiny that 20% of respondents said that keeping up with regulatory change was their biggest challenge in meeting regulatory obligations. 

The survey also found that 76% of financial services firms now rank surveillance as one of their two investment priorities for the next 12 months, with 41% focusing specifically on communications surveillance as a key priority.

“There remains a lot of work to be done by financial services firms to ensure they do not fall foul of regulatory action," said Brian Lynch, president of SteelEye Americas. "This is a growing challenge for firms and it’s unlikely we’ll see it slow down any time soon, with new channels of communications emerging all the time.

"It’s encouraging to see firms prioritising communications surveillance and recognizing the role technology can play in solving this challenge. Technology and robust data are essential to ensuring future-proofed compliance processes and procedures, and to avoiding unwanted regulatory oversight and damaging fines,” added Lynch. 

Comments: (1)

A Finextra member
A Finextra member 20 July, 2022, 05:331 like 1 like

I won't say what foreign owned bank I worked for where piles of messaging was not being monitored - essentially because post implementation of a tool, no one followed up to keep up monitoring.  And that was just one type of messaging.  I'd gone to my 'mangler' and warned him - he told me to leave him alone.  Then internal auditors asked him the status - and suddenly it became a top priority.  But that was just one of many platforms.  Others were ignored.

I cared about this for a number of reasons - one of them is that another firm I'd worked for was part of the LIBOR scandal.  At that firm, there were rules, including about cell phones on the trading floors, that at a certain point were no longer enforced.  Compliance on all sorts of things is a joke in numerous firms until, if and when these firms get hit with audits.