Go Back

What is WhatsApp archiving & why it’s essential for private equity firms?

Originally posted on Linkedin

What is WhatsApp archiving?

When WhatsApp is a crucial communication tool in your business, archived communications are very important in order to keep your company compliant. 

WhatsApp allows you to archive your messages, but it is not yet conformed to the compliance requirements of financial entities with regard to the archiving of messages.

For financial services providers, archiving messages on WhatsApp is not an option, as the regulator requires to:

  • Archive your chats to the cloud or to an SD card automatically
  • Make your archived chats searchable for easier monitoring & investigation 
  • Chat transcripts should be kept as PDF files for printing and storing electronically in case evidence needs to be shared.
  • Professional archiving solutions help close privacy, cybersecurity, and compliance loopholes created by BYOD policies.
  • Ensure you archive all your conversations, not just those you want to keep track of for financial compliance.
  • The failure to back up chats correctly could result in a fine of millions of dollars for financial entities.

Everybody uses WhatsApp to communicate

Some argued that it was a matter of when not if. Others felt secure enough behind their midsize that they could shelter in place from the fines being hurdled by the SEC towards the big banks. After all, the whole world uses WhatsApp to communicate, right? Everyone knows that it’s the new unofficial standard in digital communications.

Then it happened…

Just when you thought that you wouldn’t have to endure yet another article about WhatsApp monitoring, here’s a fresh spin on the situation. Earlier this week, Apollo Global Management Inc., Carlyle Group Inc., and KKR & Co. all reported in their regulatory filings that they had received letters from the Securities and Exchange Commission (SEC) regarding their use of electronic communications. More specifically, inquiries were pending about how they were using WhatsApp, monitoring messages, and archiving them.

These private equity firms are some of the largest in the world, but their daily volumes of financial transactions pale compared to JPMorgan Chase, Morgan Stanley, Bank of America, and the other global giants. Over the past calendar year, many big banks have been hit with $125-200 Million fines (or more) each for failing to monitor and archive communications in a manner that meets compliance requirements. In total, more than $2 Billion in fines has been levied by the SEC in the past nine months alone.

Of course, none of these private equity firms have been fined. At least not yet. But we all must assume that those fines are on the radar. It likely won’t be long before those firms submit regulatory filings detailing the scope of their penalties. However, even as an optimist, you can’t overlook the significance of this latest effort by the SEC. Formally posing inquiries into midsize private equity firms demonstrates that the situation around comms monitoring remains both active and fluid. At this point, it’s unclear where and when the quest for compliance and the troubles with WhatsApp will come to a natural end.

Compliance around record retention is no joke!

Although your eyes may roll and you’re tempted to scroll past yet another article on a topic that’s been on heavy rotation all year, make no mistake that this isn’t the last article you’ll come across. It’s big news because the reach of the SEC appears to be deep. Currently, it’s unknown “where the line is” when it comes to the size of the financial institution that’s going to be investigated for using WhatsApp or other popular e-Comms channels. Given the hefty endowment of fines collected, rest assured that the SEC isn’t hurting for cash or having difficulty recruiting compliance officers to conduct investigations into the compliant use of e-Comms tools.

“Forewarned, is forearmed” as they say. Now is the time for you, your compliance team, and your financial organization to do a careful audit around the use of e-Comms. Being fearful of what you may find is not an adequate reason to procrastinate taking a proactive approach to this compliance juggernaut that the SEC has tapped into.

Compliance steps you can take now

As we all know, the SEC is the regulatory authority, and they can go back into the records as far as they like. Even if you make sweeping changes now to get your financial firm on track for 2023 and beyond, past compliance violations can and will come to light through an investigation. And, if they do, corrective actions will be required which typically include fines plus new policies, potential terminations, and other efforts. Here’s what you can do now:

Keep up with the News: yes, that means scanning through more articles like this one around e-Comms, record-keeping, using personal devices, and so on

Adopt a Quarterly Affirmation initiative: every few months, request that all your employees, brokers, partners, suppliers, and other members of your organization personally sign and affirm that they are not using personal devices and not using unapproved e-Comms apps like WhatsApp to conduct matters of business

  • Host a Quarterly Training Refresher: remind members of your organization what it means to sign and affirm compliance and what happens to them and your organization if violations are discovered
  • Set an Example: if your internal audit reveals flagrant non-compliance, perhaps around the use of a personal device or WhatsApp, take the necessary actions, be it termination or whatever your HR policies mandate to showcase that your organization has zero tolerance for non-compliance
  • Update Your Policies: take a very close look at how they are worded, are they crystal clear in spelling out the use or disapproved use of WhatsApp, WeChat, or other e-Comms?
  • Reach out: contact other financial institutions, and RegTech vendors, and attend community events to learn more about what others are doing to get ahead of the SEC’s targeted aim

None of this is news – it’s simply a reminder that the situation is highly fluid and that the number of financial institutions within the crosshairs of the SEC appears to be ever-growing.

There’s no need to panic

Yet it’s also a poignant wake-up call for firms to take the matter of e-Comms seriously. Although the regulatory authorities pretended to turn a blind eye to some compliance transgressions during the early days of COVID to keep the economy moving, those days are gone. The virus is still here – and so is the SEC – on a mission to identify and correct all acts of non-compliance.


Follow Us

Subscribe to Shield’s Newsletter

Capture everything. Deploy anywhere. Store in one place.