Published on March 6, 2024 by Anvitha R Jain and Taqiya Khanum
“Unauthorised communication platforms” refer to channels for collaboration not formally approved by a company for business- or client-related interaction. The use of unapproved methods of communication has spiked with modern technology, which makes communication faster and more accessible. Effective communication is essential for a company’s success, but to ensure this, employees need to be aware of the correct channels through which they can engage with each other and be cautious about the social media platforms – such as Instagram, Telegram, WeChat, WhatsApp or text messaging – that they are not allowed to use, as their use could endanger the company’s or employee’s privacy, security and reputation.
Risks of using unapproved communication platforms
Unapproved methods of communication are easy to adopt and convenient to use, provide end-to-end encryption and ensure anonymity, but their use for business communication is very often not permitted, for the following reasons:
-
Endanger security
This is the main risk, as security of these platforms is not tested against industry standards, making them vulnerable to data breaches, hacking or unauthorised access.
-
Lack data privacy Use of unapproved communication platforms could lead to breaches of privacy, exploitation of data by third parties and leakage of material non-public information. Confidential information of users/organisations/clients could be stored without adequate consent or protection.
-
Open to malicious attack Hackers and cybercriminals could use these platforms to launch phishing attacks, spread malware or conduct other plan illegal activity.
-
Violate legal and compliance requirements There are strict regulations governing data privacy and protection, and employees who use unauthorised platforms would be violating these, resulting in fines, lawsuits or damage to reputation of employees and the company.
Source: https://wallpapers.com/social-media
Navigating the risks of using unapproved communication platforms
-
Educate and raise awareness Employees must be aware of all the methods of communication available in a company or department, and if necessary, the company must properly classify them as formal, informal or unofficial through frequent training sessions, so that employees can use the correct channel, in line with the company's regulations.
-
Establish clear communication Companies should have recordkeeping policies and procedures relating to avenues of communication, and this information should be adequately disclosed to staff in addition to penalties for non-compliance. Employees should be reminded of these policies through periodic compliance training sessions and when regulators provide new guidance.
-
Provide secure alternatives Companies must give staff a range of options, depending on the urgency and nature of communication. Some provide staff with phones, requiring that all business-related conversations be held on these devices to reduce risk. Some companies allow use of WhatsApp but ensure supervision.
-
Ensure compliance monitoring Companies must monitor employee conversations through software or another mechanism that enables business-related interactions via unofficial channels to be further classified based on lexicons and keywords to determine whether they pose a risk to the company or its clients.
-
Encourage reporting and auditing Communication records from all channels should be further checked to ensure their accuracy; a company may also hire an independent consultant to assess any unapproved lines of communication.
Regulatory and compliance obligations
FINRA Rule 3110(b)(4) mandates that companies have systems and policies in place to monitor all internal communication and incoming and outgoing correspondence related to their securities and investment banking businesses.
Section 17(A) of the Securities and Exchange Act of 1934 details provisions for recordkeeping, and Rule 17a-4 outlines the process for preserving all data relating to transactions and official business, in an effort to safeguard data.
A large Wall Street firm was recently fined USD200m by the US Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) for failing to monitor and preserve business-related communication on prohibited communication channels. For a similar violation, one investment advisory firm and 15 broker-dealer firms were fined USD1.1bn.
Sectors fined for use of unapproved methods of communication for business purposes in 2022 and 2023
Source:SEC.gov | SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures
U.S. SEC investigates Citi over unapproved employee communications | Reuters
The regulators fined the banking and finance sector for violating SEC and federal securities laws, including failure to monitor and store electronic communications and use of personal email accounts, text messages and WhatsApp for business matters. These are significant warnings to the sector, showing how strictly regulators view communication via unauthorised channels.
Conclusion
Unapproved channels of communication may have an appeal and be easy to use, but the risks cannot be ignored. Prioritising security and adherence to regulatory policies are important. It is the user’s responsibility to protect the reputation of their company by using protected and reliable channels of communication.
How Acuity Knowledge Partners can help
We create a dynamic, reliable and skilled ecosystem of control. Our corporate compliance services include e-communication reviews and a wide range of managed services. Our pool of surveillance experts has created a detailed checklist based on clients’ monitoring policies and research pedigree to enhance lexicons and improve their systems’ ability to identify communication through unapproved channels that clients are most concerned about. Potential issues are then escalated for review and resolution.
Sources:
Tags:
What's your view?
About the Authors
Anvitha R Jain has over 2.8 years of experience in corporate and forensic compliance, currently At Acuity Knowledge Partners she is part of the Corporate and Forensic Compliance team and specializes in E-Comm Surveillance and trade surveillance. She holds a master’s degree in business administration, specialized in core finance from CMS Business School Jain University.
Taqiya Khanum A currently works in Corporate Compliance team at Acuity knowledge partners and has over 1.5 Years of experience in EComm Surveillance and Voice Surveillance. She has a Post Graduate Diploma in Business management with a dual specialization in Finance and Marketing from St. Josephs Institute of Management, Bengaluru.
Like the way we think?
Next time we post something new, we'll send it to your inbox