Only a few years ago, people had limited options available to them if they wanted to reach out to a regulated firm. To speak to a bank about their account, for instance, they’d need to choose between visiting the branch or making a phone call. Now, the way consumers communicate with all organisations is changing.
People today prefer using various applications and platforms for customer service, ranging from social media channels to mobile apps. In fact, around 66 percent of consumers say they prefer to connect with companies through messaging above all other channels.
It’s not just customers keen to get involved with messaging applications either. Many employees find using the same tools they access in their day-to-day lives more straightforward and convenient than leveraging custom-made business tools.
This overall market shift has led to a new question among highly regulated brands: How do companies remain compliant while unlocking the benefits of new collaboration tools?
Encrypted Messaging Tools and Compliance Gaps
In an age of digital transformation and remote or hybrid work, regulated companies can’t afford to ignore the popularity of messaging tools. Encrypted messaging apps such as WhatsApp, WeChat, and Telegram are everywhere. They’re a convenient solution for employees working in distributed environments and a fantastic way to engage a wider audience.
Embracing messaging tools can bring companies many benefits, from better audience relationships to improved business efficiency. However, many institutions are still struggling to transition into this new ecosystem. The primary reason for this is concern about compliance.
To remain compliant with federal and corporate regulations, business leaders must ensure they can capture, preserve, and manage conversations on encrypted messaging platforms. Unfortunately, this process has been notoriously difficult in the past, to the point where many enterprise companies have prohibited using such tools.
However, simply telling employees not to use particular tools for communication doesn’t necessarily mean you eliminate all risks. More often than not, prohibiting useful tools will likely lead to frustration among teams and “compliance gaps” in the workplace.
Why Ignoring Messaging Doesn’t Work
Compliance gaps are commonly created by “Shadow IT” communication practices, which occur when employees violate written security policies to work more efficiently. Unfortunately, these issues are more common than most businesses realise.
In 2022, news reports revealed that several banking giants were facing more than $1 billion in regulatory fines due to their employees using unapproved messaging tools, such as WhatsApp. The reason for these fines wasn’t that team members were using a different method of communication than calling or texting but that the companies weren’t tracking and recording these conversations.
Failing to recognise and respond to the demand for encrypted messaging in the communication environment also means companies neglect to implement proper compliance practices. If you don’t know your employees are using WhatsApp to check in with customers, you don’t have a way of tracking and managing those conversations.
For instance, in one case, a broker-dealer firm received a $50,000 fine after failing to review and retain WhatsApp messages related to the business. The WSPs established by the company prohibited the use of business instant messaging, which meant they failed to keep any records. However, if the brand had granted access to encrypted messaging tools, it would have been able to implement strategies for compliant conversation management.
How to Leverage Encrypted Messaging Correctly
Evidence shows that prohibiting encrypted messaging or instant messaging practices in a regulated environment is rarely enough to eliminate risk. The safer option is for business leaders to evaluate the tools consumers and employees prefer to use in their environment and implement the right policies accordingly.
Implementing a data collection and management process for WhatsApp messaging in the past may have been notoriously tricky. However, this is no longer the case. In June 2022, Smarsh, a leader in compliant communications tools, introduced a new solution specifically to address the evolving communication space. The company announced new tools for conveniently capturing and archiving content and contextual information from tools like WhatsApp and WeChat.
Shaun Hurst, Principal Regulatory Advisor for EMEA, Smarsh:
“Applications like WhatsApp and WeChat present unique challenges for regulated Financial Services organisations, and recent headlines unfortunately prove this. To avoid reputational risk and fines, regulated firms are now turning to trusted technology to compliantly capture and store sensitive data that provides a robust solution for encrypted messaging applications.”
Using the Smarsh Enterprise Archive solution, companies can now conveniently and securely collect content from WhatsApp, and WeChat, alongside over 100 other communication formats. The end-to-end solution means businesses can leverage:
- Content governance: With tools like the Smarsh Platform, companies can collect, index, and retain WhatsApp and similar content in a global archive. This content maintains its context and exists in a search-ready state ideal for auditing and regulatory purposes.
- Granular supervision: Rather than turning a blind eye to growing compliance gaps, companies using Smarsh solutions can take control of every conversational landscape. It’s even possible to apply granular policies to WhatsApp content and inspect data to reduce the risk of data leakage and other common problems.
- Automated archiving: Managing various communication platforms in today’s evolving world may sound complex, but it doesn’t have to be. With Smarsh, WhatsApp content can be archived in the cloud or sent to an external location, with single search functionality to make surfacing critical information more straightforward.
- Exceptional security: With a complete eDiscovery and compliance system, companies can implement end-to-end security standards for peace of mind. Whether data is in transit or at rest in the Smarsh ecosystem, it remains safe.
The Future of Encrypted Messaging
Ultimately, it’s impossible to ignore the rising demand for encrypted messaging and new communication tools in the digital landscape. The good news is companies don’t have to see this evolution as a threat to their compliance.
Implementing the right technologies, policies, and strategies ensures organisations can leverage all the benefits of messaging tools for boosting productivity and engagement without compromising security.
