The UK’s Financial Conduct Authority (FCA) imposed a record-breaking £176 million in fines during 2024, a 230% increase from 2023, and the US Securities and Exchange Commission (SEC) last year hit more than two dozen firms with a combined $392.75 million in fines over failures to maintain and preserve electronic communications.
Such developments highlight how regulatory scrutiny is intensifying for financial organizations falling foul of the rules.
With these headline-grabbing cases making top news in the financial press, including the Financial Times, many smaller financial firms may assume these fines only target the big players in the industry.
Yet examining the fines imposed, many companies penalized have as few as 50 employees. Although modest in size, that has not spared them penalties reaching into the millions. For a small financial organization or independent financial adviser, such sums could force them to cease operations.
Despite such existential risks, many firms still run the risk of being caught out. But how does this risk manifest? How does it break regulations, and why hasn’t the industry found better ways to stay compliant?
Compliance, Communication and Record Keeping
In the UK, EU and US, various regulations require financial services firms to capture and record communications related to financial transactions.
In the UK, SYSC 10A of the FCA’s rulebook mandates that firms must record and retain communications involving arranging financial transactions, including telephone conversations and electronic communications.
This UK rule aligns with the EU’s Markets in Financial Instruments Directive II (MiFID II), requiring the recording and retention of financial services related communications.
In the US, a collection of regulations and federal laws enforced by the SEC and the Commodity Futures Trading Commission (CFTC) impose the exact basic requirement, that financial transaction communications must be retained.
Recent fines have resulted from companies using communication methods to conduct business outside the scope of the call recording systems that these firms already use to capture and archive calls from desk phones.
So this might involve an employee using a personal mobile phone to discuss a financial transaction with a client. Or the employee might be messaging the client using an app like WhatsApp or the personal phone’s messaging app. In all these cases the communication is taking place out of the scope of the compliance and recording tools’ reach.
In today’s workplace, employees are increasingly using their personal devices for business. The use of personal devices is due to one of many factors. The first is that carrying two mobile phones is just a hassle – and sometimes the devices are left at home. Secondly, employees often decline to use the company-required UC apps on mobile phones because the call quality can be inferior, and the app is simply inconvenient to use.
Bypassing compliance systems using personal numbers to make business calls is a clear case of ‘Shadow IT’ in action.
Shadow IT communication refers to business-related conversations or messages conducted through channels not approved by an organization for official business use.
The Hurdles to Meeting Compliance
Given the severe risks, it’s surprising that these compliance gaps haven’t been addressed before. Yet examining the current ecosystem in which financial companies operate makes the challenges clearer.
Many companies, particularly in regulated industries like financial services, remain unaware of the risks associated with Shadow IT communications and the potential for non-compliance.
Even if a company recognizes the problem, Lexis Nexis reports that financial crime compliance costs have risen for 98% of EMEA financial institutions. The problem is that many firms feel they lack the budget to address communication compliance when resources are already stretched across other regulatory requirements.
Yet compliance isn’t a cafeteria; you can’t pick and choose which rules to follow.
One solution might be to ban staff from using personal phones for business communications. However, this often hinders business efficiency and proves futile as employees continue using these tools for the convenience and immediacy they provide.
Another approach involves recommending UC mobile Apps, which, if used correctly can record business calls. However, Nemertes Research showed as early as 2020 that 19 out of 20 employees don’t use their companies’ authorized mobile UC apps for voice calls.
The lack of uptake of UC apps happens because they don’t work as seamlessly as a phone’s native dialer or messaging system or provide sufficient quality in places where public Wifi or the mobile internet is poor.
The conclusion is that any effective solution must match end user behavioral preferences. That means it needs to be simple and reliable to use when making business calls away from the office.
Bridging the Compliance-Convenience Divide
Rather than fighting against employee mobile usage, several solution providers have developed approaches that help financial firms contain costs while achieving compliance.
The most effective solutions share a common principle: they actively support existing employee behavior rather than introducing dramatic workflow changes.
One way to achieve this is with eSIM technology which is integrated with the existing UC platform. The Tango Extend eSIM from Tango Networks adds a business line (effectively an endpoint) directly onto any personal mobile phone, which is entirely separate from the existing personal SIM and number already on the device. The IT manager can simply assign an existing landline business number on the UC platform to the Tango Extend eSIM. All business calls then share the same line and services as the company office number and are automatically ro
uted through the office or cloud UC phone system.
Tango Extend supports all the common UC platforms including Webex Calling and Microsoft Teams. Fixed telephony features such as Voicemail, Call Hold and presence work in the same way – and the mobile business line can even ring at the same time as the desk phone, if required. Because every call made or received by the Tango Extend eSIM transits the UC platform – all existing compliance systems, including call capture, recording, archiving and AI call analytics can be used to monitor every mobile business call.
Crucially, Tango Extend requires no specific apps for calling or texting; it works seamlessly within the phone’s native dialer and messaging interfaces. Tango Extend eliminates the user resistance that has plagued previous solutions. Contacts can be designated as personal or business within the standard contacts list, providing a one-time approach that automatically routes communications through the appropriate line for each interaction.
This seamless integration ensures that business communications are appropriately captured without requiring employees to change their communication habits and use shadow IT, addressing the core challenge that has made previous compliance solutions ineffective.
Equally, for financial services firms concerned about costs, eSIM-based approaches can achieve comprehensive mobile compliance while eliminating expensive alternative strategies like providing every employee with a company-provided smartphone.
No Firm Is Too Small to Be Fined
With the intensity of fines from both the SEC and FCA increasing yearly, the window for addressing communication compliance is narrowing.
For smaller financial services firms, these aren’t merely regulatory penalties; they can have a severe or possibly terminal business impact.
With employees destined to continue to use personal phones for business, regardless of company policies, attempting to ban mobile use or forcing unwieldy corporate apps onto staff is no longer an option.
Instead, modern compliance technology in the form of eSIMs with UC integration offers a better, fully compliant approach. It allows firms to maintain proper oversight of their employees’ mobile communications while letting employees work as natively and intuitively as possible.
Interested in unlocking the future of mobile UC? Find out more about the key trends and strategies driving mobile-first collaboration.
