Connect with us

Business

DO MESSAGING APPS PUT THE FINANCIAL SERVICES INDUSTRY AT RISK?

Ashley Friedlein, founder and CEO, Guild

 

Accelerated by the coronavirus pandemic, the use of messaging apps for professional communications has skyrocketed in recent months. Messaging apps have provided a lifeline to organisations, enabling them to support a remote workforce. However, consumer messaging apps have also seen an increase in adoption, and many will be using them for business, as well as personal use.

When using messaging apps in highly-regulated environments, organisations need to be aware of compliance issues in a financial regulatory capacity, while also adhering to laws relating to security, transparency, and data privacy, such as the General Data Protection Regulation (GDPR).

Not doing so puts banks and other regulated entities within financial services at risk of non-compliance, which can result in serious penalties.

In 2017, the UK’s Financial Conduct Authority (FCA) highlighted the risks of using WhatsApp. Guidance from the Securities and Exchange Commission (SEC) followed in December 2018 outlining its responsibility for monitoring electronic messaging, which included messaging apps.

Although regulators have been clear about the risks associated with using instant messaging apps, some financial firms seemingly failed to develop and implement robust guidelines around the use of these services for professional purposes.

Ashley Friedlein

Earlier this year, a senior credit trader at JP Morgan was suspended for communicating with colleagues via WhatsApp, with Jefferies, KPMG, and VTB Capital also finding themselves subject to investigations after employees were found to be using messaging apps as unofficial channels for communication.

Deutsche Bank took steps to ban all text messaging and communication apps to improve its compliance standards, with many others, including HSBC, Citi, and Wells Fargo following suit to move to a secure communications platform. However, while the financial industry is taking steps to prevent the usage of consumer messaging apps, some firms are failing despite the implications of not having a robust policy around the tools used to communicate within a bank or other regulated entity.

 

Data privacy and security

Data privacy laws such as the GDPR and CCPA make the use of consumer messaging apps in the workplace challenging for IT, HR, corporate governance and compliance teams. The financial and reputational cost of misuse in these ‘shadow communications’ channels can be significant.

WhatsApp, one of the most widely used consumer messaging apps, can result in organisations using the platform being non-compliant with the GDPR privacy regulation due to:

  • Lack of explicit consent – anyone can be added to a WhatsApp group without explicit consent. WhatsApp has added functionality to prevent specific users from doing this, but this is not enabled by default. Contacts can also upload data to WhatsApp/Facebook if they give access to their contacts/address book, even though those contacts have not given consent.
  • Lack of ability to delete information – after a certain time, content posted to WhatsApp cannot be removed.
  • Lack of ability to get your own data back (SAR – Subject Access Request) – WhatsApp cannot provide an individual with messages they have posted, only profile info.
  • Data being transferred outside the EU – it is not very clear where exactly WhatsApp/Facebook moves the data it collects.

The use of WhatsApp for business purposes potentially breaches GDPR in several ways.

Companies do not even know what groups exist in consumer messaging apps, let alone who is in them, or whether former employees or contractors may still have access, increasing the risk of data breaches and leakage of confidential information.

 

A lack of oversight and transparency
Consumer messaging apps like WhatsApp, Signal and Telegram have provided unofficial communication channels that are difficult to monitor, resulting in a total lack of visibility for employers and regulators alike.

Access to these unofficial communication channels presents a serious risk by creating opportunities for employees to take advantage of situations This includes conducting business under the radar in a way that benefits them, or their clients in a manner that is immoral, or even illegal. In some cases, sharing information about clients without intending to cause harm can still result in serious consequences.

Firms have a legal obligation to keep a record of conversations between themselves and their employees, clients, or stakeholders. If legal challenges arise, it may be necessary to provide a record of these conversations. Many consumer messaging apps store data locally rather than centrally in the cloud, making it more difficult to provide a complete record of conversations.

In addition, there are also legal obligations and a duty of care to protect employees and ensure adequate levels of oversight, governance and control. This includes protecting them from bullying, harassment, or inappropriate behaviours in the workplace. The lack of visibility and transparency around consumer messaging apps, including the ability to delete messages, makes it more difficult for HR departments and legal teams to address issues promptly, while inhibiting their ability to collect evidence.

Terms of service

WhatsApp is used by over 40% of UK workers for professional purposes. This appears to violate WhatsApp’s own terms of service, as the app is not intended for business use.

WhatsApp’s terms state:

“WhatsApp is committed to using the resources at its disposal–including legal action–to prevent abuse that violates our Terms of Service, such as automated or bulk messaging, or non-personal use.

“We make no representations or warranties that our Business Services meet the needs of entities regulated by laws and regulations with heightened confidentiality requirements for personal data, such as healthcare, financial, or legal services entities.”

 

How can the financial service industry minimise risk when using messaging services?

The financial services industry requires a tailored approach to messaging in order to effectively minimise risk. Messaging apps are becoming increasingly ubiquitous, and do provide many benefits, such as increased productivity and collaboration. Excluding them from communications completely can close off channels that improve operational efficiency and build rapport between teams – something that has become even more important now that many employees are working from home.

Banks who have taken steps to ban all text messages and communication apps on work-issued devices in order to improve its compliance standards have sought alternatives, such as Symphony – a messaging service aimed at highly regulated financial firms. This enables banks to continue to communicate with clients in real time, while also maintaining thorough and rigorous standards of data security and privacy protection.

Security, transparency, and compliance are paramount in the financial services industry, yet it is easy for unregulated consumer messaging apps to go completely unnoticed. The sector must do more to acknowledge and address their use in order to adhere to these three fundamental principles.

Workplaces, working practises, and channels of communications have needed to change rapidly as a result of the COVID-19 pandemic. It’s critical that organisations address the issues and risks associated with messaging apps by implementing robust policies around workplace communication and seek out viable, compliant alternatives not only now, but as part of a long-term solution.

 

Written by Guild founder and CEO, Ashley Friedlein. Guild is a British, independent and ad-free messaging platform for professional groups, networks and communities.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

WHY AUTOMATING CAN FUTURE PROOF YOUR BUSINESS

By Ryan Demaray, Managing Director SMB EMEA at SAP Concur

 

Every business has administration duties that can be considered mundane and time consuming  but are a necessary core function of operations. Whether it’s paying suppliers on time or processing expense requests, tasks such as these are necessary for the day-to-day running of a business – however it’s safe to say that these tasks are never ranked as the most engaging or rewarding by your employees.

With a UK recession on the horizon, finance teams are under pressure to not only control costs but provide guidance to the business on where savings can be made. This will only happen if your employees are able to focus on tasks that not just keep a business running but allow them to add further strategic value.

Automating the invoice function is just one step towards giving your finance team back valuable time, not only creating a more efficient and productive workplace, but a positive employee experience that supports growth and stability across your business.

 

The gateway to better efficiency 

From receiving the invoice, inputting data, chasing approvals and moving it down the chain of command, research shows that it can take an average of 17 business days to manually process an invoice. For SMBs with a finance team of approx. eight people, implementing an invoice management solution can save on average 69 hours per week.

By allowing the technology to do the heavy lifting, your finance team can use the time to focus on more strategic elements of the business. This includes providing them a moment to take a step back and holistically look at the spending trends and costs across your business. By doing so, they can often pinpoint spend patterns, but also identify cost reducing opportunities, providing visibility and guidance to help positively impact the bottom line in the short and long-term.

 

Enabling growth and accuracy

As your business grows the number of vendors and suppliers you use often increases in parallel. This growth in external stakeholders can cause challenges and maintaining consistent and timely payment of invoices to suppliers is crucial. The Federation of Small Business estimates that late payments contribute to 50,000 insolvencies annually, costing the UK economy £2.5bn. The UK government recognised this and in 2019 implemented a prompt payment initiative, aimed at helping small suppliers get paid on time by enterprises, with the potentially penalty of not awarding government tenders to those who do not adhere to the prompt payment practice.

In addition to this, inhibiting the lack of cashflow to small business through late or unpaid invoices can have more than just a monetary impact. With poor invoice payment practices, your business reputation is likely to suffer damage, which in turn carries consequences across with future suppliers, as well as customers.

Through invoice automation, you are able to streamline your finance and accounting processing by making sure that payments are processed in time, resulting in avoidance of payment delays, calls from suppliers querying about invoice payment timescales and vital staff time responding to these.

 

Supporting employee engagement

Employees’ experiences affect their work outcomes and carry the benefits of high engagement, increased productivity, and a lower staff turnover. Creating a better employee experience is a challenge faced by many SMBs, but once cracked can provide benefits across your business.

More than just providing a workplace environment and culture, businesses with motivated employees can find recruitment and onboarding costs reducing, with retention rates increasing.

But it’s not only the employee that benefits from a better experience – your customers do as well. With many often on the frontline of customer interaction, it’s difficult to keep customers happy if your staff member is disengaged. By employing tools that allow the automation of mundane and repetitive tasks, employees can focus on aspects of work which they care about most.

 

Future proofing for tomorrow

Digital transformation is here and for SMBs employing an automated invoice solution, is a positive step in becoming a business that is ready for scale and growth. Not only will it help benefit your bottom line, it will create positive staff experiences and efficiencies, that help truly optimise your business – now and in the future.

 

Continue Reading

Business

COULD GRAPH TECHNOLOGY BE A POWERFUL WEAPON AGAINST CORONAVIRUS FRAUD?

Crisis funds and loans put in place to help support businesses during the health emergency have become a prime target for cybercriminals. Neo4j’s Amy Hodler examines how graph technology could be a powerful weapon against these scams

 

Fraudsters will use any opportunity to siphon off funds illicitly, and the pandemic is proving no exception. With coronavirus moving rapidly across the world and locking down countries in its wake, cybercriminals have been quick to launch sophisticated methods to callously exploit the situation.

Cybercriminals have been fast to impersonate trusted organisations such as the World Health Organisation, which has itself seen a five-fold increase in cyberattacks since the start of the crisis.

The pandemic is opening the doors for fraudsters who are taking advantage of changes in normal business processes, controls and working conditions to carry out fraudulent activities. Security controls, for example, are often not as strong as normal due to the speed aid is required and the fact that many people are teleworking.

Amy Hodler

Cybercriminals are using fake or stolen identities to draw down governmental emergency funds. In France, for example, the Paris Prosecutor’s Office has launched an investigation into massive fraud of the country’s temporary unemployment scheme where fraudsters have drained €1.7 million. It is investigating potential international links to the fraud.

In a statement Paris Prosecutor Remy Heitz said that more than 1,740 fraudulent operations were discovered across the country on behalf of 1,069 different businesses asking for wire transfers to over 170 different bank accounts.

 

Can financial services’ practices help?

Aid departments and organisations should look to the mature practices of the financial services industry for a lead in combating fraud. Here firms repeatedly and meticulously check and compare transactional data to look for suspicious behaviour that may indicate an attack.

Like applications for financial aid for the impact of the coronavirus, malevolent actors look to defraud financial institutions using false identities when creating accounts and putting together loan applications. Personal data such as addresses, telephone numbers and emails are cleverly assembled to model assumed and phony identities.

 

A need for a different approach

One of the main reasons traditional approaches fall short is that most fraud detection systems are based on a relational database model where data is stored in predefined tables and columns. With large, unstructured data sets, relational databases swiftly reach their limits; queries turn out to be far too complex and response times lag. Banks and government authorities need the ability to follow a trail from one account to another, viewing a fraud network as a whole complete entity to work out how activities are linked.

Unlike relational databases, graph database technology not only represents individual items of data such as person, account number, home address, but also their relationships with one another such as how they are related. Any number of qualitative or quantitative properties can be assigned, showing complex relationships in an easy to understand way.

One of the best graph algorithms for fighting coronavirus cybercriminals is ‘PageRank’, which finds important nodes (objects) based on their relationships and interprets them using visualisation tools. For fraud detection in banking, the algorithm identifies important or influential customers who are featured in a large number of financial transactions. Nodes with a high PageRank Score can be illustrated using a visualisation tool so that they appear larger in the view and can be immediately picked up.

Another key algorithm is ‘Weakly Connected Components’, which works to reveal the hidden networks that form a fraud ring based on common identity features such as multiple applicants all residing at the same address. These hidden connections provide invaluable information when hunting down fraud.

 

Uncovering fraud rings with incredible accuracy

 Cybercriminals are continually developing attack methods, sharing infrastructures to maximise their opportunities for success. Graph technology has the capacity to help stop advanced fraud scenarios in real time.

Graph databases can help future proof an organisation’s fraud prevention initiatives by enhancing insight based on data relationships and building connected intelligence.

 

The author is Director, Analytics and AI Program at Neo4j, the world’s leading graph database company, and co-author of Graph Algorithms: Practical Examples in Apache Spark & Neo4j, published by O’Reilly Media

Continue Reading

Magazine

Partner Events

Trending

Business1 day ago

WHY AUTOMATING CAN FUTURE PROOF YOUR BUSINESS

By Ryan Demaray, Managing Director SMB EMEA at SAP Concur   Every business has administration duties that can be considered...

News1 day ago

VIBEPAY SETS SIGHTS ON GROWTH WITH INTEGRATION OF MORE UK BANKS AND NEW BUSINESS ACCOUNTS

VibePay is continuing on its ambitious path of growth, with the integration of more UK banks and payment providers via...

Banking1 day ago

HOW BANKING IS USING AI TO PROCESS CUSTOMER FEEDBACK

By Dan Somers, CEO of Warwick Analytics   More banks are turning to practical AI to rapidly analyse customer conversations...

News1 day ago

BOARD REPORT HIGHLIGHTS COMPLEX DECISION-MAKING PROCESS ACROSS BANKING AND FINANCE SECTOR

‘The State Of Decision-Making’ report from Board, reveals business decisions made in silos without modern planning tools A third (33%)...

Business1 day ago

COULD GRAPH TECHNOLOGY BE A POWERFUL WEAPON AGAINST CORONAVIRUS FRAUD?

Crisis funds and loans put in place to help support businesses during the health emergency have become a prime target...

News1 day ago

THOUGHT MACHINE JOINS THE BANKING INDUSTRY ARCHITECTURE NETWORK (BIAN)

Thought Machine, the cloud native core banking technology firm which builds Vault, today announces it has joined the Banking Industry Architecture...

Wealth Management4 days ago

DON’T RISK IT ALL WITH NON-COMPLIANCE

By Paul Sleath, CEO at PEO Worldwide   Did you know non-compliance costs more than twice the cost of maintaining or...

News5 days ago

BANKIA TRANSFORMS THE CUSTOMER AND EMPLOYEE EXPERIENCE WITH BIANKA BY IPSOFT

Developed with cognitive artificial intelligence, IPsoft’s conversational agent can carry out transactional tasks, perform different roles in customer service and...

Finance5 days ago

FIDUCIARY MANAGEMENT

by Devan Nathwani, FIA and Investment Strategist at Secor Asset Management   Defined Benefit pension schemes are one of the most significant institutional...

Business5 days ago

TOUCH-FREE AUTHENTICATION FOR ALL: WHY WE NEED A SAFER PAYMENT METHOD IN THE ‘NEW NORMAL’

David Orme, SVP, Sales & Marketing, IDEX Biometrics ASA   Ever since March, when the World Health Organization encouraged people to...

Banking5 days ago

WHY BANKS NEED TO EMBRACE OPEN SOURCE COMMUNITIES

Nikolai Stankau, Director Business Development, EMEA Financial Services at Red Hat, the world’s largest enterprise open source solutions provider.  ...

FINANCIAL MARKET FINANCIAL MARKET
Wealth Management5 days ago

FOR PE TO SNAP UP “GOOD” COMPANIES, THEY MAY NEED TO WADE INTO “BAD” ECONOMIES

By  Martin Soderberg, Partner at SPEAR Capital   There’s no shortage of global challenges for investors currently, especially for those...

Business6 days ago

THE BASICS OF BUSINESS FINANCE

When you’re starting your business, you’ve got a lot to be thinking about. You need to find affordable suppliers, market...

Business6 days ago

HOW THE IMPORTANCE OF E-COMMERCE PLATFORMS GREW DURING THE PANDEMIC

Never in history has the world relied more on the internet than during this Covid-19 pandemic. With governments imposing lockdowns...

Business6 days ago

UNBANKED AND UNCONNECTED: SUPPORTING FINANCIAL INCLUSION BEYOND DIGITAL

Darren Capehorn, Director, Icon Solutions   Many of us take it for granted, but accessing basic financial services is fundamental...

Banking1 week ago

MORE THAN REGULATION – HOW PSD2 WILL BE A KEY DRIVING FORCE FOR AN OPEN BANKING FUTURE

Ralf Ohlhausen, Executive Advisor, at PPRO   Whilst initially seen as simply a regulation exercise, the second Payment Service Directive,...

Top 101 week ago

TIME TO THINK OUTSIDE OF THE BLACK BOX

Mike Brockman, CEO, ThingCo   If you have the unbridled joy of parenting a teenager you’ll probably know what telematics...

Banking1 week ago

BANKING’S SECOND WAVE OF TRANSFORMATION: INTEGRATING THE CLOUD-ENABLED FUTURE BANK

Keith Pearson, Head of Financial Services EMEA, ServiceNow   The last six months have seen significant changes to the financial services landscape, with operational resilience, economic recovery, cost reduction and an...

News1 week ago

RISK AND INVESTMENT SPECIALIST, CARDANO, TAKES TO DOCUMENT AND EMAIL MANAGEMENT IN THE CLOUD WITH ASCERTUS AS IMPLEMENTATION PARTNER

Ascertus also providing document comparison tool, compareDocs    Cardano, a privately-owned, purpose-built risk and investment specialist, has chosen Ascertus Limited as its implementation...

Wealth Management2 weeks ago

HOW SALARY SLIPS HELP YOU UNDERSTAND TAX DEDUCTIONS ON YOUR SALARY

A salary slip is defined as a document that is provided by your employer which contains the breakdown of your...

Trending