Text messages have to be turned over for those pesky subpoena's. Can't be leaving evidence laying around.
this post was submitted on 19 Oct 2023
112 points (95.2% liked)
Technology
58150 readers
4332 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
The issue is the opposite, because people use non official communication channels it's hard for regulators to get the information they need, and it can be taken as the bank hiding things, which leads to fines. It's in the article:
This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.
"Banks use a wide range of approved channels to communicate in compliance with regulatory obligations,” a spokesperson for the bank told Bloomberg. “HSBC, like many other banks, reviews and adjusts functionality on its corporate devices as needed.”
What about chat in games? IRC? Conversation had by making comments on Lenny posts? Jerry, we can't go with the suggestion Ann just made because we'll look really stupid.
Delay this until Q1 2024
That’s one way to stop the scourge of SMS based 2FA.
App based 2FA is even worse. Sure it's more secure but the likelihood of losing account access is much higher.
And don't talk about saving recovery codes. Security has to be practical and easy.
The UX of manual 2FA is a problem. Copying numbers with a time limit is just a crappy experience.
Account recovery is a hard problem, but thankfully it’s usually not an all or nothing deal, and it has been getting a lot better. I know Apple has a complex recovery flow that terminates at an actual human.
This is in the same vein as the secret service text message debacle after the Jan6th stuff.
I think you'll see this more and more as companies and government agencies try to reconcile regulations, cyber security controls, and business needs. Obviously there is a need for employees to communicate. There are laws surrounding record retention. And there are laws and needs for security controls to lock down phones, wipe data, etc.
Those three things don't always align with each other and if your employees pick a different channel to communicate they you can't control, then that's a huge problem from a regulation and even a security perspective.
That said, locking down work phones is only going to push people to their personal devices and that creates way more issues overall.
People are completely missing the point here.
The banks are required to record all of the communications made by a large proportion of their staff. Probably they haven't found a way to do that for WhatsApp or text, so those are not approved communications channels. If they aren't approved, then why would they be on a work phone?
Of course the staff can break whatever rules they want, but they will be breaking rules. The banks make sure their staff know that, and as long as they've done all they can to stop it then what else can they do? There are always people who break the rules, and those who break the rules get punished when they're caught.
If only I’d thought of that for my company phone! Then I wouldn’t be receiving all these spam and phishing messages!
This is the best summary I could come up with:
Personal devices won’t be impacted by the policy, and a select few employees who have regulated roles in the firm will still be able to send and receive messages, the outlet reported.
This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.
Sixteen Wall Street giants including UBS and Barclays were collectively fined $1.8 billion by the SEC last September for employees’ use of personal devices and unauthorized apps for communication regarding business transactions.
As the use of private messaging platforms has proliferated in the business world, regulatory scrutiny over their use has intensified in recent times and spread beyond Wall Street.
Private equity firms including Carlyle Group and Blackstone are also being investigated for discussing business matters on apps like WhatsApp and Signal.
Reports suggest that a number of banks globally have suspended the use of encrypted apps like WhatsApp for work purposes following probes into its violation of regulatory rules.
The original article contains 457 words, the summary contains 171 words. Saved 63%. I'm a bot and I'm open source!
People will resort to slack or teams or whatever and the problem will persist.
If those are communication apps supported by the bank, that's the idea. Banks have been hit with huge fines for employees communicating over unapproved channels.
One of the problems with the unapproved channels is that the bank can't enforce a retention period. So written messages that are supposed to be kept on record for 10 years or whatever can get deleted. In the event of a lawsuit the bank can be fined for not having the messages.
I understand what they think will happen. But that doesn't necessarily mean they'll be using the banks approved channels etc. You can set up your own private channel in teams and in slack. If people want to communicate without having that info tracked by the bank or company or agency they work for they literally will use another service. Doesn't even have to be teams or an approved one. This article talks about texts and SMS. But WhatsApp and signal and even discord exist (banning one but not the others is playing whack a mole). This seems like the companies trying to keep up with the times without a real plan that considers alternatives.
It's just on work phones, they can do what they like on their personal phones of course. However, if they are discussing anything business related they'll be fired and could be barred from working in the industry altogether.
HSBC etc completely lock down Teams etc, there is no private anything, it's all monitored as long as its on their devices and accounts.
Traders and other front office staff will have every single phonecall, email, IM, voice chat, and video call monitored and stored for something like 7yrs.