The US Securities and Exchange Commission has blocked third-party messaging apps and texts from employees’ work mobile phones, bringing its own practices closer to the standards it’s enforcing for the industry.
The SEC’s decision to block disappearing-messaging apps will help improve record-keeping and address potential security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year.
It follows about US$3bil (RM14.3bil) in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta Platforms Inc’s WhatsApp.
The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff’s communications on agency-issued phones.
The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts “to lower risk that our systems could be compromised and to enhance recordkeeping”, an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.
Financial firms are required to monitor and save communications involving their businesses to head off improper conduct. When they don’t, agencies say it’s significantly harder to investigate wrongdoing.
The Commodity Futures Trading Commission is considering whether to follow suit, according to a person familiar with the matter. A CFTC spokesperson didn’t respond to a request for comment.
The regulatory crackdown extracted at least US$200mil (RM958mil) apiece from Wall Street giants such as Bank of America Corp, JPMorgan Chase & Co, Citigroup Inc and Goldman Sachs Group Inc, while fining many smaller players. That’s been a boon to software and compliance providers pitching solutions to capture the ephemeral communications.
But it has left members of the industry’s rank and file seething. Some firms privately reprimanded or disciplined staff who had used unauthorised platforms. In certain cases, banks cut bonuses or even terminated offenders.
Fake post
The SEC’s cybersecurity practices have come under scrutiny in recent months. In January, the regulator’s X account was compromised via a staffer’s agency-issued phone, which resulted in a fake post claiming that the watchdog had approved plans for a long-awaited spot-Bitcoin exchange-traded fund.
That inaccurate post fueled a brief surge in the price of the world’s biggest cryptocurrency. The SEC quickly regained control of the account and deleted the post. The incident underscored how even a regulator with an assertive stance on cybersecurity requirements isn’t immune. – Bloomberg