What to Learn from the JPMorgan WhatsApp Fines
The SEC and the CTFC fined JP Morgan a total of $200 million for alleged misuse of messaging apps. In particular, the company’s employees seem to have used WhatsApp and other texting services to communicate about the company’s business.
Other firms are currently being investigated by the SEC for similar violations. Could your firm be next? What can your business put in place to make your communications more secure and fully compliant?
Four Key Learning Points for Your Business
No one rejoices when overseers hand out fines and businesses settle for huge sums of money. However, there are lessons to be learned here that could save your business from being the next recipient of a massive penalty.
Let’s cover four key lessons every business should learn from J. P. Morgan’s misfortune.
Poor UI and UX Lead to Low Adoption of Approved Messaging Apps
J.P. Morgan had the right policies in place. If their employees had followed company policies, then these penalties would never have been issued.
In fact, J.P. Morgan’s policies actually named WhatsApp as a prohibited communications app.
Despite the company having the correct policy, employees and executives used non-compliant apps to send messages.
There are, broadly speaking, two reasons for this non-compliance:
- Covering criminal behavior
- Choosing convenience over compliance
Giving J.P. Morgan and its employees the benefit of the doubt, it is safe to assume the people were not criminals or engaged in illicit activity.
Instead, they were probably just trying to fire off a quick message to their coworker, boss, or key client while on the move or in a hurry.
Here is where User Experience (UX) and User Interface (UI) become so important. Poor UI and UX lead to non-conformity and non-compliance.
Let’s lay out a couple of quick examples:
- A desk trader needs to notify his team of a change in market conditions, but he is on the train headed home for the day. His company’s intranet system requires him to log into a secure portal, locate his team’s channel, find the right conversation, and post his message. WhatsApp requires him to open the app, find the channel and send the message. He opts for the easier experience.
- A department head wants to develop constant feedback from her team to improve performance. The company’s email policy means she has to send a message to her whole team and then read replies in multiple email messages and collate the responses. WhatsApp lets her open a group, message everyone at once, and see all the feedback immediately. She chooses the easier interface.
Does your business messaging app or system have a good UI and produce a good UX for your employees? If it is failing in either category, your business could be increasing the chances of non-compliance.
Business Happens Everywhere, So Mobile Apps are Necessary
Directly connected to UI and UX are the portability and mobile usability of business messaging. Employees and executives alike are working remotely, doing more hybrid work, and adjusting to the reality of a distributed workforce. Business messaging and intranet apps that are not designed for mobile use and portability are simply not fit for purpose.
Common problems with software not designed for mobile use include:
- Poorly designed navigation translates badly to mobile devices. Using an inefficient app repeatedly causes frustration to build up in users. Frustrated users turn to non-compliant apps.
- Apps not designed for mobile use frequently encounter resizing issues. Text and images do not display correctly, leading to a poor user experience.
- Some apps lose functionality when the user connects via a mobile device. Key features, such as message search and video conferencing may be missing on the mobile version of software.
In the post-Covid world, business communications need to be available anytime, anywhere. The same problems caused by poor mobile app design become goals for a properly designed app.
Here are these key requirements of a business messaging app:
- Navigation must be clear, efficient, and intuitive for the user.
- Images, videos, and text should always resize correctly for the context.
- Key features of the company’s messaging system should translate into the mobile app.
Apps that achieve these requirements have a much higher chance of user adoption. Greater voluntary adoption means less friction during implementation, fewer compliance issues, and a greater level of security for the business.
Centralized Record Keeping is a Requirement for Compliance
One of the dangers of employees using a diverse group of apps for messaging is the inability to keep correct records.
Some industries, such as the investment and finance sector J.P. Morgan operates in, require all written records to be kept for a minimum number of years. Text messages, instant messages, and email are all forms of written records.
A text sent from one employee to another person, inside or outside the company, may never pass through the company’s data systems. Thus, the company has no ability to record that message. The company is already failing in its statutory obligations.
If the employee leaves the company, loses their phone, or upgrades to the next generation of smartphones, then messages could be lost along with the device.
This isn’t theoretical. Here is an excerpt from the SEC’s judgment of J.P. Morgan:
“Later, JPMorgan informed the staff that certain text messages received or sent through unapproved communications methods on the personal devices of relevant individuals had been deleted and were unrecoverable. The deleted and unrecoverable text messages included messages from the relevant timeframe and messages between multiple potentially relevant custodians.”
The solution is a business messaging solution that is adopted by all employees at every level and stores comms data where the company can access it when it is required.
Permanent Secrecy is Impossible, So Compliance is Preferrable
J.P. Morgan did not intend to violate any regulations. Their policies should have prevented the exact violations they were fined for breaking. Yet the true practice of their employees and executives came to light.
For every company, the rise of the quantity of data and the loss of secrecy are a reality. More and more data is being collected and stored on company servers and in the cloud. Using instant messages and other forms of personal communication makes the likelihood of the discovery of malpractice much higher.
The alternative to any attempt at secrecy is compliance. Compliance has specific benefits:
- Software designed for secure business communications is much more cost-effective than waiting for the eventual fines when any malpractice is discovered.
- Specialist software also provides the admin tools necessary to oversee use of proper channels of communication. One of the exacerbating conditions for J.P. Morgan was the lack of accountability. Proper software provides the functions that allow oversight to happen.
- A business instant messaging app engineered for secure communication can also feature a full-featured user interface to assist with adoption. An improved user experience will lead to higher levels of use, thus avoiding the unauthorized use of communications channels that plagued J.P. Morgan.
The alternative to compliance is non-compliance. There is no more room for partial compliance because the free flow of information makes hiding malpractice too difficult.
How Messagenius Could Protect Your Company from the Next Big Fine
Messagenius is a secure business communication app designed for security and compliance from the beginning. The advantages of Messagenius for businesses are important for creating and managing compliance for businesses of every size.
Here are ways Messagenius could help your business avoid the next fine.
Messagenius has a Simple, Clean UI
Employees, executives, and people all over the world know what a chat app should look and feel like. They have used WhatsApp, Messenger, and SnapChat. Trying to force them to use an app with a clunky or difficult user interface will be difficult.
Messagenius offers a clean user interface that looks like a “normal” chat app. This keeps the learning curve very gentle and helps users adopt the app as their preferred communication tool.
Messagenius Works Great on Mobile Devices
When your employees leave the office, they can take Messagenius with them. The software transitions from desktop to mobile seamlessly. Chats are organized into channels and grouped in the way people are used to chatting.
There are no resizing issues with Messagenius. Chats, documents, and images can flow from the office environment to a mobile device without loss of function.
In addition to resizing issues, some software loses key functions on mobile devices. Messagenius preserves all its functions when it moves from the desktop to mobile environment.
Messagenius Provides the Admin Tools to Oversee Compliance
Messagenius comes with supervisor dashboards to oversee the use of the software. From these dashboards, an admin with oversight can view the app’s usage by user, see the interactions between users, and maintain sight of adoption across the organization.
Without these tools, administrators are simply operating without the information necessary to oversee compliance. Thankfully, Messagenius gives admins a clear view of the system-wide use of the software.
Messagenius Is a Scalable Solution for Enterprise Compliance
Implementing a company-wide communications platform can be costly. Some businesses experience ‘sticker shock,’ or the surprise at the cost of a purchase. Yet the fines levied by the SEC and the CTFC produce a much higher level of shock.
Messagenius is a fully scalable solution. The pricing per user is competitive with other tools in the market. More importantly, the cost of non-compliance far exceeds the cost of a specialized and powerful tool such as Messagenius.
The fines levied against J.P. Morgan are a harbinger of things to come. Data flows freely, even when businesses write their policies correctly. Without a dedicated business communication app, your business might be vulnerable to a fine for non-compliance. The business response to this should be learning these key points and implementing a secure, compliant chat app.