From personal to business
It is important to recognize that WhatsApp is always connected to a phone number , so it is vital for an organization to take steps to ensure that employees are registered under the organization ’ s WhatsApp Business Accounts ( WABAs ) and not independently . This will help the organization certify that its employees ’ messaging is clearly issued by the regulated entity for business purposes and removes any concept of personal WhatsApp usage .
Having control over an organization ’ s WABAs and the management of each phone number is essential for compliance purposes , as well as for ownership of the relationships . But WhatsApp ’ s service model is not designed to support the federated model that many financial firms require , and certainly not at scale , such as managing tens of thousands of WABAs .
In the short term , financial firms must consider employing a compliant third-party solution , or business service provider , which helps organizations keep track of the users and their respective phone numbers in the business account . The third-party solution is capable of managing WABAs via an application programming interface ( API ), sending and receiving messages on their behalf , thus increasing the control that an organization has over the numbers in use . In addition , using a third-party solution offers a costefficient solution to expensive regulatory fines , not to mention the attached reputational damage and the high cost of remediation , should a regulatory fine be imposed for account misuse .
Seizing opportunities
Organizations should look beyond compliance when considering their use of WhatsApp and recognize the other significant opportunities of using WhatsApp for business communications . While most firms are focused on archiving their WhatsApp messages , there are also benefits of using a compliant and corporate-branded WABA — managed by a business service provider via an underlying API — to market their offerings more efficiently .
Essentially , as long as there are General Data Protection Regulation-compliant controls in place for email communications , organizations can now market to their entire WhatsApp community in an approved and consistent way . Furthermore , firms can enable their employees to be represented by the business name , line of business , and a description of their business account that certifies that the person is who they say they are and that the organization is authentic and verified through third-party solutions ( which can come in the form of a green check mark on the contact ’ s profile or account ). However , there is always the challenge of verifying your counterparty . Unless the counterparty also has a green check mark and company name in the profile , the third-party solution and you cannot visually confirm that they are reputable unless you can confirm that the number used corresponds with the correct contact . In instances of incoming messages , the best practice is to ensure that employees are familiar with the number they are messaging , and if they are not , to treat it carefully .
Changing habits
According to the U . S . Securities and Exchange Commission ( SEC ), the firms involved in last year ’ s actions and the size of the penalties “ underscore the importance of record-keeping requirements : they ’ re sacrosanct .” 3
Unfortunately , many have not fully thought through the consequences of not complying with these requirements . Many more will argue that it is difficult to change employee habits . Even those who — prior to the pandemic — may have had the right discipline around this issue may have found themselves distracted to some degree by the fact that everyone now uses their personal phone for work communications .
But the fines handed down to JPMorgan Securities and the 16 other financial firms serve as a stark warning . The regulators are signaling zero tolerance on record keeping and the use of WhatsApp and social messaging in particular . It is time to retrain and develop new communication habits and discipline . Carefully segregating the personal and corporate world is the most effective place to start .
Alex Viall , director of regulatory intelligence , Global Relay , London , U . K .,
1
“ JPMorgan Admits to Widespread Recordkeeping Failures and Agrees to Pay $ 125 Million Penalty to Resolve SEC Charges ,” U . S . Securities and Exchange Commission , December 17 , 2021 , https :// www . sec . gov / news / pressrelease / 2021-262 ; “ CFTC Orders J . P . Morgan to Pay $ 850,000 for Swap Reporting Failures ,” Commodity Futures Trading Commission , July 5 , 2022 , https :// www . cftc . gov / PressRoom / PressReleases / 8553-22
2
“ SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures ,” U . S . Securities and Exchange Commission , September 27 , 2022 , https :// www . sec . gov / news / press-release / 2022-174
3
Ibid .
ACAMS Today June – August 2023 35