After being fined more than $200 million last year for similar violations, Morgan Stanley has begun penalizing employees for using personal messaging apps for company business. But at least one expert said banning the tools won't work long term. Credit: WhatsApp Investment banking firm Morgan Stanley has punished some of its employees with fines that topped more than $1 million for breaching compliance rules by using WhatsApp and iMessage for business communications. The fines were levied by docking previous bonuses or future pay, according to a report in the Financial Times. While the fines might seem steep, Morgan Stanley itself has had to pay millions of dollars in fines for previous SEC violations related to the use of consumer messaging apps for business purposes. Last September, the US Securities and Exchange Commission (SEC) fined big-name banks and brokerages a collective $1.8 billion over workers’ use of private texting apps to discuss work and for not always saving those messages. The fines include $1.1 billion assessed by the SEC and a $710 million fine from the Commodity Futures Trading Commission (CFTC). Morgan Stanley was among the more than a dozen financial services firms fined and had to pay more than $200 million. In 2020, Morgan Stanley suffered a major security breach related to two senior employees in the bank’s commodities division who were using personal messaging apps. The employees were fired. In the most recent violation of company policy against using unauthorized and unmonitored communications channels, the bank hit employees with fines that ranged from few thousand dollars to more than $1 million per person. The penalties were based on a points system that takes into account factors including the number of messages sent, the banker’s seniority, and whether they received prior warnings, said people briefed on the matter, according to reports. Morgan Stanley did not immediately respond to a request for comment by Computerworld. Shiran Weitzman, CEO of mobile risk intelligence platform provider Shield, said imposing bans on popular communications applications such as WhatsApp and iMessage is a temporary solution. Employees are eventually going to use what’s most popular and convenient. Last year’s spate of financial services fines by regulators over improper use of messaging platforms was a shot across the bow — a statement that the industry needed to clean up its act, and “put some order in the house,” Weitzman said. The problem, however, is the banking industry and other businesses with high-touch business services often see employees simply adopt the most convenient communications platforms. “The requirements for WhatsApp or iMessage are similar as for any communication channel a bank is using — email, Slack, Microsoft Teams, Zoom, whatever. Anyone communicating on behalf of the bank…needs to be monitored,” Weitzman said. “With today’s technologies, it’s doable. Why they haven’t done it, that’s a different question. I have my guesses. “It’s not a technology play,” he continued. “It’s very hard for them to [change]. They’re large organizations and every time they need to apply some new technology or requirement, they need to do it on a global level.” During the pandemic, bankers forced to work remotely became comfortable using popular consumer messaging platforms because their clients were also using them. They were simply more convenient and at the time financial services companies relaxed their oversight of mobile communications services. Weitzman said banks need to focus on enabling the best tools with security and monitoring software, which uses APIs to track communications and flag suspicious communications while still keeping conversations private. Though possible, banning employees from using the latest communications technologies is not conducive to good business. “WhatsApp and iMessage, that’s forward thinking,” Weitzman said. “You need to be able to capture the message. And, the employee needs to fully acknowledge this is happening and give their consent. But I believe it will take time for this message to come down to [financial services firms], and I’m afraid there will be additional fines before it does.” Related content feature How to set – and achieve – DEI goals in IT Company-wide diversity, equity, and inclusion goals aren’t enough. IT leaders need to set concrete, measurable DEI goals for their tech workforce — and then meet those goals. Here’s how. By Linda Rosencrance May 09, 2024 10 mins Diversity and Inclusion IT Leadership IT Management news Microsoft once again under fire over cloud software licensing Spanish startups are the latest to accuse the company of anti-competitive practices. By John Leyden May 09, 2024 4 mins Regulation Microsoft Azure Microsoft 365 news Businesses lack AI strategy despite employee interest — Microsoft survey Microsoft’s fourth annual Work Trend Index survey shows that workers are coming to grips with generative AI tools, but leaders aren’t convinced they have a proper deployment strategy in place. By Matthew Finnegan May 08, 2024 6 mins Microsoft Generative AI IT Skills news analysis Apple Silicon sets scene for a new AI ecosystem With its new iPads, Apple presses home the message that Apple Silicon is built for AI. By Jonny Evans May 08, 2024 12 mins Apple Generative AI iPad Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe