About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

WhatsApp Update Could Spell Unhappy New Year for Compliance Teams

Subscribe to our newsletter

By Oliver Blower, CEO of VoxSmart.

While many of us will be making tough lifestyle changes this January, from adopting strict fitness regimes to cutting down on calories, there are other changes afoot in the realm of WhatsApp that could impact many of us over the coming days. For regulatory compliance teams at financial institutions worldwide, these could spell an unhappy start to the new year if precautions are not taken.

Google and WhatsApp recently announced that from early 2024, chat and media backups on Android will count towards users’ Google account cloud storage limit – a reversal in policy from 2018, when backups stopped taking up Google Drive storage. This will have several concerning implications for financial institutions desperately seeking to ensure they adhere to employee communications monitoring regulations and avoid hefty WhatsApp-related penalties.

Essentially, the update means that when a user reaches their storage limit, they will be forced to free up space in their Google Drive or risk messages failing to back up. According to WhatsApp, ‘If the amount of available storage on your device reaches critically low levels, WhatsApp might not function properly. If this happens, WhatsApp might prompt you to free up space in order to continue using the app.’

The thought of employees being prompted to free up space will worry many institutions – particularly those in the banking and finance sectors, where staff use of instant messaging applications like WhatsApp has become the norm in recent years. Given these institutions are required by law to collect and monitor certain employee conversations if requested by a watchdog, there are a couple of obvious risks related to this new update.

Firstly, there is the possibility of a staff member actively deleting old WhatsApp conversations to free up space on their device – conversations that may have been important to regulatory investigations. With Google reportedly having recommended that users delete items from WhatsApp itself to reduce the storage used by the next backup, this is certainly a very real possibility. The other risk is that the application itself experiences a technical malfunction due to having reached full storage capacity and messages are corrupted or not properly backed up.

Either way, the update means financial institutions with a large number of Android WhatsApp users may be at greater risk of failing to adequately capture staff communications moving forward. This comes at a time when markets regulators including the likes of the Securities and Exchange Commission (SEC) have been cracking down hard on firms for failing to adequately capture and monitor employee messages on channels like WhatsApp and Signal.

In August, the SEC and Commodity Futures Trading Commission (CFTC) announced a combined $549m in penalties against Wells Fargo and a host of other firms over their failure to maintain electronic records of employee communications, having already swept through the largest banks on Wall Street in late 2022 to impose over $2bn in record-keeping related fines. Meanwhile, the Financial Conduct Authority has also launched an inquiry into banks’ use of WhatsApp on personal devices for trading.

Against this backdrop, it is imperative that compliance departments ensure their firm is well equipped to collate all employee messages sent or received over WhatsApp, paying close attention to how their existing processes could be impacted by the new update. Ideally, companies will implement a robust system that harnesses automation to continually capture and record employee communication on platforms like WhatsApp. With such a process, staff can freely delete messages to free up storage space on their own devices without risking company nonalignment with regulations.

As the new year commences, new measures will need to be taken by many banks to ensure they remain safeguarded against compliance regulations – particularly as watchdogs continue to crack the whip on financial firms across the globe.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Best practice approaches to data management for regulatory reporting

Effective regulatory reporting requires firms to manage vast amounts of data across multiple systems, regions, and regulatory jurisdictions. With increasing scrutiny from regulators and the rising complexity of financial instruments, the need for a streamlined and strategic approach to data management has never been greater. Financial institutions must ensure accuracy, consistency, and timeliness in their...

BLOG

ESMA Post-Refit Data Quality Report 2024 (EMIR-SFTR-MiFIR) Improvements and Ongoing Challenges for 2025

The European Securities and Markets Authority (ESMA) recently published its fifth annual report on the Quality and Use of Data for 2024 (the Report), reflecting significant progress in the regulatory community’s approach to data management and utilization. This comprehensive assessment is pivotal as it outlines both the advancements made in the quality of regulatory data...

EVENT

Data Management Summit London

Now in its 16th year, the Data Management Summit (DMS) in London brings together the European capital markets enterprise data management community, to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline

The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting...