About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

WhatsApp Update Could Spell Unhappy New Year for Compliance Teams

Subscribe to our newsletter

By Oliver Blower, CEO of VoxSmart.

While many of us will be making tough lifestyle changes this January, from adopting strict fitness regimes to cutting down on calories, there are other changes afoot in the realm of WhatsApp that could impact many of us over the coming days. For regulatory compliance teams at financial institutions worldwide, these could spell an unhappy start to the new year if precautions are not taken.

Google and WhatsApp recently announced that from early 2024, chat and media backups on Android will count towards users’ Google account cloud storage limit – a reversal in policy from 2018, when backups stopped taking up Google Drive storage. This will have several concerning implications for financial institutions desperately seeking to ensure they adhere to employee communications monitoring regulations and avoid hefty WhatsApp-related penalties.

Essentially, the update means that when a user reaches their storage limit, they will be forced to free up space in their Google Drive or risk messages failing to back up. According to WhatsApp, ‘If the amount of available storage on your device reaches critically low levels, WhatsApp might not function properly. If this happens, WhatsApp might prompt you to free up space in order to continue using the app.’

The thought of employees being prompted to free up space will worry many institutions – particularly those in the banking and finance sectors, where staff use of instant messaging applications like WhatsApp has become the norm in recent years. Given these institutions are required by law to collect and monitor certain employee conversations if requested by a watchdog, there are a couple of obvious risks related to this new update.

Firstly, there is the possibility of a staff member actively deleting old WhatsApp conversations to free up space on their device – conversations that may have been important to regulatory investigations. With Google reportedly having recommended that users delete items from WhatsApp itself to reduce the storage used by the next backup, this is certainly a very real possibility. The other risk is that the application itself experiences a technical malfunction due to having reached full storage capacity and messages are corrupted or not properly backed up.

Either way, the update means financial institutions with a large number of Android WhatsApp users may be at greater risk of failing to adequately capture staff communications moving forward. This comes at a time when markets regulators including the likes of the Securities and Exchange Commission (SEC) have been cracking down hard on firms for failing to adequately capture and monitor employee messages on channels like WhatsApp and Signal.

In August, the SEC and Commodity Futures Trading Commission (CFTC) announced a combined $549m in penalties against Wells Fargo and a host of other firms over their failure to maintain electronic records of employee communications, having already swept through the largest banks on Wall Street in late 2022 to impose over $2bn in record-keeping related fines. Meanwhile, the Financial Conduct Authority has also launched an inquiry into banks’ use of WhatsApp on personal devices for trading.

Against this backdrop, it is imperative that compliance departments ensure their firm is well equipped to collate all employee messages sent or received over WhatsApp, paying close attention to how their existing processes could be impacted by the new update. Ideally, companies will implement a robust system that harnesses automation to continually capture and record employee communication on platforms like WhatsApp. With such a process, staff can freely delete messages to free up storage space on their own devices without risking company nonalignment with regulations.

As the new year commences, new measures will need to be taken by many banks to ensure they remain safeguarded against compliance regulations – particularly as watchdogs continue to crack the whip on financial firms across the globe.

Subscribe to our newsletter

Related content


Recorded Webinar: Best practice approaches to trade surveillance for market abuse

Breaches of market abuse regulation can lead to reputational damage, eye-watering fines and, ultimately, custodial sentences of up to 10 years. Internally, market abuse triggers scrutiny of traders and trading behaviours; externally it can undermine confidence in markets and cause financial instability. This webinar will discuss market abuse of different types, such as insider trading...


Encompass Plans Corporate Digital Identity Platform Following Acquisition of CoorpID and Blacksmith KYC

Encompass Corporation, a provider of real-time digital Know Your Customer (KYC) profiles, has acquired CoorpID and Blacksmith KYC from ING to develop a platform that solves the critical challenge of identification and verification of corporate and institutional clients. ING will be a stakeholder and development partner to Encompass and will use the platform in the...


RegTech Summit London

Now in its 8th year, the RegTech Summit in London will bring together the RegTech ecosystem to explore how the European capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.


Entity Data Management Handbook – Fifth Edition

Welcome to the fifth edition of A-Team Group’s Entity Data Management Handbook, sponsored for the fourth year running by entity data specialist Bureau van Dijk, a Moody’s Analytics Company. The past year has seen a crackdown on corporate responsibility for financial crime – with financial firms facing draconian fines for non-compliance and the very real...