About a-team Marketing Services

A-Team Insight Blogs

WhatsApp Update Could Spell Unhappy New Year for Compliance Teams

Subscribe to our newsletter

By Oliver Blower, CEO of VoxSmart.

While many of us will be making tough lifestyle changes this January, from adopting strict fitness regimes to cutting down on calories, there are other changes afoot in the realm of WhatsApp that could impact many of us over the coming days. For regulatory compliance teams at financial institutions worldwide, these could spell an unhappy start to the new year if precautions are not taken.

Google and WhatsApp recently announced that from early 2024, chat and media backups on Android will count towards users’ Google account cloud storage limit – a reversal in policy from 2018, when backups stopped taking up Google Drive storage. This will have several concerning implications for financial institutions desperately seeking to ensure they adhere to employee communications monitoring regulations and avoid hefty WhatsApp-related penalties.

Essentially, the update means that when a user reaches their storage limit, they will be forced to free up space in their Google Drive or risk messages failing to back up. According to WhatsApp, ‘If the amount of available storage on your device reaches critically low levels, WhatsApp might not function properly. If this happens, WhatsApp might prompt you to free up space in order to continue using the app.’

The thought of employees being prompted to free up space will worry many institutions – particularly those in the banking and finance sectors, where staff use of instant messaging applications like WhatsApp has become the norm in recent years. Given these institutions are required by law to collect and monitor certain employee conversations if requested by a watchdog, there are a couple of obvious risks related to this new update.

Firstly, there is the possibility of a staff member actively deleting old WhatsApp conversations to free up space on their device – conversations that may have been important to regulatory investigations. With Google reportedly having recommended that users delete items from WhatsApp itself to reduce the storage used by the next backup, this is certainly a very real possibility. The other risk is that the application itself experiences a technical malfunction due to having reached full storage capacity and messages are corrupted or not properly backed up.

Either way, the update means financial institutions with a large number of Android WhatsApp users may be at greater risk of failing to adequately capture staff communications moving forward. This comes at a time when markets regulators including the likes of the Securities and Exchange Commission (SEC) have been cracking down hard on firms for failing to adequately capture and monitor employee messages on channels like WhatsApp and Signal.

In August, the SEC and Commodity Futures Trading Commission (CFTC) announced a combined $549m in penalties against Wells Fargo and a host of other firms over their failure to maintain electronic records of employee communications, having already swept through the largest banks on Wall Street in late 2022 to impose over $2bn in record-keeping related fines. Meanwhile, the Financial Conduct Authority has also launched an inquiry into banks’ use of WhatsApp on personal devices for trading.

Against this backdrop, it is imperative that compliance departments ensure their firm is well equipped to collate all employee messages sent or received over WhatsApp, paying close attention to how their existing processes could be impacted by the new update. Ideally, companies will implement a robust system that harnesses automation to continually capture and record employee communication on platforms like WhatsApp. With such a process, staff can freely delete messages to free up storage space on their own devices without risking company nonalignment with regulations.

As the new year commences, new measures will need to be taken by many banks to ensure they remain safeguarded against compliance regulations – particularly as watchdogs continue to crack the whip on financial firms across the globe.

Subscribe to our newsletter

Related content


Upcoming Webinar: Best practices for regulatory reporting

Date: 16 July 2024 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Regulatory reporting is a repetitive, time consuming and expensive business. At its best it requires robust data governance, automated data collection and reporting, standardised reporting formats, a centralised reporting system and a means to monitor and review regulatory change....


Entrust in Talks to Acquire AI-Powered Identity Verification Specialist Onfido

Entrust, a provider of trusted identities, payments, and data security, is in exclusive discussions to acquire London-based Onfido, a provider of cloud-based, AI-powered identity verification (IDV) technology. If the acquisition completes, Entrust would add a compliant AI/ML-based biometric and document IDV tech stack to its portfolio of identity solutions. It would also have an opportunity...


RegTech Summit London

Now in its 8th year, the RegTech Summit in London will bring together the RegTech ecosystem to explore how the European capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.


Regulatory Data Handbook 2023 – Eleventh Edition

Welcome to the eleventh edition of A-Team Group’s Regulatory Data Handbook, a popular publication that covers new regulations in capital markets, tracks regulatory change, and provides advice on the data, data management and implementation requirements of more than 30 regulations across UK, European, US and Asia-Pacific capital markets. This edition of the handbook includes new...