Regulated industries need to introduce secure comms with audit and archive to reduce risk of fines and take back control of data
Eleven of the most powerful financial services businesses have been fined nearly $2bn for failing to meet record keeping regulations due to communications using unauthorised and unmonitored channels. The fines were levied by the US Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC).
As well as the fines, the firms involved are also subject to cease and desist orders. Read the full story here: https://www.bbc.co.uk/news/business-63056677
“Finance, ultimately, depends on trust. By failing to honour their recordkeeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust,” said SEC chair Gary Gensler.
Bankers are losing their jobs
The investigations, which have been ongoing, and first made public last year, rocked Wall Street when some bankers lost their jobs (see our previous post about JPMorgan Chase). The regulators concluded that the use of off-channel communications, using personal mobile devices and apps such as WhatsApp and Signal, were widespread.
And that’s not all – using consumer apps for business typically contravenes GDPR
In the UK and Europe, any organisation found to be using consumer-grade apps for business are likely to be in contravention of GDPR because under the regulations personal details cannot be shared without the owners’ express permission.
The inherent functionality of typical consumer apps include sharing contacts between users (and with the service provider) as well as storing documents or pictures in unprotected locations on a device with no protection against these being shared onwards to any other user of that service (outside the originating organisation). The Terms & Conditions of such apps have ‘cop out’ clauses such as “You will not use (or assist others in using) our Services in ways that […] involve any non-personal use of our Services unless otherwise authorized by us.” which is legalese for “You can’t use this app for any business purpose”.
Significantly reduce the risk of regulatory fines
Taking back control of mobile communications by providing a viable alternative to consumer apps will enable financial institutions to prove they are taking appropriate steps to ensure staff compliance and so significantly reduce the risk of fines or data leakage, and the negative publicity associated with non-compliance.
Armour Comms has been positioned as a leader in the Secure Communications, Q3 2022 – The 12 Providers that Matter Most and How They Stack Up report by a major industry analyst. Our flagship Armour Mobile together with Recall by Armour delivers a highly usable solution to replace the ‘shadow IT’ of consumer-grade apps.
Available as on on-premises solution to provide data sovereignty, Armour Mobile and Recall provide all of the security, monitoring and archiving features required by regulated industries. What’s more, its enterprise-grade capabilities mean that Armour Mobile can be deployed at pace with one-click provisioning, making it quick and easy for users to be up and running with an approved channel for business communications within minutes, even on BYOD and un-managed devices.
With Armour Mobile, employees have the tools they need to communicate even the most sensitive of market intelligence safely and efficiently.
Recall by Armour – How it works
Armour Mobile and Desktop support an integrated and secure audit capability enabling communications (text, audio) to be captured in their entirety within the centralised audit log, allowing detailed retrospective analysis of all conversations. Each entry within the audit log is encrypted using keys unique to the user to whom the entry relates, and access to the decrypted content can only be gained by an Administrator with access rights to the audit tools to securely retrieve the key material and perform the necessary decryption tasks.
With Recall, all communications via Armour Mobile are protected and preserved automatically, the user doesn’t need to do anything extra. This supports the NCSC ethos of Secure by Design, making security easy for the end user.
For more information about how Armour Comms can help your organisation preserve, check and interrogate secure and sensitive conversations, ensure compliance, protect brand reputation (and avoid hefty fines), contact us today. sales@armourcomms.com
