After being fined more than $200 million last year for similar violations, Morgan Stanley has begun penalizing employees for using personal messaging apps for company business. But at least one expert said banning the tools won't work long term. Credit: WhatsApp Investment banking firm Morgan Stanley has punished some of its employees with fines that topped more than $1 million for breaching compliance rules by using WhatsApp and iMessage for business communications. The fines were levied by docking previous bonuses or future pay, according to a report in the Financial Times. While the fines might seem steep, Morgan Stanley itself has had to pay millions of dollars in fines for previous SEC violations related to the use of consumer messaging apps for business purposes. Last September, the US Securities and Exchange Commission (SEC) fined big-name banks and brokerages a collective $1.8 billion over workers’ use of private texting apps to discuss work and for not always saving those messages. The fines include $1.1 billion assessed by the SEC and a $710 million fine from the Commodity Futures Trading Commission (CFTC). Morgan Stanley was among the more than a dozen financial services firms fined and had to pay more than $200 million. In 2020, Morgan Stanley suffered a major security breach related to two senior employees in the bank’s commodities division who were using personal messaging apps. The employees were fired. In the most recent violation of company policy against using unauthorized and unmonitored communications channels, the bank hit employees with fines that ranged from few thousand dollars to more than $1 million per person. The penalties were based on a points system that takes into account factors including the number of messages sent, the banker’s seniority, and whether they received prior warnings, said people briefed on the matter, according to reports. Morgan Stanley did not immediately respond to a request for comment by Computerworld. Shiran Weitzman, CEO of mobile risk intelligence platform provider Shield, said imposing bans on popular communications applications such as WhatsApp and iMessage is a temporary solution. Employees are eventually going to use what’s most popular and convenient. Last year’s spate of financial services fines by regulators over improper use of messaging platforms was a shot across the bow — a statement that the industry needed to clean up its act, and “put some order in the house,” Weitzman said. The problem, however, is the banking industry and other businesses with high-touch business services often see employees simply adopt the most convenient communications platforms. “The requirements for WhatsApp or iMessage are similar as for any communication channel a bank is using — email, Slack, Microsoft Teams, Zoom, whatever. Anyone communicating on behalf of the bank…needs to be monitored,” Weitzman said. “With today’s technologies, it’s doable. Why they haven’t done it, that’s a different question. I have my guesses. “It’s not a technology play,” he continued. “It’s very hard for them to [change]. They’re large organizations and every time they need to apply some new technology or requirement, they need to do it on a global level.” During the pandemic, bankers forced to work remotely became comfortable using popular consumer messaging platforms because their clients were also using them. They were simply more convenient and at the time financial services companies relaxed their oversight of mobile communications services. Weitzman said banks need to focus on enabling the best tools with security and monitoring software, which uses APIs to track communications and flag suspicious communications while still keeping conversations private. Though possible, banning employees from using the latest communications technologies is not conducive to good business. “WhatsApp and iMessage, that’s forward thinking,” Weitzman said. “You need to be able to capture the message. And, the employee needs to fully acknowledge this is happening and give their consent. But I believe it will take time for this message to come down to [financial services firms], and I’m afraid there will be additional fines before it does.” Related content feature What Capgemini software chief learned about AI-generated code: highly usable, 'too many unknowns' for production While most of Capgemini's clients are reticent to use AI-generated code in production, the technology has led to big efficiency and productivity increases that developers and engineers might not yet realize, says Jiani Zhang, the company's By Lucas Mearian Apr 30, 2024 21 mins Developer Engineer Generative AI news analysis The EU has decided to open up iPadOS 'Our market investigation showed that despite not meeting the thresholds, iPadOS constitutes an important gateway on which many companies rely to reach their customers,' said the EU’s lead anti-competition regulator, Margrethe Vestige By Jonny Evans Apr 29, 2024 4 mins Apple Apple App Store iPad how-to A new Windows 11 backup and recovery paradigm? If used properly, new features built into Windows 11 offer safe, nearly complete backup, restore, repair, and recovery operations without third-party tools — but there are some caveats worth knowing. By Ed Tittel Apr 29, 2024 17 mins Windows 11 Backup and Recovery Windows feature Q&A: Georgia Tech dean details why the school needed a new AI supercomputer Georgia Tech partnered with Nvidia to roll out its first supercomputer so students can experiment with AI and machine learning to better prepare for a job market where those skills are now critical to success. By Lucas Mearian Apr 29, 2024 12 mins CPUs and Processors Education Industry Generative AI Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe