The issue is the opposite, because people use non official communication channels it's hard for regulators to get the information they need, and it can be taken as the bank hiding things, which leads to fines. It's in the article:
This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.
"Banks use a wide range of approved channels to communicate in compliance with regulatory obligations,” a spokesperson for the bank told Bloomberg. “HSBC, like many other banks, reviews and adjusts functionality on its corporate devices as needed.”
What about chat in games?
IRC?
Conversation had by making comments on Lenny posts?
Jerry, we can't go with the suggestion Ann just made because we'll look really stupid.
App based 2FA is even worse. Sure it's more secure but the likelihood of losing account access is much higher.
And don't talk about saving recovery codes. Security has to be practical and easy.
The UX of manual 2FA is a problem. Copying numbers with a time limit is just a crappy experience.
Account recovery is a hard problem, but thankfully it’s usually not an all or nothing deal, and it has been getting a lot better. I know Apple has a complex recovery flow that terminates at an actual human.
This is in the same vein as the secret service text message debacle after the Jan6th stuff.
I think you'll see this more and more as companies and government agencies try to reconcile regulations, cyber security controls, and business needs. Obviously there is a need for employees to communicate. There are laws surrounding record retention. And there are laws and needs for security controls to lock down phones, wipe data, etc.
Those three things don't always align with each other and if your employees pick a different channel to communicate they you can't control, then that's a huge problem from a regulation and even a security perspective.
That said, locking down work phones is only going to push people to their personal devices and that creates way more issues overall.
Personal devices won’t be impacted by the policy, and a select few employees who have regulated roles in the firm will still be able to send and receive messages, the outlet reported.
This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.
Sixteen Wall Street giants including UBS and Barclays were collectively fined $1.8 billion by the SEC last September for employees’ use of personal devices and unauthorized apps for communication regarding business transactions.
As the use of private messaging platforms has proliferated in the business world, regulatory scrutiny over their use has intensified in recent times and spread beyond Wall Street.
Private equity firms including Carlyle Group and Blackstone are also being investigated for discussing business matters on apps like WhatsApp and Signal.
Reports suggest that a number of banks globally have suspended the use of encrypted apps like WhatsApp for work purposes following probes into its violation of regulatory rules.
The original article contains 457 words, the summary contains 171 words. Saved 63%. I'm a bot and I'm open source!
The banks are required to record all of the communications made by a large proportion of their staff. Probably they haven't found a way to do that for WhatsApp or text, so those are not approved communications channels. If they aren't approved, then why would they be on a work phone?
Of course the staff can break whatever rules they want, but they will be breaking rules. The banks make sure their staff know that, and as long as they've done all they can to stop it then what else can they do? There are always people who break the rules, and those who break the rules get punished when they're caught.
If those are communication apps supported by the bank, that's the idea. Banks have been hit with huge fines for employees communicating over unapproved channels.
One of the problems with the unapproved channels is that the bank can't enforce a retention period. So written messages that are supposed to be kept on record for 10 years or whatever can get deleted. In the event of a lawsuit the bank can be fined for not having the messages.
I understand what they think will happen. But that doesn't necessarily mean they'll be using the banks approved channels etc. You can set up your own private channel in teams and in slack. If people want to communicate without having that info tracked by the bank or company or agency they work for they literally will use another service. Doesn't even have to be teams or an approved one. This article talks about texts and SMS. But WhatsApp and signal and even discord exist (banning one but not the others is playing whack a mole). This seems like the companies trying to keep up with the times without a real plan that considers alternatives.