Are US bank employees prohibited from discussing financial matters using anything but official channels (email, paper?) per se OR is this about using other channels and failing to preserve records of the conversations?
AFAIK you are allowed to use any channel as long as you preserve records of the conversation. However, meeting the standards for preservation is quite difficult, which is why employees of financial institutions are generally told not to communicate outside person-to-person, or channels vetted by their company (and lawyers thereof).
Also, compliance teams want live or near-live access, and do run dynamic filters on that live content. I can’t imagine a non-criminal* compliance team accepting a solution that is T+1 or that depends on manual action from the employee.
It's a bit weird that even though they can communicate person-to-person, where records won't be kept, they are supposed to keep records of electronic communication.
Well, it's incredibly hard to scale fraud only through person-to-person communications. It's not impossible, but think about the scale that online communication would allow.
This has nothing to do with scaling. How do you picture that, some employee would broadcast sensitive information to a WhatsApp group, in order to reach as many others as possible at once?
The offense here is that no effort was done to keep records of the communication. It would have been ok to use WhatsApp if they somehow would have archived all communications.
Records of communications have to be kept so that auditors can verify that no inside trading secrets were communicated to others, for instance.
Now I understand why some of the banks wanted people back in the office as soon as possible. Trying to support their commercial real estate bags is likely another.
The weird step for me is the expansion of regulatory authority from published memos, to all written communication like texts and chats. I get it and don't really object to the end result, but it seems like the law should be updated to match what society desires to be regulated, rather than just relying on a generous interpretation by regulators.
> it seems like the law should be updated to match what society desires to be regulated
This absolutely happens. Usually, however, the regulators are interpreting the law in a way that the legislators agree with. In those cases, there is no need for new legislation.
> for bank traders ALL communications must be kept
One, not every securities professional trades at a bank. Two, this is not true for any of them. Broadly speaking, work-related written communications must be logged. But there is nuance and exception to that.
In person conversations could be required to be recorded with a portable voice recording device (like a tape deck or phone). Same for phone calls. The regulatory authorities exempt those communications for now, but it isn't clear that there is any kind of consistent standard / reasoning.
I um unsure about current status in the States, but in Europe all conversations with a client over the phone where you might discuss commercial terms need to be recorded. Banks just cover their backs, and for customer facing positions all phone calls, no matter if through landlines (or IP telephony) or cell are recorded, either by the PBX software or by the carrier.
Employees are reminded not to use these lines for personal reasons (imagine an employee using the phone line to discuss their health with their doctor, and the employer just recorded extremely sensitive information from an employee), but the alternative means a strong fine from the regulators (usually the local AML authority).
Mostly not. But many interactions such as a Risk and Audit Committee are required to have minutes and signed by all participants. This is usually for all sessions which shape and oversee key policies such as Risk, AML, Audit, etc…
Such a waste of time trying intently to regulate and control communication.
People will just get a second private device that is not managed by the organization, and if there is a mutually beneficial advantage to doing so, the other party will do the same as well.
This has been going on forever, I remember when they kicked up a huge fuss when they found out that people were doing direct pin-to-pin messages on the blackberry (was not logged for boss to read at the time).
> Such a waste of time trying intently to regulate and control communication.
It's not an overall waste of time, because the goal is to reduce the enormous wastes caused by fraud, crime, and other malfeasance.
I know somebody who worked at a bank. The bank had a mandatory vacation policy: you had to be 100% gone for at least two solid weeks every year. When outsiders heard about this, they were often indignant. Who is the company to tell me how I spend my vacation? I know best when I need to rest. Why are they trying to regulate and control so much?
But the policy was about preventing crime. There are kinds of fraud where one person can keep it going a long time if they're around to fiddle things manually. But a couple of weeks of absence, plus the cross-training that goes with it, can keep those kinds of frauds from ever happening. And when they do happen, they stay much smaller.
As an example of why fighting fraud is vital to a bank, you could look at the failure of Barings Bank. One guy was able to fiddle the accounts to hide his losses, gaining a reputation as a trading genius. He started with a little deception, and it spiraled out of control over the years, eventually destroying a bank that had survived more than two centuries.
When compared with the destruction of the bank, making sure that supervisors can see what an employee is getting up to is a pretty small waste in comparison.
Is this one of those cases where it ends up causing death by regulation?
Take the pharmaceutical industry in the US. One reason it's so expensive for them to operate is the massive amount of rules and regulations that surround their work and cause them to hire tons more highly skilled personnel in order to meet those regulations just to get work done.
Now all those rules exist because someone did something bad and the rules prevent those bad things from happening again, which is a good thing. However, it increases the cost of doing business, and over time, as these rules and regulations pile up, everything gets more and more expensive and complex.
It's unfortunate that we as a society now have to pay for the actions of a bad actor in perpetuity. I don't know of a good alternative, because again these rules exist for a reason. Fraud is obviously bad, and people will constantly take advantage of the system until we regulate it more and more, but then normal rule followers pay the price.
Is your contention that the pharmaceutical industry is dying? Or that it has insufficient lobbying power to push back against regulations that don't improve safety in proportion to their costs?
But to answer your direct question, I think the answer is a pretty clear no. Financial companies invest a ton in communications. If there's a buck to be made from improving their tools so that their employees can communicate faster, they'll get around to it eventually. They'll just do it with tools that provide the sort of proper records that they've been obliged to keep since forever.
Not that it's dying at all - it just makes it more expensive for them to do literally anything. That cost ultimately trickles down to the consumer. The entire US healthcare industry contributes to this. It's extremely regulated, usually for good reason, but the consequences are that there are tons of middle men, bureaucracy, and inefficiency that makes the end product more expensive
And the safety is probably correct. It's a problem that I'm not sure how to address
I'm always cynical when I hear arguments like this, I feel like it's the profit motive which is more to blame. They need to justify those prices somehow, and reducing payouts to shareholders or C-levels would be unthinkable.
I don't disagree with you - I'm just pointing out that when profit margins decrease, prices increase and the customer ends up paying for it
in "free market" conditions, there should be players who can compete by not increasing prices, but due to the increasing number of regulations, it becomes impossible for smaller players to enter the market or exist in the market, so nobody can come in and take advantage of lowering prices, so prices just go up and up
Again these regulations usually exist for good reason, it just makes the market less efficient and drives prices up over time
> When compared with the destruction of the bank, making sure that supervisors can see what an employee is getting up to is a pretty small waste in comparison.
But they can't see this according to the comment to which you're responding; that's the problem.
It’s actually a bit of a trap - if you are caught using secondary devices, it speaks to intent. Similarly, when you deposit money at a bank and they ask you to certify these are not proceeds of a crime: they aren’t expecting to catch people at that step. But if they catch you later, boom you defrauded a bank by lying and have additional charges.
It's not illegal to own a personal device, it's also not illegal to be friends with your coworkers if you trust them.
There is no "intent" here. What you are describing is an organized criminal conspiracy which is illegal no matter what device or system you're using. What I am talking about here is whether the employer should get to listen in to all your calls and read all your emails and text messages. Why do you think they like BYOD so much? Because they can get a window into your personal life, what apps you have installed, etc.
I think they like byod because they don’t have to buy a device or service it, but can still get at employees at all hours.
It is not illegal to have friends, but if you are in a job that has certain regulations it is illegal to communicate in a non approved way with business partners. This isn’t a wide scope - it’s people who have jobs that are covered by these regulations.
How is this different from having laws on the books that ensure all citizens are breaking the law at any given time? Doesn't feel like how laws are meant to be used
Isn't this an argument that doing anything that is illegal but beneficial to the conspirators should be left alone?
If it were totally allowed and widespread how would there be any pretence of fairness in the markets? Of course you could say that at least then people would be appreciating the reality of the situation . . .
So the law as written regards keeping records of inter-office memoranda, but the regulators have cheerfully expanded the scope of this to include essentially all communication by bank employees (except maybe phone calls).
No, it includes calls now. Traditional calls over copper telephone lines are not recorded, but digital calls over MS Teams or whatever are recorded and kept for review.
You still need a secondary device if you want to have a private conversation.
No, that's just what the outrageous clickbait headline[1] fooled you into thinking.
The banks aren't being fined for using Signal or WhatsApp or any particular technology, they're being fined for failing to keep records of regulated communication they're required by law to present for auditing. Obviously if you use tools that don't keep records, you need to find a way to save it yourself.
[1] Bad in the CNBC original, but actually truncated here on HN to remove the explanatory clause. The original reads "Banks hit with $549 million in fines for use of Signal, WhatsApp to evade regulators’ reach"