A recent news report indicated that JP Morgan asked employees to search their personal accounts on SMS, WhatsApp and WeChat for conversations with customers and clients. They then asked for employees to download any client conversations and save them until further notice. JP Morgan’s intention, in line with many organizations, is to ensure that conversations on personal messaging accounts are recorded by the bank to comply with regulatory and governance mandates. They are by no means the only bank or indeed the only enterprise or industry that has asked employees to do this manual process.
What’s wrong with manual processing of messages?
There are a number of issues with asking employees to do this and with a manual process:
1 – Manual process
Employees are humans. Obviously employees have a responsibility to respond to any reasonable request from their employer. However, any time there is a request that is difficult, manual, complicated or lengthy, people are likely to procrastinate, deliver incomplete or inaccurate data or simply not comply.
2 – Reactive not proactive
The JP Morgan example is obviously an attempt to resolve an issue. Going forward the manual capture of messages on a retroactive basis does not solve the issue. It is reactive rather than proactive management of messaging applications. There is no ability to implement Data Loss Prevention or other control mechanisms like Ethical Walls. Any issues or breaches cannot be captured or even prevented in real-time. The breach can only be identified after the fact.
3 – Not 100% compliance
This is very manual in nature. There is a statistical likelihood of information, messages and conversations that are either accidentally or deliberately missed. Enterprises cannot be sure that all messages sent to clients have been captured, downloaded and uploaded back into corporate systems. It also relies on an employee’s memory and diligence. Most employees will do their best, but it is unlikely that 100% of messages will be captured.
4 – Privacy and consent
There are some questions around privacy and consent. To request either access to or to download messages from employee personal accounts opens up questions around employee privacy. While the conversations are with customers, the account is a private account. Additionally, clients have not provided consent that that conversation has been recorded and can be used.
What are the alternatives?
There are obviously other options. Enterprise can simply ban employees from communication over messaging applications. However, again, employees and clients are human and globally enterprises have seen that this approach does not work. Employees and clients want to use the tool that is most familiar, easy, and convenient for both. Most likely this is a messaging application, particularly given Covid-19.
There are of course corporate tools. These require clients to either have access or to download a separate application that they may not be familiar with. If they are using a work phone, they may not have the rights to add a new application to that phone.
To solve this issue, banks and other enterprises need to offer employees a way to communicate to clients over popular consumer messaging applications like WhatsApp, WeChat, Signal, Telegram and LINE. One that is not reliant on personal accounts or tools with high-barriers to entry. This method needs to be able to proactively control information, conversations, data. It must also record all conversations regardless of the messaging platform in real-time.
There is a better way
LeapXpert’s Federated Messaging Platform is a robust, automated answer to this issue. It has been designed with both the enterprise’s and the customer’s needs in mind. Customers and clients use the messaging tool that they prefer. Employees use a centralized tool that allows them to stay in one corporate environment. They don’t need to switch between corporate applications and tools or between messaging applications. They also don’t need to perform manual processes to ensure compliance. Enterprises can proactively control what information is sent and by whom. They have a real-time record of conversations and data sent between employees and customers. Due to LeapXpert’s FMOP’s flexibility, it is also able to adapt to changing customer needs. If a new messaging application becomes popular enterprises can easily embrace that application.
With LeapXpert’s FMOP, customers are notified with consent, privacy and terms and conditions language. As such privacy and consent is managed and recorded centrally. This maintains the privacy and consent of all parties involved.
As messaging applications become more and more popular as a method to communicate with customers and clients, enterprises globally must find a better way of ensuring that they comply with their local and global regulatory and legal requirements. Asking employees to perform manual processes retroactively is not the answer to embracing messaging applications nor to ensuring compliance. The implementation of a centralized, proactive, future-proof platform that manages your messaging engagements is. LeapXpert is that better way.
To find out how LeapXpert is working with enterprises around the world to better manage compliance of conversations on messaging applications, talk to one of our team.
If you found this interesting, check out our blog on Shadow IT in messaging applications.