March 14, 2023
Imagine two client managers for two financial services companies have just received some very important news that they must tell their clients immediately. As they're away from their offices, the only way is by using their smartphones. One manager opens and uses an app to call his client, opting for over-the-top voice communication that applies best-effort delivery. Of course, there's no guarantee he'll get through with good call quality, mainly if he is calling from a busy precinct or location.
The other manager simply calls the client on her mobile phone, using the green call button. She already has the technology that guarantees reliable delivery and the best call quality available. The call recording system in the office automatically records her mobile call.
Are you capturing, recording, and storing all communications, even on personal mobile phones? Chances are the answer is no, and that could cost you dearly.
Financial Services Requirements for BYOD
Some laws require communication records to be captured, recorded, and stored. In the financial sector, the Markets in Financial Instruments Directive 2 (MiFID 2) in Europe requires financial companies to record and store all communications related to financial transactions. In the United States, that falls under the Dodd–Frank Act, which grants the Securities and Exchange Commission (SEC) the power to require recording communications "for such a period as may be required by the Commission by rule or regulation" and storing "financial or banking data for any payment instrument."
These requirements extend to mobile phones and apps. In the business world, said phones (and the apps on them) could be either company-issued or an employee's personal phone (sometimes called Bring Your Own Device, or BYOD phones). This wasn't as big a deal pre-pandemic, but once COVID forced so many to work at home, using BYOD cell phones became the norm.
Problems arise when employees use their personal phones to perform a company's business. Since they don't like using the company-provided App for calling, they use the green button to call – which uses their own personal SIM and subscription. This presents their personal number, not their business number, to the called party, and most significantly – it bypasses the critical call recording technology required to comply with the regulations.
Since the law doesn't differentiate between company-owned and BYOD communication devices, companies get in trouble, and the fines come raining down.
Fines and Penalties
MiFID 2 levied 117 sanctions and measures totaling 1,263.717 euros, or about $1,370,311.53, in 2021, the last year's information is available.
In the United States, the monetary punishments were considerably higher.
In the fiscal year 2022, the SEC issued fines and penalties totaling $1.1 billion to 16 broker-dealers and investment advisors from 11 firms. Additionally, the Commodity Futures Trading Commission (CFTC) ordered $710 million in penalties for linked communications by senior employees using email and unapproved messaging apps such as WhatsApp and Signal.
According to Reuters, 16 big financial firms got hit. These include DWS ($400 million), Bank of America Merrill Lynch ($225 million), and $200 million each to Barclays, Citigroup, Credit Suisse, Goldman Sachs, Morgan Stanley, UBS, and Deutsche Bank.
This follows a $200 million fine the SEC and CFTC hit JP Morgan Chase in late 2021. In that case, more than 100 Chase employees, including senior managers, used personal devices and apps for regulated communications outside official channels.
"(These 2022) actions – both in terms of the firms involved and the size of the penalties ordered – underscore the importance of record-keeping requirements: They're sacrosanct," SEC Director of Enforcement Gurbir Grewal told Reuters. "If there are allegations of wrongdoing or misconduct, we must be able to examine a firm's books and records."
The fines resulted from the institutions not preserving personal chats, which violated federal rules that require broker-dealers and financial institutions to preserve business communications, Reuters said. The agencies claimed that these regulations impeded their ability to oversee financial markets, ensure compliance with key rules, and gather evidence in other unrelated investigations.
The SEC said the failings occurred across all 16 firms and involved employees at multiple levels, including senior and junior investment bankers and traders.
The bottom line is this: Companies on both sides of the Atlantic need to capture, record and store all mobile phone communications properly.
Tango Extend: 2nd eSIM for Business
Fortunately, an easy solution is Tango Extend, which is available through our CSP partners. All business calls using a Tango Extend eSIM are routed back through the office telephone or UC system. This means that mobile calls and text messages can be recorded by the same system which records calls from standard office telephones. By doing this, all mobile data and communications can be managed by the IT department and meet regulatory requirements by being recorded.
We embed a full-featured business extension (an eSIM) in any personal smartphone or company-provided phone. This results in simple, app-less Mobile Unified Business Communications so you can work from anywhere. Mobile Unified Communications is a unique combination of business-class mobile communications and UC technologies that empower a workforce wherever employees work, whether in the office or remotely.
One of the key enablers of Tango Extend is that almost all smartphones now support more than one SIM. With device evolution, manufacturers such as Apple, Samsung, and others have made managing and using two subscriptions on one phone very simple. For instance, when making calls from the mobile phone dialer, the phone will ask which Line (SIM) to use – either the personal Line for personal calls or the Tango Extend Line for business calls. Contacts can be designated personal or business in the contacts list, so they will automatically use the designated line.
In summary, Tango Extend:
- Configures mobile phones as a standard office endpoint on the office phone system
- Enables recording of mobile phone calls and text messages
- Can be used as the second SIM for business in either Personal or company-provided mobile devices
- Ensures that the business phone number is always used to place business calls
- Keeps personal use separate from business use
- Removes the ability to turn off or circumvent policy enforcement
- Helps companies maintain compliance with Dodd-Frank, MiFID2, and other regulations
Tango Networks - Extend eSIM Demo for Android Devices
Watch this demo to see how to install a second SIM (eSIM) in minutes by using a simple QR code: