It's wild how entrenched it is in every aspects of society, from social to business.
Goes to show you how far good UX, simplicity and ease of use can take you.
[1] ICO reprimands NHS Lanarkshire for sharing patient data via WhatsApp - https://ico.org.uk/about-the-ico/media-centre/news-and-blogs...
Why the extra steps?
But it looks like this lawsuit is exactly about the opposite, that messages cannot be accessed and reviewed easily. It's also easy to understand why banks prefer using secured applications like Signal when discussing secret deals rather than taking the risk that such conversations leak to e.g. competitors...
so they claim… not that fb has ever given us a reason to trust them.
I guess people don't care unless someone sues
So everything is recorded, encrypted, some is monitored in near RT by engines, and only accessed by human employees when necessary. A full log of who accessed what is kept.
This falls under Fair Use (not sure about the exact term) under GDPR, as is a sensible way for the bank to uphold their legal obligations.
It's still crazy to me how people use Viber en masse in a lot of those places. The UX is abysmal and it's full of manipulative ads. Habits are hard to change.
Never heard of Whatsapp? Try removing the comments where you talk about it then.
Deposits at credit unions are also a liability to the credit union. The nonprofit and local angles, however, are germane.
For businesses, they might have the most attractive product and so you go with them. For example, they have an entire practice finance department that lends on favorable terms without SBA fees. However, they require using their checking account as a term of the loan. You could just fund the account and leave it, or use it.
The worst thing that has happened to me with them was they once allowed someone to cash a fake check using my account number. They put the money back but closed the account and I had to change over all my stuff to a new account number. I was a little disturbed that they didn't check the name on the account to the account number before approving the check.
But all of the other horror stories seem to happen on the consumer side.
I suspect for most consumers they don't know or notice the difference, but I wish they did.
Credit Unions FTW!
it's completely, undeniably worth it. unless you're a real big shot (worth millions in assets to the bank) who doesn't have to deal with the dehumanizing aspects of corporate "customer service", there is zero reason to be with anything other than a small local bank/credit union.
Of course, trust would be a huge issue, but assuming that could be resolved, I feel like switching banks should be something people do all the time.
You're leaving money on the table during a time where interest rates just keep going up and banks are becoming more and more competitive with each other on rates. You should be earning at least 5.15% on a market savings account today. I doubt WF would pay anywhere near that.
I tend to have operating funds in my credit union checking account. This is where most bills are paid from. Savings moves to which never institution has the best rates.
That convenience sucks to give up out of principle but it's long overdue in my case.
* I’m barely using hyperbole
People will just get a second private device that is not managed by the organization, and if there is a mutually beneficial advantage to doing so, the other party will do the same as well.
This has been going on forever, I remember when they kicked up a huge fuss when they found out that people were doing direct pin-to-pin messages on the blackberry (was not logged for boss to read at the time).
You still need a secondary device if you want to have a private conversation.
The banks aren't being fined for using Signal or WhatsApp or any particular technology, they're being fined for failing to keep records of regulated communication they're required by law to present for auditing. Obviously if you use tools that don't keep records, you need to find a way to save it yourself.
[1] Bad in the CNBC original, but actually truncated here on HN to remove the explanatory clause. The original reads "Banks hit with $549 million in fines for use of Signal, WhatsApp to evade regulators’ reach"
can't push jail on customers...
Why should that be different if it's written?
Of course they are.
No offense: Where have you been?
Working in education the last 10 years. I mean all of that seems really unreasonable if that's the case.
Where I work they took my work phone away because I wasn't using it enough. Now if I need to make a call, it's just with my cell phone. No way that's being recorded.
> in person meetings
Presume you don't sit down at the table and set up mics before you start talking?
Why do you presume that? Where I work every call is recorded.
Nobody should ever be "pleased" with knowingly breaking the law. When will we ever get serious about law enforcement for this type of crime?
If bureaucrats were on my ass about something so stupid, I would be very pleased once the matter was resolved.
Are you saying that we should not be able to require banks of a certain size to keep records, so that the highway patrol officers of finance can economically pull you over when you're speeding? Or should we allow everyone to use fuzzbusters effectively making the law pointless?
No sooner than the day we abolish the profit motive.
Sweet!
"some bullshit MNPI to a coworker" != billion-dollar collusion/schemes
"fired" != "jailed"
I'm afraid I'll never understand this class of refutation that categorically misunderstands every component of a sentence.
Intent,
pattern of doing business this way.
https://www.bloomberg.com/opinion/articles/2023-08-08/don-t-...
His is a pretty balanced take and raises some interesting points:
> I have argued that the SEC has aggressively expanded the recordkeeping requirements. In the olden days, almost all communication was informal and not recorded, and only formal decisions were memorialized in typed and carbon-papered memos, so the SEC had access only to a pretty limited slice of communications. Now, vastly more informal communication is text-based, and texting is a substitute for conversation, not for formal memos.
The rest of the piece and some of his related commentary in the area is worth a read.
The point is that from a bank employee perspective, a hallway conversation, a text message, and a WhatsApp chat might seem pretty similar, and no one expected face to face chats to be memorialized in preserved records, so why the other two?
So in a meaningful sense, the requirements around preservation have expanded significantly, and it shouldn't be a surprise that a lot of banks ended up breaking the rules.
As he writes in another piece (https://news.bloomberglaw.com/mergers-and-acquisitions/matt-...):
> My point here is that when these rules were written, it would have been absurd to say that brokers had to “appropriately conduct their communications about business matters within only official channels.” Everyone understood, in 1948, that only a small sliver of business was conducted in formal letters and memoranda, and that mostly you’d talk about business face-to-face. “As technology changes,” lots of forms of written electronic communication become substitutes not for memoranda, but for face-to-face conversation. So the SEC’s requirements constantly become broader. If you just talk to your colleagues in person, the SEC does not expect you to preserve that. Once you move that chat to WhatsApp, it does.
Now the SEC has run around fining a bunch of institutions and sent a message, and so you can expect compliance will improve.
As an aside, you'll notice that piece was written nearly a year ago, so this isn't exactly a new story.
Mr. Smith, please review the updated terms on WhatsApp.
They could in theory run _e.g._ `sigtop` every couple of months and encrypt it (e.g. age or veracrypt).
It's a complicated workflow but I imagine they have a pipeline for emails that isnt much less complicated, but also isnt E2EE.
Was this used for nefarious purposes - possibly - but more likely it was general communications between team members using a platform that is more comfortable to them than either 1st party tools or something approved like teams. 99.9% of this was likely reminders for meetings, attendance and coverage messages, a message to a team member who timezone shifted from you and may be off any you need an answer etc. I'd guess most people involved didn't even consider the record keeping because their day to day jobs don't involve actual trading info, and the "encryption" of those services likely made them feel a more comfortable than they should.
Not trying to excuse the behavior - yes the record keeping is important - but I think it's also important to realize this was likely largely innocent.
I would tell people to fuck off if they wanted to invade my personal device with work chatter. Boundaries are good
I agree, one needs to keep work comms on approved software, I'm simply stating that while it's fun to be like "oohh big bad bank was hiding secret convos" it was more likely "janet i'm out today can you take the meeting with svp of <insert corp>"
Put another way context matters in terms of how the public should react to the news, not so much the result (fines) or the regulations / requirements.
Or that email will go to the "work phone" which isn't sitting on the sideboard somewhere rather than in the person's pocket.
That said, there aren't any banks that don't have a comprehensive employee training program on security and compliance, so "I didn't realise" isn't going to be a valid excuse.
That's not to say that there isn't any deliberately malicious use going on, but it's unlikely that malicious use would be uncovered.
It's far cheaper (and more deniable) to find a slightly different way round the regulations, see if/when you get fined for that, then move on to something else again...
- A banker answers honestly when interviewed by the regulator because they decide it's better for the Bank to take the fine than lie to regulator and risk personal criminal charges (unlikely, but why take that risk?).
- Regulator asks for evidence of some documentation (like trade confirmation), compliance asks banker, banker doesn't have it and admits it was over this app.
- Whistleblower or other source makes regulator believe there are prohibited communication and regulator demands phones be turned over.
- Other similar banks are caught in violation, and regulator does sweep of similar banks and demands phones be turned over.
The regulator has the ability to shut down the bank. The bank can easily tell the banker to turn over an unlocked phone or face legal action. The banker then turns over the phone.
Big headline grabbing number. But what % of their quarterly profit is that?
Slap on the wrist, I suspect.
https://www08.wellsfargomedia.com/assets/pdf/about/investor-...
I imagine a smaller fine would be a more effective deterrent if it was directed at the C-suite instead of the whole corporation. Maybe a little jail time too, as a treat.
As someone who currently performs information risk management for a financial institution, I'll say that private messaging doesn't need to be banned per-se. It's just that all company business is the responsibility of the leadership, so ultimately, business communications needed to be reserved for business communication platforms over which leadership can enforce policy. Privacy is a component of this. These banks needed processes and controls to ensure their requirements are being met: Records of electronic communication, technical security controls to ensure the privacy of protected communication, approved communication mediums/channels for different classifications of information, periodic reviews on the adequacy of these controls, etc.
Sometimes the restriction of things like WhatsApp, Signal, etc. are seen as an affront to individual privacy. That's not what this is about. This is about preventing a lot of dangerous scenarios, like:
1. Employees at your bank do something evil that's also against the law, but because they used Signal/WhatsApp, no records of the communication can be used as evidence in court.
2. The bank has invested millions upon millions into an information security program. Someone decides to use Signal/WhatsApp to share sensitive account numbers. Signal/WhatsApp ends up with a vulnerability that exposes the information, rendering the InfoSec program protections ineffective.
3. Like #2, but the information in WhatsApp/Signal is super important. The employees who kept it there all leave and/or get into fatal accidents. How will that impact the bank?
4. Your manager starts a group chat for the team via text message and conversations about work occur. Turns out someone in the conversation is involved with a scandal. Because you talked about work stuff outside of the approved comms channels, your personal phone can now be taken and used as evidence in a court (even if they can't pull the encrypted messages from it!)
It's just better for everyone to keep work communications in one place that the company has control over, and your personal device/apps totally separate from it.
The problem is no one has ever heard of Symphony, doesn't want to install it so they can ask a simple question, and the user experience is meh at best. If you do the right thing, clients would likely perceive you as difficult to work with and perhaps go elsewhere. To done extent, the inevitable fines might be seen as a necessary cost of doing business. So a pretty severe crackdown was necessary to ensure everyone is properly incentivized to inflict this pain upon clients.
"Firms may not permit the use of any type of electronic communication if they are unable to satisfy the applicable recordkeeping requirements with respect to that particular type of electronic communication."
> “We are pleased to resolve this matter,” said Wells Fargo spokeswoman Laurie Kight.
Unfortunate, penalty appears not big enough.
As another key responsibility, these individuals are forbidden from insider trading... which if they are not keeping records is basically not possible to police.
/s
