The U.S. Securities and Exchange Commission has blocked third-party messaging apps and texts from employees' work mobile phones, bringing its own practices closer to the standards it's enforcing for the industry.
The SEC's decision to block disappearing-messaging apps will help improve record-keeping and comes in response to possible security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year. It follows
The scrutiny prompted
The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts "to lower risk that our systems could be compromised and to enhance recordkeeping," an SEC spokeswoman said in an emailed statement.
READ MORE:
The agency removed third-party apps in September, and removed text message functions on most staff phones in March, she said.
Financial firms are required to monitor and save communications involving their businesses to head off improper conduct. When they don't, agencies say it's significantly harder to investigate wrongdoing.
The Commodity Futures Trading Commission is considering whether to follow suit, according to a person familiar with the matter. A CFTC spokesperson didn't respond to a request for comment.
The regulatory crackdown has extracted at least $200 million apiece from Wall Street giants such as Bank of America, JPMorgan, Citigroup and Goldman Sachs, while fining many smaller players. That's been a boon to software and compliance providers pitching systems to capture the ephemeral communications.
But it has left members of the industry's rank and file seething. Some firms privately reprimanded or disciplined staff who had used unauthorized platforms. In certain cases, banks cut bonuses or even terminated offenders.
Fake post
The SEC's cybersecurity practices have come under scrutiny in recent months. In January, the regulator's X account was compromised using a staffer's agency-issued phone, which resulted in a fake post claiming that the watchdog had approved plans for a long-awaited spot-bitcoin exchange-traded fund.
That inaccurate post fueled a brief surge in the price of the world's biggest cryptocurrency. The SEC quickly regained control of the account and deleted the post. The incident underscored how even a regulator with an assertive stance on cybersecurity requirements isn't always protected.