One of the greatest battles between management and staff in the investment banking industry is “mobile phones on the trading floor”. On the one hand, personal phones are a compliance disaster area. Staff can use them to talk to headhunters, to pass on information that they don’t want to talk about on a recorded line and even to download inappropriate videos.
On the other hand, financial markets employees were among the first adopters of smartphone technology, and it’s considerably more difficult to get their phones out of their hands than it is to do so from an average teenager.
The FCA, among other regulators, has been looking at this problem for a while. Even in the absence of clear criminal intention, it’s still possible for employee’s social media use to be in breach of regulatory principles – a recent case concerned an employee who was simply in the habit of boasting about all the deals he was involved in to a WhatsApp group, inadvertently revealing confidential client data as he did so. As far as anyone can tell, only the most draconian of social media policies could eliminate this risk, and since banking employees are usually hired because they’re intrinsically social people, some sort of risk is more or less inevitable.
An uneasy truce that some banks had reached was the policy of BYOD, or “bring your own device.” Rather than being restricted to the corporate Blackberry, you were able to get the office email on your own iPhone, in exchange for having the corporate monitoring software installed, and some of the most egregious compliance risk apps, like WhatsApp and Snapchat, deleted.
But this might not be sustainable. The thing is, if an employee is using their own phone for corporate purposes, it’s not clear what that means for compliance with the General Data Protection Regulation (GDPR) Under a literal reading of the regulation, all of the employee’s contacts could be considered to be personal data held by the corporation, with all the associated overhead cost and compliance obligation. Since up to 40% of employees use their personal mobile phones for corporate business, that’s a considerable GDPR problem.
The official position of the FCA – and therefore the likely position of all European regulators, and in all probability global regulators too pretty soon – is that BYOD is just not allowed.
So if you’re going to go by the letter of the law, it’s the work laptop, the work mobile, and absolutely nothing else allowed on the trading floor or in the office.
Is this sustainable? The whole history of mobile technology in the financial services industry says not. Welcome back to the days of the “batphone”, the “burner” and the private device semi-secretly hidden in the handbag or jacket pocket. And to the days of senior management giving lectures at monthly meetings, but basically accepting that every now and then, the employees will pick up a subtle vibration from a desk drawer, and suddenly feel the need to “pop out for a cigarette”
to find out what’s really going on.
Dan Davies, is a senior research advisor at Frontline Analysts and a former banking analyst at Cazenove, Credit Suisse and BNP Paribas.
Have a confidential story, tip, or comment you’d like to share? Contact: firstname.lastname@example.org
Bear with us if you leave a comment at the bottom of this article: all our comments are moderated by human beings. Sometimes these humans might be asleep, or away from their desks, so it may take a while for your comment to appear. Eventually it will – unless it’s offensive or libelous (in which case it won’t.)