Why Financial Firms Can’t Afford to Sleep on Non-Financial Misconduct

January 16, 2025by Shaun Hurst

The financial services industry is embracing new forms of technology now more than ever, which makes maintaining both regulatory compliance and ethical conduct paramount to success. This imperative has gained fresh momentum as the Financial Conduct Authority (FCA) surveyed firms in 2024 regarding their use of encrypted messaging services like WhatsApp. This move reflects a growing concern about both financial and non-financial misconduct, particularly as regulators aim to tackle market abuse and insider trading.

Why it matters

The stakes have never been higher for financial institutions:

WhatsApp-related fines have exceeded $3 billion USD in the last three years
63% of employees lack confidence in their firm's monitoring ability
Prohibition policies alone have proven ineffective
Regulators expect firms to monitor ALL business communications

Why prohibition is not the answer

When discussing non-financial misconduct, we also need to discuss off-channel communications. People often feel more at ease communicating on channels like WhatsApp than on Microsoft Teams or work email. Encrypted applications like WhatsApp blur the lines between professional and personal interactions because they serve as the primary communication tools in both social and business contexts.

The reality of modern business communication is clear: your employees are using mobile messaging apps. When firms respond with prohibition policies, they don't stop the behaviour – they just drive it underground. Consider these facts:

Clients increasingly prefer messaging apps over email
Business happens 24/7 on mobile devices
Younger employees default to mobile messaging
Prohibition leads to use of personal devices
Unmonitored channels create compliance blind spots

The solution isn't to fight this trend; it’s to embrace it safely through comprehensive mobile capture technology.

It’s no secret that misconduct occurring on prohibited communication channels is a major concern. Tracking a single conversation that spans multiple channels requires comprehensive policies, advanced technology, and considerable oversight. For years, the instinctive reaction has been to prohibit certain channels like WhatsApp from being used by employees, but does that work? Not as well as firms might hope.

The problem with prohibition is that it requires escalation that only prolongs the inevitable.

The bottom line: You need close supervision to identify the gaps in communication and ensure those conversations are not continued through unapproved channels on personal devices.

A simpler approach is implementing a smart capture solution that enables employees and clients to use their preferred communication channels. This ensures interactions are captured, stored compliantly, and readily accessible during audits. Having policies in place alone is not enough. Casting a blind eye is not the answer; regulators will not accept ignorance as an excuse. Firms must monitor every channel and have the technology to flag suspicious activity and misconduct.

Non-financial misconduct: The early warning signal for financial risk

While financial misconduct involves monetary issues like fraud or insider trading, non-financial misconduct covers behavioural violations such as bullying, harassment, and inappropriate workplace conduct. These aren’t separate problems; they are two sides of the same coin. An employee who feels comfortable bypassing communications policies or engaging in inappropriate conduct has already shown a willingness to ignore controls. This pattern of rule-breaking often escalates from non-financial to financial violations, which is precisely why regulators are intensifying their focus on behavioural conduct. Yesterday’s inappropriate WhatsApp message could be the first warning sign of tomorrow’s trading violation.

Challenges firms face with non-financial misconduct

I had a great conversation on Following the Rules, a podcast about the rules shaping the EU and UK financial services, where we covered the major challenges around non-financial misconduct. Essentially, when it comes to the challenges firms face with monitoring and reporting non-financial misconduct, we see a few factors are at play:

The financial world has embraced technological advancements

Non-financial misconduct can occur in many ways. Twenty years ago, email was the only channel that required monitoring. Today, there are dozens of applications people can use on any given day, with many more being developed and adopted regularly. Regulators have made it clear that organisations must capture all business-related communications. With that responsibility in mind, firms must keep track of new and popular channels and adjust their policies and procedures accordingly.

Employees feel burdened with reporting misconduct

I don’t believe that cases of non-financial misconduct have necessarily increased, as per the FCA’s report. People are simply more willing to report it. High-profile cases like the recent “Sexism in the City” have shown employees that speaking up can drive real change. But here’s the problem: while people feel more confident coming forward, our Smarsh survey shows that 63% of employees still don’t trust their firms ability to monitor and detect this misconduct. We have created an environment where people will speak up, but many firms haven’t kept pace with the tools needed to protect them.

Relying solely on employees to report misconduct places a significant burden on them. Many employees may already be in vulnerable positions, which can add to their stress. Ultimately, if employees don’t trust that action will be taken regarding reported misconduct, they are less likely to report it. This is particularly concerning in light of our Smarsh survey, which found that 59% of employees have experienced or witnessed non-financial misconduct.

Break the reactive cycle

Waiting for misconduct to occur before taking action isn’t just risky, it’s expensive. Take expense fraud: reactive organisations only investigate communication trails after discovering an irregular claim, when the damage is already done. Smart firms are shifting to a proactive stance, using advanced monitoring to spot warning signs in communications before they escalate into serious incidents. This early detection doesn’t just prevent misconduct, it protects employees, preserves reputation, and reduces compliance costs.

The same principle applies to non-financial misconduct. Why wait for a harassment case to make headlines when today's communication monitoring tools can identify concerning behavioural patterns early? Being proactive about detecting inappropriate workplace conduct isn’t just about compliance, it is about creating a safer workplace from the start.

Organisations can and should do more to detect incidents

The FCA has released key findings from its culture and non-financial misconduct survey. In the survey, the FCA looked at how firms monitor non-financial misconduct incidents and address those issues. The results show that the most common method for detecting these incidents is through grievances or similar formal escalation processes. However, the use of surveillance tools remains minimal, which begs the question: why are these organisations not utilising tools that could significantly simplify the detection of these incidents?

In recent years, mobile communications have become dominant in many forms of business. Business is conducted everywhere and at all times. While this shift enhances efficiency, it does pose challenges for regulated industries. People are increasingly comfortable engaging through mobile devices and communication applications, making it essential for firms to utilise available technology to capture and monitor these communications for any signs of misconduct. Failure to do so can lead to significant financial and reputational damage.

Global implications: Reputation, regulation, and reality

Having spent more than 15 years in banking, I have seen firsthand how reputation drives decision-making at major financial institutions. While fines for non-compliance are substantial, reputational damage is what keeps executives awake at night. I remember when simple prohibition policies were considered sufficient. They weren’t then, and they certainly aren’t now.

I see strong parallels with how GDPR transformed data privacy. What began as a European initiative quickly sparked global change, leading to regulations like California’s CCPA. The same pattern is emerging with non-financial misconduct. From my banking days to my current work, I have watched as localised regulatory requirements inevitably become global standards.

The question isn’t whether other regions will follow the FCA’s lead, but when. Smart firms will implement comprehensive monitoring and prevention programs now, rather than waiting until regulatory pressure forces their hand. Given what’s at stake – reputation, talent retention, and client trust – the choice is clear.

Smarsh Capture

Capture everything, everywhere it matters

Learn More

Share this post!

Author
Recent Posts

Shaun Hurst

Technical Director, International Markets at Smarsh

Shaun Hurst is the Technical Director for International Markets at Smarsh. He has over 18 years of experience solving complex IT challenges for Financial Services Institutions, and is a subject matter expert in topics like E-Discovery, Regulatory Requirements, Data Privacy and Cloud Computing.

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work

More Resources