February 5, 2023

Volume XIII, Number 36

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).

February 03, 2023

Subscribe to Latest Legal News and Analysis

February 02, 2023

Subscribe to Latest Legal News and Analysis

What’s Up With the SEC’s Probe Into the Use of WhatsApp?

Instant messaging apps—WhatsApp, Facebook Messenger, Snapchat, Telegram, Signal, and iMessage, to name just a few—have become ubiquitous in the 15 years since Apple released the first iPhone.  Chances are that you have one or more of those apps on your phone right now.  If you are in the financial services industry, beware.  In October it was reported that the U.S. Securities and Exchange Commission’s recent investigation of broker-dealers for violation of regulations relating to use of personal messaging devices, such as WhatsApp—which resulted in over $1.8 billion in fines to 16 financial institutions—has broadened to include investment funds and advisers.

According to individuals familiar with the inquiry, the SEC has issued document requests and preservation notices to a number of investment funds and advisers relating to their policies regarding employee use of personal devices and messaging platforms.  Under SEC Rule 204-2, every investment advisor registered or required to register with the SEC needs to follow certain record retention rules, including preserving originals of written communications.

In an effort to comply with SEC and FINRA recordkeeping requirements, financial institutions frequently require employees to communicate with each other and with clients exclusively through email and company-provided messaging programs, where messages can be monitored and preserved.  The rise of remote work during the pandemic made enforcing personal device bans challenging, though the SEC’s investigation of broker-dealers did uncover pre-2020 violations.

Even as major banks and other financial institutions are leading a push to bring workers back to the office full time, employees at many financial institutions are still working from home at least a few days a week.  Communication habits built while working from home may follow employees as they return to the office.

So too has the challenge of speaking to customers who may prefer to use apps like WhatsApp that for many are an easier and more immediate way to communicate.  When employees receive work-related messages on their personal phones, some companies now require them to take a picture of the message and forward it to compliance for preservation.

The SEC’s focus on personal device usage underscores the importance of effective internal controls on the technology employees use to communicate about work.  It is becoming rare for government investigations and civil litigation not to involve text messages and other messaging apps.

Preserving and collecting data on employee personal devices presents unique challenges.  Unlike email data, which typically can be preserved and collected by an organization’s IT department without an employee’s knowledge or involvement, changing the retention settings on an employee’s mobile device or exporting messaging data typically requires the employee’s cooperation.  An organization that does not have robust policies related to the use of personal devices may have a difficult time compelling employees to allow collection of data from their personal devices, especially if the employees see the potential for collection of their personal messaging data as an invasion of privacy.

In addition, mobile device software and instant messaging platforms are rapidly changing.  For instance, Apple’s new iOS16 mobile operating system, which powers new iPhones, allows users to edit and unsend messages.  Organizations and their counsel must stay abreast of these changes to effectively preserve and collect message data.

Collecting instant messaging data from applications like Slack and WhatsApp often requires use of third-party programs in addition to traditional e-discovery platforms.  Counsel well-versed in the use of these programs can guide an organization to the solutions best suited for their particular scenario and can help ensure that document review costs are not needlessly inflated by reviewing thousands of messages in which employees talk about where to go to lunch.

Moreover, mobile device and instant messaging data have unique metadata, such as fields indicating that a message has been deleted.  Engaging counsel who understand how to identify that metadata can give your litigation team an edge, while failing to adequately understand the unique aspects of mobile and instant messaging data can leave your team unprepared and see your witnesses taken by surprise in depositions.

Finally, failure to preserve and produce mobile and instant messaging data can, in extreme cases, lead to sanctions up to and including default.

A well-thought-out—and well-enforced—policy regarding personal device usage is a crucial first step in preventing expensive headaches for organizations and potentially intrusive searches for individual employees, especially in an industry as heavily-regulated as the financial services industry.  But at the end of the day, there is no compliance measure that can stop an employee who wants to use a prohibited messaging device.  In the event that employee messages do end up as the subject of a document request, engaging experienced counsel with expertise in the preservation, collection, and review of mobile device and instant messaging data can help your organization respond to the request effectively and efficiently.

Copyright ©2023 Nelson Mullins Riley & Scarborough LLPNational Law Review, Volume XII, Number 333

About this Author

Matthew G. Lindenbaum Financial Litigation Attorney Nelson Mullins

Matthew represents companies in high-stakes litigation with an emphasis on class action defense in the automotive and financial services industries, including the emerging crypto-currency industry. He also defends companies and individuals in government investigations and enforcement actions involving the United States Department of Justice, the Securities and Exchange Commission, and conducts internal investigations for companies and special board committees.

Matthew is the leader of Nelson Mullins’ Boston Litigation Team and has been...

Robert L. Lindholm White Collar Defense Lawyer Nelson Mullins

Rob focuses his practice on government investigations and white collar defense, high stakes business litigation and class action defense, and e-discovery and litigation readiness. He represents financial institutions, Fortune 500 companies, private equity firms, hedge funds, and companies/individuals involved in the cryptocurrency industry in a wide array of internal/government investigations and commercial litigation.

Soren Young Government Investigation Attorney Columbia

Soren practices in the areas of government investigations, class action defense, high-stakes business litigation, and consumer and commercial arbitration, primarily on behalf of clients in the financial services, pharmaceutical, and FinTech industries, including the emerging cryptocurrency industry. Soren has experience responding to inquiries, enforcement actions, and litigation from the Office of Foreign Assets Control, the Securities and Exchange Commission, the United States Department of Justice, and state attorneys general. Soren uses his deep knowledge of e-...