Financial advisors love WhatsApp, and who can blame them? It’s convenient, secure, and reliable—pretty much everything its users could ask for.
But there is a flipside. Most financial institutions have struggled to harmonise their growing WhatsApp use with compliance regulations. In September 2022, the SEC issued a hefty $ 1.8 billion in fines to several banks and brokerages, for failing to appropriately monitor WhatsApp client interactions.
Some say it’s a matter of lacking the tools.
But a solution IS available and has been for some time. Which means you get to benefit from the convenience of WhatsApp without jeopardizing your reputation and bottom line.
This guide explains how to cover your bases using GuardREC® Compliance. We’ll discuss the most important features, how to get started, and address common user questions.
We hope you find it helpful.
Best regards, on behalf of the GuardREC team,
 |
 |
|
Joachim Thougaard |
Bjørn Loe |
Capturing WhatsApp data using GuardREC® Compliance
Audits: How to retrieve recorded WhatsApp data
Automatic Transcription: A godsend for audit work
Compatibility and supported platforms
WhatsApp desktop and WhatsApp Web
Book a live demo and see how GuardREC® Compliance works
Recommended reading (clickable links)
With more than two billion global users, WhatsApp is the most used instant messaging app today. One of the main reasons why WhatsApp has become such a popular platform, is its versatility. You can call, text, send audio messages, attachments and invite additional participants into the dialogue.
“Many users and organisations have been penalised for failing to properly record and archive client dialogues.”
For financial institutions, the versatility allows for smooth client interactions, which is great. But, with respect to compliance departments, the multi-modality is also a challenge. Many users and organisations have been penalised for failing to properly record and archive client dialogues. They have simply lacked a technical solution for compliant use of WhatsApp.
The following shows you how to bridge that gap.
As outlined below, GuardREC® Compliance records everything you do in WhatsApp.
To get started capturing WhatsApp, you submit your designated users’ phone numbers. Next, they each install a “recorded” WhatsApp application, which they can use in parallel with their regular/personal WhatsApp app.
The software solution will then capture all the WhatsApp data associated with the activated phone numbers.
Captured data will be archived and organized in the GuardREC® Compliance solution. From there, it can easily be retrieved, reviewed, and exported to regulatory authorities in the relevant file formats.
|
What is GuardREC® Compliance? GuardREC® Compliance is a compliance recording solution for financial services. It allows you to securely record customer dialogue via e-mails, SMS, Microsoft Teams, WhatsApp and more. GuardREC® Compliance provides:
Hosting is done in the cloud, which means there’s no software to install. GuardREC sets up the account for your organization, based on your specifications. Each of your compliance officers log in using their own user details. |
There’s no need to boot the solution separately. If the phone number is registered and activated in the GuardREC® Compliance solution, WhatsApp recording/capture runs in the background.
Note that we capture data through the recorded WhatsApp app. Communications to or from the regular WhatsApp app will not be recorded.
Not all communications are business matters.
GuardREC® Compliance lets you whitelist phone numbers from your spouse, kids, family, or other private contacts.
That way, you honour their privacy and avoid recording unnecessary data.
For complete separation between business- and private communications in WhatsApp, some of our customers use two phone numbers: One for business and one for personal matters.
|
What is whitelisting? Staff at financial institutions typically use the same devices for professional and personal communications. You can add private contacts to the GuardREC® Compliance solution, and label them accordingly. GuardREC® Compliance then knows not to record those communications. This is called whitelisting. Whitelisting helps you uphold privacy rules. It also frees up storage space because you only capture work-/compliance-related data. |
Authorised users can search for and retrieve recorded WhatsApp data via the GuardREC® Compliance interface.
Searching within text data (e-mails, chat records, attachments) has always been straight-forward. But what about audio messages and phone call recordings?
Conventionally, audio has been a headache. Given the depth of client data, there used to be no way compliance teams could comb through it all to verify compliance. Risk-based, random sampling became the norm; listening through all audio recordings is just too resource intensive.
That’s why we decided to turn that audio into text.
To GuardREC® Compliance users, “Automatic Transcription” has fast become a favourite feature.
It makes light work of review processes, transcribing audio files rapidly and accurately. After just a few minutes of processing, hours-worth of audio appears before you in searchable text. It’s exactly what you need for ensuring compliance, and for highlighting potential anomalies.
“After just a few minutes of processing, hours-worth of audio appears before you in searchable text.”
Automatic Transcription works with audio data from all sources, including WhatsApp (audio messages and phone recordings), conventional phone calls, audio messages, Microsoft Teams audio (calls, conferences) and more.
It really is a game changer for compliance officers, as it allows you to direct your competence to the tasks that matter. No wonder one of our users exclaimed: “We’ve been waiting for this for 20 years!”
To learn more about the Automatic Transcription feature, you can find additional info in the Recommended reading section further down.
The WhatsApp recording solution mirrors the platform compatibility of WhatsApp itself. It works on both iOS and Android.
WhatsApp is a cross-platform app available for mobile, desktop, and web browser. GuardREC® Compliance supports all three. Consult the table below for a complete overview of supported modes for the respective platforms.
There are a few limitations worth noting:
*Should this limitation be at odds with your compliance policy, note that our solution enables you to block WhatsApp Desktop and WhatsApp Web for employees. This does not inhibit users from using WhatsApp for mobile.
Yes. For client communications, financial authorities require you to meet three requirements:
Our WhatsApp solution enables you to do all three, via one interface.
Zooming out, GuardREC® Compliance is designed to capture and make available all relevant data from client interactions. Whatever platforms you rely on — WhatsApp, Teams, phone calls, e-mail, and others — GuardREC® Compliance will grab that data, archive it securely, and allow you to retrieve it upon request.
Getting started is simple. Here are the steps involved:
*GuardREC provides all the necessary information and support upon registration.
If users intend to only use the chat functionality in WhatsApp, there’s no need to install an app. However, if they wish to use WhatsApp for phone calls, they need to install an app for the call data to be captured.
We will advise on the required steps in due course.
No, recording is policy-based and runs in the background. As long as GuardREC® Compliance is activated centrally, WhatsApp data associated with your registered phone numbers is automatically captured and archived.
Yes, GuardREC® Compliance records all data — attachments, photos, images — that enters the WhatsApp dialogue, from all chat participants. The only thing it does not record is the images from video calls (but it captures the audio from those calls).
If a user deletes a message, it will not disappear from the GuardREC® Compliance solution archive.
GuardREC® Compliance captures data upon arrival. It is then archived in a separate location from the user’s device. A user may delete messages/data from their own device, but they will not be able to erase data from the central archive.
For audit trail purposes, the "entry deleted” event will also be recorded and visible in the chat.
Some clients engage with multiple employees, who in turn may not identify those clients by the exact same names. For instance, let’s say a client’s name is Mr. Robert Records. User A could refer to the client as ‘Robert’, user B might prefer ‘Rob’ or ‘Bob’, and user C ‘Mr. Records.
No problem.
When it comes to WhatsApp recording, the phone number is the identification property. All activity involving a unique phone number will be attributed to it.
WhatsApp is end-to-end encrypted, but that does not affect our ability to capture the data.
GuardREC® Compliance captures the data before encryption on the way out (send), and after decryption on the way in (receive).
Barring any company restrictions, users can use the device(s) of their choosing.
The only thing to keep in mind is to make sure they all get registered in the recording solution. Switching between units, for instance when you get a new phone, is no problem, assuming the registered phone number is carried over to the new device.
WhatsApp accounts follow phone numbers, not devices.
With respect to whitelisting:
Associates who frequently use WhatsApp for personal correspondence, will likely benefit from a separate phone number intended specifically for conducting business via WhatsApp.
Indeed, many of our users have two phone numbers (on the same phone), ensuring complete separation between business- and private communications in WhatsApp.
Keep in mind user needs vary. Dual phone number considerations can be determined on an individual basis. WhatsApp can be activated on both personal numbers and business numbers.
Note: Dual sims and e-sims are also viable options.
“Many of our users have two phone numbers (on the same phone), ensuring complete separation between business- and private communications in WhatsApp.”
It is technically possible to whitelist private groups, but it’s not an option for the time being. We’ve made it a roadmap item and are looking to roll it out in the near future.
While you probably have a good idea of which numbers and contacts to whitelist upfront, you sometimes need to whitelist communications in retrospect.
That could be anything from a phone call from a plumber to a private e-mail.
GuardREC® Compliance lets you whitelist/mark as private historical records. The data will then be deleted from your archive. Future correspondence via the same channels will not be captured.
That’s entirely up to you.
Broadly speaking, you have two options for setting up GuardREC® Compliance.
1) GuardREC-hosted solution in your preferred Microsoft Azure’s datacentres.
2) Self-hosted solution to your on-premises/private cloud architecture.
Thank you for reading our guide. Now that you know the basics, you might want to explore the solution a little further. Is GuardREC® Compliance the right fit for your WhatsApp needs?
To find out, we recommend you book an appointment for a live demo. It consists of two parts:
Sounds good? Follow the link below to secure your preferred time slot.
Best regards,
Team GuardREC
Guide: Compliant use of WhatsApp
Fill out your details below to download the complete whitepaper:
Powerful compliance software for recording WhatsApp calls and instant messages, enabling you to uphold the MiFID II recording requirements efficiently and cost-effectively.
