News analysis

Social media fines hit US financial workers

by Dan Byrne

Social media fines are widespread in the US after a landmark reprimand last year. If 2022 has taught us anything, it’s to use services like WhatsApp with extreme caution.

This week, another significant US financial firm fined its own employees for failing to handle sensitive information online correctly. 

It’s the latest chapter in a long-running saga surrounding the unauthorised use of social media to communicate about business matters. 

In an age where digital capabilities have become crucial to daily business, firms are increasingly eager to show authorities that they take cyber responsibilities seriously.

What happened?

Investing and financial services firm Morgan Stanley has issued find multiple bankers within its own ranks. The penalty: conducting business on messaging platforms – chiefly WhatsApp. 

Some of the fines are little more than a few thousand dollars. Some of them, however, go beyond $1 million. The difference depends on several factors, like seniority and the seriousness of the breach.

Why fine their own employees?

The firm is following several others in trying to be info-conscious in the wake of a reprimand from US authorities last year. 

In September 2022, the Securities & Exchange Commission (SEC) – America’s market watchdog, and the Commodity Futures Trading Commission (CFTC) announced combined fines of over $2 billion against Morgan Stanley and 14 other big US firms. 

The offences were “widespread and longstanding failures by the firms and their employees to maintain and preserve economic communications,” according to the SEC. 

Morgan Stanley was dealt penalties of roughly $200 million as part of this settlement.

What were the governance failures?

Legally, the social media fines are because of communications in channels other than official work emails or chat platforms. Any messages sent or received this way would be unavailable in future audits, reviews or investigations. 

No executive team or board wants the displeasure of needing the record of a conversation only to find that it took place through WhatsApp.

On a deeper level, though, the case was a failure to craft the right culture – one that respects data safety. 

The SEC and CFTC’s joint findings indicated that employees of all fifteen firms routinely messaged each other “sacrosanct” information through insecure channels. 

In other words, there was little (if any) advice from governance levels that this kind of thing should have been avoided.

Is it good that some firms choose to fine their employees?

It certainly makes financial sense. Many of these firms had to set aside sizeable chunks of cash to pay for their employees’ mistakes. It’s easy to see why passing that burden would be considered fair.

Additionally, it could be a future-proofing attempt. Corporate leaders may believe that passing the burden now will hammer home the seriousness of the situation in the hope that it won’t happen again.

Ultimately, though, passing on punishment is nothing compared to crafting good company culture from the start.

While boards and management often focus on cultural issues like workplace courtesy and team-building, other crucial issues like information-sharing can fall by the wayside. 

This won’t work long-term, especially not for any business handling confidential data. 

In the past few months, it has emerged that Morgan Stanley gives specific training to employees on secure channels to have work conversations. Whether it’s a blueprint for other firms or a box-ticking exercise remains to be seen.

Diploma in Corporate Governance

Enhance your career as a director. Develop the practical knowledge, insight and global mindset to be a great board director.

Tags
Culture
Data protection
Governance