UK investment banks taking ‘huge risks’ with unregulated Instant Messaging

UK-based investment banks could be putting themselves, and investors, at risk by allowing workers to use unregulated Instant Messaging (IM) networks to exchange business and financial information, according to research published by Vanson Bourne Research and FaceTime Communications. The results show that around half of the UK investment community admit that the use of IM networks are widespread within their organisations and that important transactions are being made via free IM networks such as AOL, MSN and Yahoo!

The survey questioned the IT departments in 50 leading UK corporate and investment banks on the use of IM technologies. The responses show that IM is a technology widely used but poorly controlled among leading institutions.

The results show that:
* Nearly half of companies are certain that employees are using IM. 1 in 10 companies do not know for sure (due to the fact that IM is available for free).
* Despite the fact that 60 per cent of institutions admit that traders and brokers are the main users of IM, two out of the top three IM networks used are public ones such as MSN and Yahoo!
* 77 per cent of companies believe that IM will replace the use of e-mail in some cases.
* Half of businesses that have IM concede that business and personal usage are intertwined.

"Headline financial transactions are being done effectively 'in the wild' - in the same breath as comments on Big Brother or the latest Chelsea signing and with tools that are free on the Internet," said Glyn Baker, UK director of Business Development at FaceTime. "Unregulated conversations are harmless fun for your average consumer, but not in a high profile, high value industry with strict corporate governance standards."

The 'real-time' nature of IM makes it the perfect tool for traders to exchange information in small informal networks which can span continents and time-zones, but the research show that policies on managing and tracking these communications have not been implemented in the same way as for e-mail or other forms of interaction. 36 per cent of responding firms have a company policy to restrict IM, 27 per cent tolerate it and 18 per cent encourage it. 1 in 5 companies do not have a policy.

In the US, financial institutions are required by law to audit and track all electronic messages, explicitly including IM. Bodies such as the Securities and Exchange Commission (SEC), National Association of Securities Dealers (NASD), and legislation such as the Sarbanes-Oxley Act (SOA) are all increasing the regulatory burden on financial institutions. In the UK, the Financial Services Association (FSA) is less prescriptive currently but companies need to be sure IM isn't being used as a conduit to break other regulations or policies.

"Instant Messaging has developed into a serious business application within the financial community which is now used alongside the phone and e-mail for front-office communications," said Graham OpiesKevin Withnall, director at Vanson Bourne Research. "Monitoring of e-mail is now corporate policy for most institutions but regulatory pressure does not yet seem to have extended to IM conversations that happen on free, public networks."

Some institutions have chosen to ban IM completely rather than manage its use. However, even amongst those companies who disallow IM as corporate policy, only 1 in 3 has specific technical blocks in place. 40 percent of these companies admit that instances of IM usage have already been uncovered or could be happening at the moment.

"Simply banning IM usage is not the answer," added Glyn Baker. "IM is a great personal productivity tool that has some clear business advantages. It's better to let people use this technology to do their jobs but have the right controls in place just like we do for e-mail and telephone calls."

•Date: 7th August 2003 • Region: UK •Type: Article •Topic: Information security
Rate this article or make a comment - click here