Banks’ monitoring of Whatsapp messages

The news that one of JP Morgan’s most senior credit traders has become the latest Wall Street employee to get swept up in the industry’s concerns over the use of WhatsApp, raises the issue of banks’ rights regarding the monitoring of their employees’ electronic communications.


Although this matter relates to a US-based employee, it is worth revisiting the legal position in the UK as such conduct is certain to be the focus of the banks and regulator in the UK soon.


The facts – a senior trader was placed on garden leave as the bank reviews whether he broke its policies by using WhatsApp group chats with colleagues. The discussions included market chatter, and according to informed sources, the probe so far hasn’t indicated any improper activity. The other members of the group may also face sanctions. Although it is possible that the bank’s review may be concluded with no further action being taken, JP Morgan’s decision to place a senior employee on leave while it looks into the matter is indicative of the seriousness with which banks are grappling with the profusion of new communication platforms.


WhatsApp presents a number of unique problems to entities trying to monitor it. Messages on the service are encrypted from start to finish, and can’t easily be monitored by a compliance department, a problem for firms which have a regulatory obligation to ensure their employees are not engaging in illegal activity such as fraud or insider trading. However, many firms are unsure of how to handle WhatsApp as employees often use it for talking to friends and coordinating their social lives, which makes it hard for banks to prohibit altogether.


The law in the UK


Social media has become embedded into the personal lives of many employees. Since employees are frequently obliged to use technology at work, there has been an increasing blurring of the line between private and work life. The courts have addressed the issue, and the question of how to monitor employees to ensure that they are behaving appropriately was determined in 2016 following the principles decided by the ECHR in Barbulescu v Romania. That case confirms that employers can access private communications but only where there has been an element of pre-warning, the premise of the intrusion is a legitimate one, and the intrusion is proportionate (ie there is no other, less intrusive method of achieving the same outcome).


So where does that leave the banks in respect of Whatsapp?


Subject to defeating the technological barriers surrounding the encryption, employers will be permitted to monitor their employees’ messages if it can be shown that it pre-warned the employees that this will occur, that the objective (to comply with its regulatory obligations) is legitimate, and that the intrusion will go no further than is necessary to achieve its objective.


That will be a challenge in the context of a platform which is used predominantly for social use.


Meaby & Co are lawyers experienced in all aspects of regulatory and employment issues. Should you require advice on any aspect of employment law, including the above, please contact Chris Marshall on 0207 703 5034.