$1.8B SEC Fines have FinTechs Rethinking Mobile Device Strategies: Tips for Compliance and Control  

Financial firms are under pressure in 2023 after two federal agencies fined 16 Fintech firms $1.8 billion for failing to comply with industry regulations because their employees were using personal devices to do their work. Here’s what happened and how you can evaluate the effectiveness of your mobile device compliance strategy. 

16 Fintech Firms Fined Billions for Non-Compliance

On September 2022, the U.S. Securities and Exchange Commission (SEC) doled out $1.1 billion in fines to sixteen Fintech firms after they found the firms had violated recordkeeping requirements related to federal securities laws. And it was a one-two punch. At the same time, the Commodity Futures Trading Commission (CFTC) hit them with $710 million in penalties for recordkeeping failures as well as “failing to diligently supervise matters related to their businesses.” 

The core issue was mobile devices and employees using personal phones for work-related purposes.  

Company-client communications were happening off corporate networks, meaning the firms couldn’t maintain, preserve, or produce records related to personal devices. The SEC referred to this as “pervasive off-channel communications” and “widespread use of unapproved communication methods.” 

While arduous regulations are no stranger to the financial services industry, this moment is being marked as a clear wake-up call for Fintech executives. This single incident has leaders reconsidering mobile device strategies with a fresh perspective on Bring Your Own Device (BYOD) policies.  

Rethink Your Mobile Strategy

Using unsanctioned applications and uncontrolled communication channels, personal devices can allow for private “off-net” messaging. With this latest example of what can happen to companies in violation of regulations, executives have a new level of seriousness toward mobile data discovery, recovery, and recordkeeping. 

So, what should be considered when reevaluating your mobile strategy? Take a look at these facts: 

While most companies currently use a BYOD approach to mobile phones as well as a corporate-owned approach to laptops, most aren’t confident they are currently using the right strategy. Security and compliance risks quickly outweigh the conveniences of BYOD. Research firm Nemertes takes a deep dive into this in their guide “Is your Mobile Management Ready for Prime Time?” and offers this insight: 

For larger organizations, Nemertes sees anywhere from 40% to 75% of corporate systems mobile-accessible, and up to 90% for smaller organizations. This is especially the case for newer generations of workers, who came into the workplace with the expectation of BYOD, and who see mobile apps and remote work as a birthright and right-to-work. As mobile applications and mobile-enabled platforms became standard practice, shifting mobile work from a “nice to have” to mission critical, their reliability and security became more valuable than ever. 

Visibility and Control Over Your Mobile Fleet

When introducing mobile governance, it helps to address both mobile devices and cloud applications together, as the two are tightly intertwined. First take stock of your mobile devices, the ownership of each, and all applications in use. An accurate inventory is the primary step in gaining visibility and control for both recordkeeping compliance and security purposes.  

Glean Intelligence from an Accurate Inventory: IT expense management platforms (like Tangoe’s) are good at helping identify all assets in the corporate fleet as well as all cloud applications (sanctioned and unsanctioned) in the IT environment. This will serve as a launchpad for policy decision making and Shadow IT discovery processes that can reveal both monitored and unmonitored communication channels needing tighter control and necessary recordkeeping. Usage audits and application security intelligence can also be helpful in knowing not just what you have but how it’s being used to communicate with clients and the risk of your current usage. 

Simplify Compliance using Technology: Can’t see into your devices? Consider Mobile Device Management software, or Unified Endpoint Management tools to insert more control over mobile devices and their applications. These technologies make it easier to manage policies, security and other aspects of both corporate-owned and employee-used mobile devices of all types. Businesses use this software to authorize and issue devices, track their use, monitor communications, enforce security policies, secure lost or stolen devices, and ensure compliance. In the case of BYOD, they also help partition personal applications from corporate ones. Tangoe pairs these technologies with our mobility management services.  

Question Your Operating System: Whether you’re moving from a BYOD approach to a corporate-owned approach or tightening your existing policy, question whether standardizing your mobile device operational platforms will help ease the burdens of compliance. Tangoe is recognizing some early trends in response to the recent SEC news — our financial services clients are formalizing around either Apple or Android products.   

Consistency is Key: Compliance often slips through the cracks at key junctures in the mobile device lifecycle. That is particularly the case as employees enter and exit the firm or when newly purchased devices are set up or activated for service. As such, the key to consistent compliance is a disciplined approach across the full device lifecycle. And of course, Tangoe has a team of people and services helping firms do just that. 

The Confidence of Mobile Compliance

It’s easy to feel overwhelmed by the vast responsibilities of mobile compliance, but take comfort in the fact that most CIOs describe themselves as in a “governance phase” in 2023. That’s no surprise given remote work and accelerated digital transformation have gone unconstrained over the past three years. With the possible threat of fines, clear lines now need to be drawn to keep all work-related conversations on corporate networks where communications are accessible and can be captured and managed.  

Drawing those lines is a step-by-step process that starts with evaluating your current approach, understanding what assets are in use, and seeing where your fleet is falling short of the regulations. Don’t be afraid to make drastic shifts in your strategy, establishing all new mobile usage policies. This is far better than finding out the hard way, paying millions in fines. 

Ready for a mobile compliance partner? Tangoe stands ready to reel in your fleet and cloud applications, putting the right checks and balances in place. The best part: With Tangoe you can manage your mobile fleet, your cloud apps, and your telecom services in one platform. Unlike our competitors — one partner does all that. Get a demo.