It all started with a simple WhatsApp message.
A client messaged me late one evening to confirm something about a deal we were working on. It felt harmless at the time, a quick answer, no need for emails. But the next morning, it hit me. That conversation now lived outside our official systems. No record. No audit trail. Nothing we could show if we were ever asked about it.
That’s when I started looking more closely at how messaging apps like Slack, WhatsApp and Messenger are really being used in the workplace. What I found was eye-opening.
They’re brilliant for collaboration, but risky for compliance
I completely understand why teams love these tools. They’re fast, convenient and make it easy to stay connected, especially when people are working remotely or across different locations. I’ve used them myself, and still do, in the right context.
But in regulated sectors like finance, legal and healthcare, using them without proper controls can create serious problems. The Financial Conduct Authority, FCA, has made it clear that “off-channel” communications – those that happen outside approved systems – are not acceptable. They’re backing that up with action.
Just look at the fines handed down to firms like Citi and Goldman Sachs. We’re not talking about small infractions; we’re talking millions of pounds and very public damage to their reputations.
What I’ve seen in practice
I’ve worked with several organisations where staff were using WhatsApp or Slack for client chats, internal discussions, or even sending documents, without any oversight or policy in place. When I asked how those conversations were being archived or monitored, most of them looked blank.
And that’s the danger. These tools feel informal and harmless, so people forget the risks:
- Messages are not always archived.
- Key records can be lost or deleted.
- You could be in breach of GDPR, FCA rules, or other regulations.
- There’s a real risk of fines or reputational damage if something goes wrong.
What you can do right now
Over time, I’ve helped businesses put simple but effective guardrails in place to stay compliant without disrupting how people work. Here’s what I usually recommend:
- Choose your approved communication tools carefully and make sure everyone knows what they are.
- Run training sessions so staff understand what’s at stake, and what’s not allowed.
- Use archiving tools that can monitor and securely store conversations.
- Regularly review your communication policy and update it when tools or regulations change.
It’s not about stopping communication, it’s about staying in control
People will always take the easiest route unless you guide them otherwise. That’s not a failure, it’s human nature. But in regulated industries, the cost of ignoring these risks can be huge.
If you want to get ahead of the issue, I’d be happy to help. Let’s have a chat about how to keep your team connected without putting your business at risk. Just reach out here and let’s make sure your communications are as secure as they are convenient.
Jay Williamson – Head of Commercial, Think Connect
