NatWest just banned staff from using WhatsApp at work – here’s why

UK bank NatWest has blocked staff from using a range of unapproved messaging apps in a bid shake up internal communications practices.

According to reports from the BBC, NatWest has removed access to consumer messaging platforms such as WhatsApp, Facebook Messenger, and Skype on work devices, telling staff to stick to approved channels instead.

“Like many organizations, we only permit the use of approved channels for communicating about business matters, whether internally or externally,” a NatWest statement said.

Approved channels keep a record of communications where other messaging applications may not store messages. Several big-name banks in the US, such as JPMorgan Chase and Wells Fargo, have received regulatory flack over staff using poorly recorded comms channels.

While this practice is particularly important in financial services or other industries where high-risk data is processed, using proper communication channels is crucial for any enterprise, Element CEO Matthew Hodgson told ITPro.

“An organization’s choice of communication tool is not merely a technical decision but a governance imperative, which is of particular importance to financial sector organizations like NatWest, given the sensitive nature of the data they handle everyday,” Hodgson said.

“Anything less risks not just operational inefficiency, but the very foundations of accountability,” Hodgson added.

Despite this, restrictions of this kind have reported limited success. A 2023 report from Global Relay found that while 59% of respondents had committed to bans on WhatsApp and similar applications, only 2.6% considered the move an effective solution that would withstand regulatory scrutiny.

Good comms is good business

Selecting specific communication tools for business use can help in a variety of ways, according to Robert Cruz, VP of information governance at Smarsh. For example, it can make the governance process of evaluating new communications tools evergreen.

“New tools will emerge, and clients will continue to ask to engage on tools that are not currently supported. Having a process in place allows you to be agile and responsive to the business while ensuring that your controls are effective,” Cruz told ITPro.

Cruz gave the example of a business wanting to conduct communications on Telegram, which would only be possible if the business had determined it could manage the technology and potential compliance risks.

Having approved comms guidelines also allows staff from different departments to input into comms decision-making, Cruz said. Employees may have preferences for new tools, he added, and stakeholders from across the businesses can help decide whether the benefits exceed the risk if comms management is in place.

Comms management is a boon for IT 

Concerning the IT department specifically, clear-cut comms policies can enable more efficient and more effective responses to certain problems in the business, Cruz said.

Such problems include regulatory inquiry, litigation, or internal investigations, which can be dealt with as and when they arise. The alternative here could become time-consuming and an inexact process that requires collecting content from a range of unmanaged sources and devices.

It also allows IT teams to manage data protection guardrails across communication channels in a comprehensive manner, Cruz said, which can aid in matters of security and ensuring compliance.

“The due diligence that goes into determining which tools can be approved for use (typically, via IT partnership with compliance) can eliminate surprising vendor practices later,” Cruz added.