What’s the Business Case with Personal Devices at Work?
As most of my social network knows, I have been spending the best part of the past 3+ years talking about personal mobile device usage in banks, and more specifically on regulated trading floors. I discuss the problem at industry events, with regulators, with most Tier-1 and Tier-2 banks, investors and whoever asks what I do. I must confess that every now and then, the very problem even frequents my dreams, that’s how invested I am in making that change in regulated workplace as far as personal devices are concerned.
With the recent $200M regulatory fine to JPMorgan just two months ago, you would think that by now the financial industry would really understand the problem, grasp the size of it and are finally geared up to do something about this. Until last week when a Tier-1 bank risk professional asks you – so what’s the business case you are addressing? Seriously?
Let’s look at the ‘Elephant in the Room’, which is a perfect metaphor for our situation. Unmonitored personal devices on regulated trading floors are such an obvious problem. It is an enormous issue, which regardless of being regulated for over 10 years, the relevant decision makers do not want to discuss it, address it, or do anything about this, as for all this time, there have been no ramifications to doing nothing.
What is the current status quo on trading floors?
Regardless of their corporate mobile device policy, i.e., whether they ban personal devices outright, allow the devices to be used in emergencies only or implement the BYOD policies, the following can be said for about 99% of the investment banks with regulated trading activities.
- The banks have no visibility over any personal device that is brought to a regulated space.
- The banks keep no appropriate records over personal device usage.
- The banks have no idea how to transparently address the related privacy concerns and assure their employees that only device usage is monitored and #nocontent.
Why should personal mobiles be monitored at workplace?
As mobile security has been my professional career for over 15 years, I always struggle coming up with the TOP3 pain points keeping at high-level. In the context of regulated trading floors, however:
- Mobile phone is a perfect tool to pass on information quickly and freely. In their current unmonitored state, the banks have no idea whether and how these devices are being used. Even in policy scenarios where personal devices are fully banned.
- Mobile devices present an enormous security risk. They are always online (unless switched off), connected to any available network and can be interacted with without the owners’ knowledge.
- Smart devices make personal trading and insider trading incredibly easy. In most cases, personal devices on trading floors are not monitored on the grounds of privacy concerns and employee wellbeing.
- Personal devices today come with a growing number of connected devices such as headphones, smartwatches, and most recently smart glasses that nobody monitors. By visual observation, you have no idea whether I’m wearing analogue or smart glasses. (Sorry I know this is #4, told you).
In all fairness, the regulators have not been clear on what they want from the banks regarding personal devices. This has resulted in everybody improvising according to their own needs. The current go-to culprit is the IM monitoring and some of the banks creating their own chat platforms that connect to all other known platforms. In reality, this only solves about 10% of the problem, i.e., the banks still do not have any visibility of the personal device usage in their regulated domains. And why would you build a solution to address a complex problem and end up addressing only a fraction of it?
In the end, as with anything in life, we all have a choice. The banks can continue staring and ignoring the Elephant in the Room, hoping that the regulators won’t hit or they’ll be the next JPMorgan writing $200M off from their profit lines. Or else, solve a problem with a fraction of the cost?
Contact me to find out how you can solve this problem today.