In Regulatory Wrap for the week to March 20, Rob Mason discusses the growing trend of compliance teams attempting to uncover unapproved communications use by sending “phishing” messages on channels like WhatsApp.
In this week’s Regulatory Wrap, we explore whether compliance teams sending their own staff “dummy” messages via channels like WhatsApp and Signal to unearth off-channel communications is really an effective solution.
1. Reports have identified that compliance teams are sending “dummy” messages on platforms like WhatsApp and WeChat to unveil whether staff are using unapproved channels for business communications
2. Some firms are also beginning to utilize access stations, which require employees to leave personal devices behind upon entering the office
3. In 2025, an FCA survey found 178 off-channel communications breaches reported across 11 firms over the course of just 12 months, with over 41% coming from senior staff using channels like WhatsApp and Signal
4. These off-channel communication phishing tests highlight that recordkeeping is still a focus for firms as well as regulators
5. As regulators continue to flag widespread breaches, including many that involve senior staff, are these tactics addressing the root of the problem?
This week’s Regulatory Wrap is brought to you by Global Relay’s Director of Regulatory Intelligence, Rob Mason.
In place of “phishing” tests, firms can look to implement communications capture tools to ensure maintaining records of messages sent across all channels used for business.
