Written by a human
Regulatory Wrap episode 78: Phishing fire drills ring compliance alarms
In Regulatory Wrap for the week to March 20, Rob Mason discusses the growing trend of compliance teams attempting to uncover unapproved communications use by sending “phishing” messages on channels like WhatsApp.
In Regulatory Wrap for the week to March 20, 2026:
Highlights:
- Reports have identified that compliance teams are sending “dummy” messages on platforms like WhatsApp and WeChat to unveil whether staff are using unapproved channels for business communications
- Some firms are also beginning to utilize access stations, which require employees to leave personal devices behind upon entering the office
- In 2025, an FCA survey found 178 off-channel communications breaches reported across 11 firms over the course of just 12 months, with over 41% coming from senior staff using channels like WhatsApp and Signal
- These off-channel communication phishing tests highlight that recordkeeping is still a focus for firms as well as regulators
- As regulators continue to flag widespread breaches, including many that involve senior staff, are these tactics addressing the root of the problem?
This week’s Regulatory Wrap is brought to you by Global Relay’s Director of Regulatory Intelligence, Rob Mason.
In place of “phishing” tests, firms can look to implement communications capture tools to ensure maintaining records of messages sent across all channels used for business.