It seems that every year brings another round of SEC and CFTC fines for off-channel communication violations, hitting nearly $2bn in 2022 for unauthorised use of encrypted messaging apps such as iMessage and WhatsApp. Yet, despite the headlines about billion-dollar penalties, advisers, wealth managers, and executives continue to use these platforms.
Why? Because deal speed and client convenience outweigh the financial sting of regulatory fines. High-value clients—hedge funds, corporations, ultra-high net worth individuals—expect their advisers to be accessible on their terms, and regulatory fines are often seen as just another cost of doing business
Go deeper with GlobalData
Off-channel comms, however, are becoming a small part of a larger threat to the banking industry: AI-fuelled identity fraud and quantum-era cyberattacks have joined the list of cyber-related challenges. What’s at risk, however, isn’t just money—it’s the trust that underpins the entire financial system.
Fortunately, emerging security technologies are now available, offering tools to combat these threats, while delivering value to clients and banks.
The current threat landscape
Banking communication tools have always balanced access, confidentiality, and compliance. Bloomberg IB, Symphony, and other platforms offer a secure, centralised environment to conduct secure transactions. However, the massive shift to mobile devices for business communications, accelerated by wider adoption of remote working, has driven many advisers to rely on consumer-grade encrypted apps, undercutting security protections and compliance.
The result: fragmented communication, compliance blind spots, and exploitable vulnerabilities. Federated solutions try to capture conversations across multiple apps, but this patchwork approach leaves firms exposed to interception, impersonation, and data leakage.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataMeanwhile, fraud tactics are evolving faster than IT defences. AI now enables voice-cloning, deepfakes, and synthetic identities that can bypass outdated controls. SIM hijacking and identity takeovers are rising, and remediation costs—both financial and reputational—are spiraling.
Emerging security technologies
The good news: next-generation encryption and communication protocols can balance compliance, security, and client convenience. Here are two technologies that offer immediate protection and compliance.
- Messaging Layer Security (MLS): A new IETF standard that enables enterprise-grade E2EE key distribution and continuous device-level controls. It permits BYOD and company-issued devices to coexist seamlessly and securely on the same platform, without fear of compliance infractions or added security vulnerabilities.
- Post-Quantum Cryptography (PQC): Algorithms vetted by NIST to defend against quantum-enabled attacks. PQC is the necessary upgrade from RSA and ECC protocols that currently protect most of today’s secrets but won’t hold against tomorrow’s computing power.
Together, MLS and PQC provide safeguards against AI and quantum-based threats, allowing ephemeral messaging on all devices while simultaneously archiving all communications for full regulatory compliance.
Identifying a path forward
Trying to make do with existing messaging platforms may work in the short term, but banks are facing major problems if they continue a business-as-usual approach. Federated communication models may help in archiving conversations that are happening on a multitude of communication options, but that is a temporary solution at best. Even if they are successful in getting all the financial advisors, wealth managers and corporate executives to follow the security rules, banks still face insufficient protections from future threats without necessary upgrades to their current messaging and collaboration solutions.
Among these upgrades are key elements essential for secure communications going forward, including the following features:
1 Intelligence-grade Encryption
Covering all modes—text, voice, video, files, archival. Scales across geography and compliance zones.
2 Zero‑Trust Access Control
Every participant explicitly authenticated and authorised for every conversation.
3 Continuous Device & Identity Verification
Validate not only who is talking, but also from what device. (an essential element in an era of AI and mass computing).
4 Ephemeral Messaging
Message burning and remote device wiping to protect against lost or stolen communication devices and compromised accounts.
5 Encrypted Archives
Immutable, discoverable archives that are only accessible by the business, never by the service provider.
6 Post‑Quantum Cryptography
Quantum is coming fast. Those encrypted communications today might be cracked tomorrow without embedded quantum-resilient safeguards.
7 Role‑Based Conversation Management
Participation in confidential discussion channels that include client transactions, document sharing, and private conversations must be limited on a need-to-know basis, while allowing easy access for authorised users.
8 Future-proof Modular Architecture
Relying on modular architecture to integrate new technologies as they emerge to provide future protections while minimising service disruptions.
The storm isn’t coming: It’s here
The financial sector has reached a decisive moment. AI-driven fraud and advanced decryption techniques are no longer distant threats—they are here. Messaging platforms remain one of the easiest entry points for attackers, turning secure communications into an urgent priority rather than a future consideration.
Relying on legacy platforms designed for yesterday’s risk environment is a losing bet. Doing so exposes institutions to regulatory fines, operational disruption, and reputational collapse. By contrast, implementing secure, compliant, and quantum-resilient communication systems not only mitigates risk but also reinforces client trust—arguably a financial services firm’s most valuable asset.
Banking technology executives can get ahead of these threats by working with communication providers to embed next-generation security protocols, enforce granular device and identity controls, and enable proactive archiving of all sensitive interactions. These capabilities are no longer optional; they are the baseline for ensuring that financial institutions remain operational, trusted, and competitive in an environment defined by alarming cyber risks.
Damien Fortune is CEO, SENTRIQS
