Personal platform misuse in the workplace

Pooja Dasgupta, associate, and Eleanor Rowswell, partner, at Farrer & Co highlights the risks that comes with the use of communication platforms in the workplace.

Personal communication platforms, such as WhatsApp, are being increasingly used at work as a means of offering a responsive level of client service and allowing for fast communication between colleagues.

However, using these types of personal platforms on a day-to-day basis can blur the lines between professional and personal lives, and it can expose employees and employers to legal, regulatory, and reputational risks.  Risks to health and wellbeing may also arise as employees find themselves feeling pressured to be available to clients at all hours.

Furthermore, should those who work in the insurance sector, where there is currently an increased regulatory focus on non-financial misconduct, be concerned about whether their private messages or social media content could lead to regulatory consequences?

Legal risks

Employees may be unaware that messages they consider to be private may be disclosable in legal proceedings.  For example, a Scottish court decision in 2019 found that private WhatsApp messages between police officers were disclosable in misconduct proceedings, because it was held that individuals who are subject to professional standards, such as police officers, solicitors, and doctors have a limited right to privacy.  An analogy could be potentially drawn with financial services workers operating in a regulated sector.

Generally, where personal platforms are used in connection with work, for example work group chats, discussing professional duties or work matters with colleagues, discussing other employees, or exchanging messages with or about clients, there is a high risk that these messages may be disclosable in legal proceedings and sometimes, in high profile and/or public interest cases, leaked to the press.

Rules for financial services firms: Non-financial misconduct

Since 2018, the FCA has taken the stance that “non-financial misconduct is misconduct”. In practice, however, things have not been quite as simple. There is currently limited explanation in the FCA’s rules as to what constitutes non-financial misconduct, leaving firms to make difficult judgment calls when certifying an individual as being fit and proper.

This has been a matter of concern for FCA-regulated firms (especially those without established HR teams) in seeking to apply an approach that is consistent across their industry, particularly in respect of the interplay between an employee’s personal and professional lives, which can be fraught with risk; for example, in the context of personal/private content posted on social media platforms.

Following consultations in 2023, the PRA and FCA are expected to publish new rules in the second half of 2024 establishing a new regulatory framework on diversity and inclusion. The new rules are expected to clarify that an individual’s conduct outside work will be relevant to assessments of fitness and propriety. The regulators are proposing to amend the FCA Handbook so that incidences of bullying, sexual harassment, and discrimination will be relevant to fitness and propriety and ought to be disclosed in regulatory references. Once the new rules are in place, firms will need to consider whether inappropriate social media communications should be the subject of a regulatory reference.

In the meantime, the FCA is gathering information in the wholesale markets as to the extent of non-financial misconduct, and what firms are doing about it. In its request for information sent to Lloyds Managing Agents and Intermediaries in February, the FCA specified that non-financial misconduct can include bullying, sexual harassment and discrimination whether in or outside the workplace. These could include social situations relating to work, but they do not include private events organised by members of staff among themselves with no connection to work.

Practical steps for employers

Employers should implement and maintain clear rules around use of their electronic communication systems, including indicating that the company’s communication systems should be used in strong preference to any other systems.

It is common practice for employers to issue work devices in order to be able to review and monitor how these devices (and communication platforms) are being utilised. However, the reality is that many clients are introduced to employees via personal networks, so personal devices and accounts are also used alongside these.

Employers should therefore have policies with clear rules and guidelines in place which set out:

  1. acceptable use of personal platforms within the workplace, including a clear reminder of the confidentiality obligations to which an employee is subject and should be mindful of when using such platforms;
  2. what constitutes “misuse” of a personal platform;
  3. consequences of misuse, including making it clear that any communication via personal platforms should be subject to the employer’s permission and is potentially subject to disclosure.

Further, given the FCA’s present focus on non-financial misconduct, regulated firms would be well advised to incorporate a general requirement into their IT usage, online security and social media policies stating that any (exceptional) use of private messaging platforms for business purposes must at all times be subject to relevant regulatory duties.