Lessons from the FCA: How the UK’s Regulator Is Cracking Down on Unapproved Messaging

The Financial Conduct Authority (FCA), the UK’s chief financial regulator, has made it clear: firms must get serious about communication compliance. Following a string of global enforcement actions led by U.S. regulators, the FCA is now taking a more aggressive stance on unapproved messaging platforms like WhatsApp, iMessage, and Signal. In regulated industries—particularly financial services—the message is loud and clear: if it’s a business conversation, it must be recorded, regardless of platform or device.

The FCA’s concerns aren’t hypothetical. In 2023, multiple UK-based firms came under scrutiny after evidence surfaced of traders and brokers using encrypted consumer messaging apps to discuss sensitive deal terms, pricing strategies, and client interactions. In many cases, these conversations occurred on personal devices and were completely inaccessible to the firms’ compliance systems. This failure to capture and archive business communications not only violates FCA rules—it also undermines the transparency and auditability essential to fair and orderly markets.

🧾 FCA Handbook Reference: Under the SYSC 10A and COBS 11.8 sections of the FCA handbook, firms are obligated to record and retain all electronic communications related to client orders and transactions. These rules apply across all devices and platforms, not just email or recorded phone lines.

In response, the FCA issued updated guidance in mid-2023 that explicitly reminded firms of their obligations around recordkeeping, monitoring, and enforceable communication policies. The regulator made it clear that ignorance or lack of technological capability would no longer be an acceptable excuse. Several firms were issued formal warnings and required to conduct internal reviews, rewrite policies, and present clear remediation plans. Some were forced to revisit their BYOD strategies, opting instead to issue work-specific devices with restricted app access and pre-installed compliant communication tools like Symphony, Microsoft Teams, or Bloomberg Chat.

📉 Stat Insight: A survey by Bovill in late 2023 found that 41% of UK financial firms had still not implemented mobile recording capabilities across all business devices, despite increasing FCA pressure.

Unlike their U.S. counterparts, who have issued billions in fines, the FCA has so far focused more on corrective action than punitive enforcement—but that window may be closing. Sources close to the regulator suggest that enforcement actions are already ramping up behind the scenes, with penalties likely to escalate in 2025. The agency has also signaled that future audits will closely examine executive-level communication practices, not just frontline staff. That means leaders are now expected to model compliant behavior, or risk personal accountability.

The broader lesson from the FCA’s posture is this: personal messaging apps are no longer viewed as harmless conveniences—they’re treated as active compliance liabilities. As the digital workplace continues to evolve, regulated firms must respond with updated policies, real-time capture tools, and a proactive compliance culture. The days of informal exceptions, off-the-record deal chats, and “just this once” text messages are over. Firms that fail to adapt risk more than just regulatory action—they risk losing client trust, damaging reputations, and facing operational instability when key conversations disappear into unsearchable digital channels.