Print Article

The JFSC remind Businesses about personal devices and social media risks


Today [9 June 2021], the JFSC has reminded businesses to be vigilant when using personal devices and social media

  1. These risks include:
    • The misuse of personal devices, such as sharing confidential information via social media and other messaging apps.
  2. Businesses must:
    • Have appropriate safeguards in places such as policies and procedures to ensure staff are using these channels appropriately and to meet record-keeping requirements under the Codes of Practice.
Examples of good practice include:
  1. Training for employees on induction, at regular intervals and on a change/update to the policies and procedures
  2. Consistent compliance with the policies and procedures demonstrated by directors and senior management
  3. Disciplinary action taken against breaches
  4. A culture of separation between business activities and social communications
  5. And users should be minimising the use of colloquial language and/or emojis in communications relating to business activities.
For more information on best practice,
  1. The JFSC refer to its feedback from the 2020 Supervisory Risk Examinations published on 25 May 2021.
In particular, FEEDBACK [NO 8] USE OF TECHNOLOGY – where the JFSC SAY
  1. The JFSC SAY
    • Registered persons contemplating the use of communication methods such as Zoom, Teams, Messenger or WhatsApp in their financial services businesses should carefully consider and document the risks and establish effective systems and controls (including policies and procedures) to manage those risks and ensure ongoing compliance with the regulatory framework
  2. However, the JFSC officers identified several FAILS where Registered Persons were using such tools as WhatsApp, Zoom and Messenger for client communications – the FAILS included
    • Systems and controls (including policies and procedures) concerning the use of the applications by employees had not been established or were ineffective.
    • In addition, policies and procedures did not enable the Registered Persons to demonstrate that record-keeping arrangements were in full compliance with the regulatory framework.
    • Client consent not obtained for using/recording video calls.
  1. Inappropriate use of technology to carry on financial services business may expose consumers of those services to heightened or unacceptable levels of risk.
  2. In addition, ineffective or incomplete business records relating to a Registered Person’s interaction with its clients may result in the Registered Person being unable to demonstrate that it has acted with the highest regard for the interests of its clients.


The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email