Investment banks in UK take risks with Instant Messaging

The results show that around half of the UK investment community admit that use of IM networks are widespread within their organisations and, according to the report, that important transactions are being made via free IM networks such as AOL, MSN and Yahoo!

The survey, conducted in June this year, questioned the IT departments in 50 leading UK corporate and investment banks on the use of IM technologies. The responses show that IM is widely used but poorly controlled among leading institutions.

Nearly 50% of all respondents were sure that their employees were using IM. Only 10% did not know for certain, because IM is available for free on the internet and easily downloadable.

Two of the most commonly used IM networks - MSN and Yahoo! - are public, a fact which is worrying when 60% of the companies surveyed admitted that traders and brokers are the main users of IM.

"Headline financial transactions are being done effectively 'in the wild' - in the same breath as comments on Big Brother or the latest Chelsea signing and with tools that are free on the internet," said Glyn Baker, UK Director of Business Development at FaceTime.

He went on, "Unregulated conversations are harmless fun for your average consumer, but not in a high profile, high value industry with strict corporate governance standards."

The 'real-time' nature of IM makes it the perfect tool for traders to exchange information in small informal networks which can span continents and time-zones, but the research shows that policies on managing and tracking these communications have not been implemented in the same way as for e-mail or other forms of interaction.

In the US, financial institutions are required by law to audit and track all electronic messages, explicitly including IM. Bodies such as the Securities and Exchange Commission (SEC), National Association of Securities Dealers (NASD), and legislation such as the Sarbanes-Oxley Act (SOA) are all increasing the regulatory burden on financial institutions.

In the UK, the Financial Services Authority (FSA) is less prescriptive but companies need to be sure IM isn't being used as a conduit to break other regulations or policies.

"Instant Messaging has developed into a serious business application within the financial community which is now used alongside the phone and e-mail for front-office communications," said Graham Opie, director at Vanson Bourne Research. "Monitoring of e-mail is now corporate policy for most institutions but regulatory pressure does not yet seem to have extended to IM conversations that happen on free, public networks."

The problem is set to grow. According to the research, 77% of companies believe that IM will replace the use of e-mail in some cases.

IM also encourages personal communications within a work setting. The research shows that half of businesses that have IM concede that business and personal usage are intertwined.

"This new type of techno-social behaviour can be remarkably productive, but institutions must ensure they have controls in place that keep IM in line with compliance and other corporate requirements" said Glyn Baker.

Indeed, controls are vital from a security point of view as IM provides an unsecured opening to the internet for virus infection, the leaking of confidential information and liability for defamation.

But, according to the report, only 36% of firms have a company policy to restrict IM. Twenty-seven percent of companies tolerate it and 18% encourage it. One in five companies have no policy at all.

Some institutions have chosen to ban IM completely rather than manage its use. However, even amongst those companies that disallow IM as corporate policy, only 1 in 3 has specific technical blocks in place. Forty percent of these companies admit that instances of IM usage have already been uncovered or could be happening at the moment.

"Simply banning IM usage is not the answer," added Glyn Baker. "IM is a great personal productivity tool that has some clear business advantages. It's better to let people use this technology to do their jobs but have the right controls in place just like we do for e-mail and telephone calls."