IM is a form of electronic communication which allows two or more users to immediately transfer text messages and electronic files, such as images, audio, video and textual documents, across a network connection of mobile devices or computer platforms. Examples of major IM tools include WhatsApp and WeChat.
This circular encourages firms to take adequate measures to ensure compliance with the requirements, which include keeping proper records of messages relating to client orders and ensuring they are accessible for monitoring and audit purposes, as well as validating client identities and maintaining adequate safeguards to prevent unauthorised account access and cybersecurity attacks.
This circular encourages firms to take adequate measures to ensure compliance with the requirements, which include keeping proper records of messages relating to client orders and ensuring they are accessible for monitoring and audit purposes, as well as validating client identities and maintaining adequate safeguards to prevent unauthorised account access and cybersecurity attacks.
The key requirements of this circular is centralised record keeping:
- Messages relating to client orders (order messages) and the IM accounts and devices for storing and processing them should be properly maintained and centrally managed to reduce the possibility of error and minimise the risk of record tampering.
- Appropriate arrangements should be in place and sufficient capacity should be available to store and back up order messages in a form which could not be inappropriately modified or erased.
- All order messages should be fully recorded and properly maintained for a period of not less than 2 years (as required by the Keeping of Records Rules).
Generally speaking, the use of WhatsApp or WeChat for receiving client orders is unable to meet the above requirements. Broker firms may have to create their own IM tools. But then would the use of WhatsApp or WeChat be strictly prohibited?
Centralized record keeping is the core concept of para 3.9 of the Code of Conduct. This paragraph restricts, but not prohibits, the use of mobile phone for receiving client orders. In today's IT world, use of mobile phone should include both phone call and phone apps. Therefore, if orders are accepted by IM, the account executive / dealer should immediately call back to their firm's telephone recording system and record the time of receipt and the order details. Mere provision of screen capture of the IM chat history is not acceptable.