The US Securities and Exchange Commission has blocked third-party messaging apps and texts from employees’ work mobile phones, bringing its own practices closer to the standards it’s enforcing for the industry.

The SEC’s decision to block disappearing-messaging apps will help the agency improve its own record-keeping and address security vulnerabilities after one of its social-media accounts was compromised earlier this year. It follows about US$3 billion in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta Platforms Inc’s WhatsApp.

The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff’s communications on agency-issued phones.

The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts “to lower risk that our systems could be compromised and to enhance recordkeeping,” an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.

Financial firms are required to monitor and save communications involving their businesses to head off improper conduct. When they don’t, agencies say it’s significantly harder to investigate wrongdoing. The regulatory scrutiny has been a boon to software and compliance providers pitching solutions to capture the ephemeral communications.

The Commodity Futures Trading Commission is considering whether to follow suit, according to a person familiar with the matter. A CFTC spokesperson didn’t respond to a request for comment.

The SEC’s cybersecurity practices have come under scrutiny in recent months. In January, the regulator’s X account was compromised via a staffer’s agency-issued phone, which resulted in a fake post claiming that the watchdog had approved plans for a long-awaited spot-bitcoin exchange-traded fund.

That inaccurate post fueled a brief surge in the price of the world’s biggest cryptocurrency. The SEC quickly regained control of the account and deleted the post. The incident underscored how even a regulator with an assertive stance on cybersecurity requirements isn’t immune.

  - Bloomberg