The results show that around half of the UK investment community
admit that use of IM networks are widespread within their
organisations and, according to the report, that important
transactions are being made via free IM networks such as AOL, MSN
and Yahoo!
The survey, conducted in June this year, questioned the IT
departments in 50 leading UK corporate and investment banks on the
use of IM technologies. The responses show that IM is widely used
but poorly controlled among leading institutions.
Nearly 50% of all respondents were sure that their employees
were using IM. Only 10% did not know for certain, because IM is
available for free on the internet and easily downloadable.
Two of the most commonly used IM networks - MSN and Yahoo! - are
public, a fact which is worrying when 60% of the companies surveyed
admitted that traders and brokers are the main users of IM.
"Headline financial transactions are being done effectively 'in
the wild' - in the same breath as comments on Big Brother or the
latest Chelsea signing and with tools that are free on the
internet," said Glyn Baker, UK Director of Business Development at
FaceTime.
He went on, "Unregulated conversations are harmless fun for your
average consumer, but not in a high profile, high value industry
with strict corporate governance standards."
The 'real-time' nature of IM makes it the perfect tool for
traders to exchange information in small informal networks which
can span continents and time-zones, but the research shows that
policies on managing and tracking these communications have not
been implemented in the same way as for e-mail or other forms of
interaction.
In the US, financial institutions are required by law to audit
and track all electronic messages, explicitly including IM. Bodies
such as the Securities and Exchange Commission (SEC), National
Association of Securities Dealers (NASD), and legislation such as
the Sarbanes-Oxley Act (SOA) are all increasing the regulatory
burden on financial institutions.
In the UK, the Financial Services Authority (FSA) is less
prescriptive but companies need to be sure IM isn't being used as a
conduit to break other regulations or policies.
"Instant Messaging has developed into a serious business
application within the financial community which is now used
alongside the phone and e-mail for front-office communications,"
said Graham Opie, director at Vanson Bourne Research. "Monitoring
of e-mail is now corporate policy for most institutions but
regulatory pressure does not yet seem to have extended to IM
conversations that happen on free, public networks."
The problem is set to grow. According to the research, 77% of
companies believe that IM will replace the use of e-mail in some
cases.
IM also encourages personal communications within a work
setting. The research shows that half of businesses that have IM
concede that business and personal usage are intertwined.
"This new type of techno-social behaviour can be remarkably
productive, but institutions must ensure they have controls in
place that keep IM in line with compliance and other corporate
requirements" said Glyn Baker.
Indeed, controls are vital from a security point of view as IM
provides an unsecured opening to the internet for virus infection,
the leaking of confidential information and liability for
defamation.
But, according to the report, only 36% of firms have a company
policy to restrict IM. Twenty-seven percent of companies tolerate
it and 18% encourage it. One in five companies have no policy at
all.
Some institutions have chosen to ban IM completely rather than
manage its use. However, even amongst those companies that disallow
IM as corporate policy, only 1 in 3 has specific technical blocks
in place. Forty percent of these companies admit that instances of
IM usage have already been uncovered or could be happening at the
moment.
"Simply banning IM usage is not the answer," added Glyn Baker.
"IM is a great personal productivity tool that has some clear
business advantages. It's better to let people use this technology
to do their jobs but have the right controls in place just like we
do for e-mail and telephone calls."
