SYSC 10A.1.7 R 03/01/2018
A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy.
[Note: article 16(7) of MiFID, eighth subparagraph]
So unless you can control your users personal device and explicitly turn off or block WhatsApp, Facetime, iMessage, SnapChat, Instagram, Facebook, LinkedIn, Twitter, Slack, HipChat, o365 Teams, personal email, text messaging, etc, etc, and also perform web blocking so users can’t access the browser based versions, the only thing you can do is have a policy stating smart & mobile phones are banned.
This is a pretty major headache in these days of BYOD. Seems regulated firms will have to up their game in terms of device control and I don’t see how any IT department is actually going to turn off their bosses iMessage & FaceTime however much the regulations say they should.
I wonder if the FCA have thought through the actual implications of this rule or if it will be more honored in the breach rather than the observance by firms?