Regulators had already begun to clamp down on the use of unauthorised messaging tools to discuss potentially market-moving matters, but the issue gathered urgency when the pandemic forced more finance staff to work from home in 2020.
Most of the companies caught in communications and record-keeping probes by the U.S. Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have been banks - which have collectively been fined or have set aside more than $1 billion to cover regulatory penalties.
But fund firms with billions of dollars in assets are also increasing their scrutiny of how staff and clients interact.
"It is the hottest topic in the industry right now," said one deals banker, who declined to be named in keeping with his employer's rules on speaking to the media.
Reuters reported last year the SEC was looking into whether Wall Street banks had adequately documented employees' work-related communications, and JPMorgan was fined $200 million in December for "widespread" failures.
German asset manager DWS said last month it had set aside 12 million euros ($12 million) to cover potential U.S. fines linked to investigations into its employees' use of unapproved devices and record-keeping requirements, joining a host of banks making similar provisions, including Bank of America, Morgan Stanley and Credit Suisse.
Sources at several other investment firms - described in the financial community as the 'buy-side' - including Amundi, AXA Investment Management, BNP Paribas Asset Management and JPMorgan Asset Management, told Reuters they have deployed tools to keep all communications between staff and clients compliant.
Spokespeople for the SEC and CFTC declined to comment on whether their investigations could extend beyond the banks, but industry sources expect authorities to cast their nets wider across the finance industry and even into government.
Last month Britain's Information Commissioner's Office (ICO), the country's top data protection watchdog, called for a review of the use of WhatsApp, private emails and other messaging apps by government officials after an investigation found "inadequate data security" during the pandemic.
GOOD BUSINESS FOR SOME
Regulations governing financial institutions have progressively been tightened since the global financial crisis of 2007-9 and companies have long recorded staff communications to and from office phones.
This practice is designed to deter and uncover infringements such as insider trading and "front-running," or trading on information that is not yet public, as well as ensuring best practice in terms of treatment of customers.
But with thousands of finance workers and their clientele still working remotely after decamping from company offices at the start of the pandemic, some sensitive conversations that should be recorded remain at risk of being inadvertently held over informal or unauthorised channels.
Brad Levy, CEO of business messaging software firm Symphony, said concerns on managing that risk had driven a surge in interest for software upgrades that make conversations on popular messenging tools including Meta Platforms' WhatsApp recordable.
"Most believe the breadth of these investigations will go wider as they go deeper," Levy said.
"Many markets participants have retention and surveillance requirements so are likely to take a view, including being more proactive without being a direct target."
He said Symphony's user base has more than doubled since the pandemic to 600,000, spanning 1,000 financial institutions including JPMorgan and Goldman Sachs.
Symphony peer Movius also said its business lines specialising in making WhatsApp and other tools recordable have more than doubled in size in the space of a year, with sales to asset managers a growing component.
"Many on the buy-side have recognised that you can't just rely on SMS and voice calls," said Movius Chief Executive Ananth Siva, adding that the company was also seeking to work with other highly-regulated industries including healthcare.
Movius software integrates third-party communications tools such as email, Zoom, Microsoft Teams and WhatsApp into one system that can be recorded and archived as required, he said.
Amundi, AXA IM, BNPP AM and JPMorgan Asset Management all confirmed they had adopted Symphony software but declined to comment on the full breadth of services they used or when these had been rolled out.
Amundi and AXA IM both confirmed they used Symphony services for team communications, while AXA IM also said they used it for market information.
Amundi, BNPP AM and JP Morgan AM declined to comment on whether they thought regulators would seek to investigate record keeping at asset managers after enforcement actions against the banks were completed.
A spokesperson for BNPP AM said it had banned the use of WhatsApp for client communications due to compliance, legal and risk considerations including General Data Protection Regulation (GDPR).
($1 = 0.9872 euros)
(Additional reporting by Pamela Barbaglia; editing by Barbara Lewis)
By Iain Withers and Sinead Cruise