As someone who currently performs information risk management for a financial institution, I'll say that private messaging doesn't need to be banned per-se. It's just that all company business is the responsibility of the leadership, so ultimately, business communications needed to be reserved for business communication platforms over which leadership can enforce policy. Privacy is a component of this.
These banks needed processes and controls to ensure their requirements are being met: Records of electronic communication, technical security controls to ensure the privacy of protected communication, approved communication mediums/channels for different classifications of information, periodic reviews on the adequacy of these controls, etc.
Sometimes the restriction of things like WhatsApp, Signal, etc. are seen as an affront to individual privacy. That's not what this is about. This is about preventing a lot of dangerous scenarios, like:
1. Employees at your bank do something evil that's also against the law, but because they used Signal/WhatsApp, no records of the communication can be used as evidence in court.
2. The bank has invested millions upon millions into an information security program. Someone decides to use Signal/WhatsApp to share sensitive account numbers. Signal/WhatsApp ends up with a vulnerability that exposes the information, rendering the InfoSec program protections ineffective.
3. Like #2, but the information in WhatsApp/Signal is super important. The employees who kept it there all leave and/or get into fatal accidents. How will that impact the bank?
4. Your manager starts a group chat for the team via text message and conversations about work occur. Turns out someone in the conversation is involved with a scandal. Because you talked about work stuff outside of the approved comms channels, your personal phone can now be taken and used as evidence in a court (even if they can't pull the encrypted messages from it!)
It's just better for everyone to keep work communications in one place that the company has control over, and your personal device/apps totally separate from it.
As someone who currently performs information risk management for a financial institution, I'll say that private messaging doesn't need to be banned per-se. It's just that all company business is the responsibility of the leadership, so ultimately, business communications needed to be reserved for business communication platforms over which leadership can enforce policy. Privacy is a component of this. These banks needed processes and controls to ensure their requirements are being met: Records of electronic communication, technical security controls to ensure the privacy of protected communication, approved communication mediums/channels for different classifications of information, periodic reviews on the adequacy of these controls, etc.
Sometimes the restriction of things like WhatsApp, Signal, etc. are seen as an affront to individual privacy. That's not what this is about. This is about preventing a lot of dangerous scenarios, like:
1. Employees at your bank do something evil that's also against the law, but because they used Signal/WhatsApp, no records of the communication can be used as evidence in court.
2. The bank has invested millions upon millions into an information security program. Someone decides to use Signal/WhatsApp to share sensitive account numbers. Signal/WhatsApp ends up with a vulnerability that exposes the information, rendering the InfoSec program protections ineffective.
3. Like #2, but the information in WhatsApp/Signal is super important. The employees who kept it there all leave and/or get into fatal accidents. How will that impact the bank?
4. Your manager starts a group chat for the team via text message and conversations about work occur. Turns out someone in the conversation is involved with a scandal. Because you talked about work stuff outside of the approved comms channels, your personal phone can now be taken and used as evidence in a court (even if they can't pull the encrypted messages from it!)
It's just better for everyone to keep work communications in one place that the company has control over, and your personal device/apps totally separate from it.