Could WhatsApp help rogue traders go underground?
Dirty jokes and "not safe for work" GIFs. Snaps of unsuspecting colleagues on the trading floor. Screenshots of confidential client positions.
All that - and, on occasion, even legally dubious information - is increasingly being trafficked over the new private lines of Wall Street: encrypted messaging services like WhatsApp and Signal. Many are embracing these apps as an easy, virtually untraceable way to circumvent compliance rules.
It is happening despite industry efforts to crack down on unmonitored communications, according to employees at more than a dozen of Wall Street's most recognisable firms.
Just this week, a former Jefferies Group banker was fined in the UK for sharing confidential data on WhatsApp.
The use of such apps is also raising concerns that it could enable reckless behaviour that is all but impossible to police.
"You're really able to operate outside of the bank," said William McGovern, a former Securities and Exchange Commission (SEC) branch chief and senior lawyer at Morgan Stanley, who now works at law firm Kobre & Kim. "The ground is shifting under everyone."
The rules are clear. Financial firms need to keep records of all written business communications, according to the SEC and the Financial Industry Regulatory Authority. Asset managers are bound by similar regulations. Representatives for Wall Street banks say they have policies in place to prevent unmonitored communications and unauthorised access to confidential information.
They check emails and chats on company devices, restrict personal phones and messaging services on trading floors and require employees to sign agreements prohibiting unmonitored communications for work. In January, Deutsche Bank banned text messages and apps such as WhatsApp and Apple's iMessage on company phones.
The nearly two dozen employees who spoke off the record with Bloomberg say those policies are routinely ignored.
In December, Navnoor Kang, a money manager responsible for $50bn of New York State's pension fund investments, was indicted for accepting $180,000 of bribes from two bond salesmen, including a $17,400 watch, prostitutes and cocaine, in return for business that generated millions in commissions.
According to the indictment, Mr Kang and salesman Gregg Schonhorn used WhatsApp "in an effort to keep their communications from being monitored by law enforcement". Mr Kang pleaded not guilty in January.
To some, the surprise wasn't just the alleged crime, but the failure to delete apparently incriminating WhatsApp messages. If they had, compliance experts say authorities would have less to go on because WhatsApp itself doesn't store users' encrypted messages.
For sensitive conversations, employees say they still prefer calling on mobile phones they know are not monitored, even though there is a possibility the records could be subpoenaed.
Regardless, firms are getting better at spotting the signs when an employee wants to go rogue, says Jack Rader, a managing director at ACA Compliance Group. Banks have taken a page from prosecutors and implemented software to flag phrases such as "check your phone", "sent you a text", "take this offline" or "call my cell".
Technology can only go so far in keeping firms on the right side of the law. When Mr Rader talks about compliance, he sometimes encounters pushback from heads of sales and trading desks, especially because profits are at stake.
That raises a host of questions, according to Erik Gordon, a professor at the University of Michigan's business school.
"Are firms really doing what's reasonable in trying to stop this?" he said. "Or are they sort of wink-winking?"