Financial giant Morgan Stanley has been fined $200 million for conducting business via “unapproved” WhatsApp use. Citigroup, Goldman Sachs Group and Bank of America have also set aside reserves and have had advanced discussions with the SEC about paying a similar fine for improper mobile-messaging app monitoring for a whopping $1 billion total. All these additional $800 million fines are based on the $200 million JPMorgan Chase yardstick settlement last year. This enforcement makes plain remarks of SEC Chairman Gary Gensler, previously reported, that “registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight.” The Department of Justice for example, counsels companies to implement “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications or otherwise comply with the company’s document retention policies or legal obligations.”
But even more than Gensler’s onslaught, Damian Williams, US attorney for the Southern District of New York told Bloomberg, that financial firms should proactively “…self-report any illegal conduct.” In the JPMorgan settlement, “the bank did admit, among other things, that one manager texted with more than 100 colleagues and dozens of outsiders including clients, racking up more than 2,400 messages over the course of a year. Another set up a WhatsApp group chat and invited 19 other members of the desk to join, where they discussed markets, business and client meetings.”
Probes already disclosed include over 100 trader and banker phones in a largely-WhatsApp texting probe. A recent Archegos Capital Management collapse has seemingly expanded the incriminating evidence focus, which “…cannot only be on written records over emails or social media channels, such as WhatsApp or Telegram, but also on voice communications.” As has been evident throughout this unfolding series of investigations the Commission is conserving its resources—and trying to minimize its invasive searches—by relying on banks and their outside counsel to conduct the reviews.
A recognition of this evidential multi-focus was apparent in the recent Deutsche Bank settlement, wherein the bank has spent billion of dollars developing a technical archiving solution, with a pilot for the 1,750 US client-facing staff that began in late April. Deutsche Bank’s management board 10 members voluntarily agreed to a “75,000 euro ($78,795) cut in compensation to accept responsibility for employee use of third-party messaging applications at the lender.” Critics noted “the cut in 2021 pay is small for Deutsche Bank’s (DBKGn.DE) Chief Executive Officer Christian Sewing, who earned 8.8 million euros last year, a 20% increase from a year earlier.” Across the pond, a number of recent enforcement proceedings and data strategy updates by the UK Financial Conduct Authority attest to continued concern on implementation of business practice systems and control frameworks. Financial penalties are being justified when …”the bank’s policies and procedures were not sufficiently risk-sensitive.”
A key takeaway is that merely having rules and policies in place is not enough. Management has the resources and knowledge to recognize and manage the ever-more fragmented mobile communication compliance. Implementing sufficient internal control to ensure institutional preparadeness and solution robustness remains a critical challenge.
