Recently announced unprecedentedly large communication archiving compliance reserve set-asides, settlements and fines have upset the regulated banking and finance communities. Uncertainty of future regulator intent is motivating urgent behavioral change by firms and their bank employees.
According to the Wall Street Journal, in addition to the known $200 million set-asides by Bank of America Corp. Citigroup Inc., Goldman Sachs Group Inc., Morgan Stanley and JPMorgan (settled), additional banks to pay the same fine include: Barclays PLC, Deutsche Bank AG, and UBS Group AG. Jefferies Financial Group Inc. and Nomura Holdings Inc. are nearing settlements with regulators but will pay lower fines, reflecting their smaller size. As reported, these fines are being levied on the admitted unauthorized employee use of WhatsApp and other personal messaging apps.
Many smaller firms are also provisioning reserves. German asset manager DWS said last month it had set aside 12 million euros ($12 million) to cover potential U.S. fines linked to investigations into its employees’ use of unapproved devices and record-keeping requirements. Sources at several other investment firms – described in the financial community as the ‘buy-side’ – including Amundi, AXA Investment Management, and BNP Paribas Asset Management, told Reuters they have deployed tools to keep all communications between staff and clients compliant.
Firms are also being forced to dismiss traders and senior managers for violating communications policy.
September Fiscal Year Closing
The Securities and Exchange Commission and the Commodity Futures Trading Commission plan to announce the deals with the banks by Sept. 30, the end of the government’s current fiscal year. That would put the penalties in the government’s annual enforcement statistics according to the WSJ. Traders and brokers aren’t supposed to use unarchived personal apps to conduct the firm’s business. The practice became more common—and harder to detect—during the early stages of the pandemic, when employees switched to working entirely from home.
In the precedent-setting JPMorgan settlement, the breakdown in record-keeping diligence was “firm-wide, and involved employees at all levels of authority,” according to the SEC. Even though the bank’s policies prohibited the use of WhatsApp for business, regulators identified over 100 bank employees sending messages that weren’t properly retained, the Journal reported. Separately, Barclays said in a securities filing that regulators found its business units “failed to comply with their respective record keeping and supervisory obligations, where such communications were sent or received by employees over electronic messaging channels that had not been approved by the bank for business use by employees.”
Key Conversations Beyond the Government’s Reach
“Investigators at the SEC and CFTC were repeatedly hindered by firms not archiving communications as required, like WhatsApp call recording, according to people familiar with the matter,” as reported by Bloomberg. The watchdogs worried that missives on bankers’ personal phones about cutting deals, trading and courting clients were being completely lost and would ultimately make it harder to look for wrongdoing. At the SEC, separate probes revealed a troubling dynamic: key conversations across finance were happening beyond the government’s reach, according to one of the people. At the CFTC, similar concerns grew as officials probed whether banks were manipulating the interest rates swaps market and they found that many communications were happening outside of official channels, with no text message archive or text message monitoring.
With enormous sums at stake financial firms are deeply concerned. “It is the hottest topic in the industry right now,” noted several industry insiders, describing the use of personal communications channels across the broader financial industry. The SEC and the Financial Industry Regulatory Authority (FINRA), Wall Street’s self-regulatory body, requires that broker-dealers keep records of all business-related communications.
The WSJ noted in conclusion that the SEC’s push for big fines has irked many defense lawyers and legal executives at the banks, according to people familiar with the negotiations. That’s because the investigations don’t allege any fraud or harm to clients. SEC officials have said the practice of using personal-messaging apps was improper and undermined their ability to conduct investigations. At the CFTC, similar concerns grew as officials probed whether banks were manipulating the interest rates swaps market and they found that many communications were happening outside of official channels, people said. In the JPMorgan settlement, the SEC said “the bank didn’t always search the personal devices of its employees when it responded to subpoenas and other requests for information.” The concern has reached the employee level, with one post on WallStreetOasis, a popular online forum for bankers, recently asking: “Can you get fired for using Whatsapp to communicate with colleagues?”
Sticker Shock
“There is some sticker shock,” Howard Fischer, partner at law firm Moses Singer and former senior SEC trial attorney, said of the fines, as quoted in Bloomberg. “They’re basically as large as they can go, while both representing a great headline for the enforcement agencies without actually threatening the continuation of anyone’s business,” he added. These fines dwarf the $15 million Morgan Stanley agreed in 2006 after being accused of similar lapses.
SEC Enforcement Director Gurbir Grewal has long said that past punishments hadn’t gotten banks to take WhatsApp recordkeeping seriously enough, according to people familiar with the conversation. The JPMorgan irregularities included “records preservation requirements applicable to broker-dealer firms, swap dealers and futures commission merchants,” according to the bank’s 2021 annual report.
In a larger context, Mr. Gensler is pursuing what lawyers and former regulators say is the SEC’s most aggressive agenda in decades, an effort that could upend established and lucrative business models, noted the WSJ. And using the threat of severe financial punishments is one of the most effective methods of control that regulators have.
And the finance industry may not be the last battleground in this enforcement crackdown. Last month Britain’s Information Commissioner’s Office (ICO), the country’s top data protection watchdog, called for a review of the use of WhatsApp, private emails and other messaging apps by government officials after an investigation found “inadequate data security” during the pandemic.
