top of page

In the $1.8 billion crackdown on messaging apps, compliance problems were brought to light.

11 banks, investment firms, and their affiliates will pay a combined total of more than $1.8 billion in fines for "widespread and longstanding failures" in monitoring, maintaining, and preserving electronic communications by employees as part of an enforcement sweep against off-channel electronic communications at financial institutions that regulators had warned would occur.

The Securities and Exchange Commission (SEC) penalized the companies a total of more than $1.1 billion, while the Commodity Futures Trading Commission (CFTC) imposed further penalties on Tuesday totaling $711 million. The authorities came to the conclusion that from 2018 to 21 the businesses did not effectively control staff off-channel communications.

The two agencies specifically discovered a pattern of off-channel electronic conversations between corporate personnel about work-related matters using personal mobile phones, messaging applications like WhatsApp, and other channels. As required by the SEC and CFTC's recordkeeping, books and records, and supervisory requirements for market participants, these messages were not collected, documented, and maintained by the businesses.

The authorities said that the cheating was widespread and involved senior management at the businesses who were in charge of upholding the law.

In December 2021, the SEC and CFTC launched their enforcement campaign against off-channel communications, fining JPMorgan Chase a total of $200 million. The regulatory authorities cited JPMorgan for failing to keep track of conversations on commodities, swaps, and securities business matters that took place on bank employees' personal devices.

Through public comments and regulatory filings since the JPMorgan enforcement action, authorities and the impacted companies have hinted that more penalties are on the way.

The following were among the penalties imposed by the authorities:

1. Bank of America will pay a total of $225 million ($125 million to the SEC and $100 million to the CFTC), together with BofA Securities, Merrill Lynch, Pierce, Fenner & Smith, and BofA Securities.

2. $200 million will be paid by Barclays Bank and Barclays Capital ($125 million to the SEC and $75 million to the CFTC).

3. $200 million will be paid by Citibank, Citigroup Energy, and Citigroup Global Markets ($125 million to the SEC and $75 million to the CFTC).

4. A $200 million payment will be made by Credit Suisse, Credit Suisse International, and Credit Suisse Securities (USA) ($125 million to the SEC and $75 million to the CFTC).

5. A $200 million payment will be made by Deutsche Bank and its affiliates DWS Distributors, DWS Investment Management Americas, and Deutsche Bank Securities ($125 million to the SEC and $75 million to the CFTC).

6. $200 million will be paid by Goldman Sachs & Co. ($125 million to the SEC and $75 million to the CFTC).

7. Morgan Stanley & Co. will pay $200 million ($125 million to the SEC and $75 million to the CFTC), including affiliates Morgan Stanley Smith Barney, Morgan Stanley Capital Services, Morgan Stanley Capital Group, and Morgan Stanley Bank.

8. $200 million will be paid by UBS and its affiliates UBS Financial Services and UBS Securities ($125 million to the SEC and $75 million to the CFTC).

9. Nomura will pay $100 million ($50 million to the SEC and $50 million to the CFTC), including affiliates Nomura Global Financial Products, Nomura Securities International, and Nomura International PLC.

10. Jefferies will pay $80 million ($50 million to the SEC and $30 million to the CFTC) in fines.

11. Cantor Fitzgerald will make a $16 million payment (10 million to the SEC and six million to the CFTC).

Except for two companies, all companies acknowledged to the SEC's claims of wrongdoing and the CFTC's complete charges. Several particular CFTC conclusions were neither acknowledged or refuted by Bank of America or Nomura.

Each of the companies received a cease-and-desist order and a censure in addition to the monetary fines for their breaches of the pertinent recordkeeping laws.

"Finance, ultimately, depends on trust. By failing to honor their recordkeeping and books-and-records obligations, the market participants we have charged today have failed to maintain that trust,” said SEC Chair Gary Gensler in a press release. He added it’s important registrants “appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications," he continued.

"The Commission’s recordkeeping and supervision requirements ensure the safety and integrity of the U.S. derivatives markets and protect customers and market participants," said CFTC Chairman Rostin Behnam. The CFTC will "vvigorously pursue registrants who fail to comply with their core regulatory obligations and hold them accountable," he continued.

According to the SEC's decision, Bank of America supervisors who were meant to be in charge of preventing wrongdoing among younger workers were frequently speaking on off-channel devices themselves. Nearly all of the approximately 30 broker-dealers whose personal devices were sampled were found to have participated in off-channel discussions to some extent.

The Securities and Exchange Commission (SEC) reported finding "tens of thousands of messages" from Bank of America employees on personal devices, in messaging apps, and in other unauthorized electronic formats. These messages related to the bank's and its subsidiaries' "securities business, including investment strategy; discussions of customer meetings; and communications about market color, analysis, activity trends, or events." The SEC said that a managing director at Bank of America exchanged thousands of off-channel conversations with associates, customers, and staff members at other financial services companies. When authorities requested these messages, the bank did not properly record, store, and produce them.

Similar problems were discovered at other punished companies. According to the SEC's ruling, a senior investment banker at Goldman Sachs "sent and received tens of thousands of off-channel text messages." At Deutsche Bank, investigators discovered "voluminous" off-channel messages, including hundreds sent and received by top management. A "significant number of managing directors, executive directors, trading desk heads, and industry group heads participated in off-channel communications" at Morgan Stanley, according to investigators.

In order to assess their supervisory, compliance, and other policies and processes pertaining to the monitoring, recording, and storage of electronic communications by bank personnel, the SEC ordered all sanctioned businesses to engage a compliance consultant. The consultant is also required to assess all relevant technical, supervisory, and educational measures as well as the framework for handling rules violations pertaining to the monitoring, recording, and archiving of electronic messages used for bank operations.

The compliance consultant will be employed for a two-year term and is required to provide the SEC with a progress report after the first year.

Each bank's internal audit team is required to independently evaluate how well each company is doing in these areas.

Within ten days of imposing penalty on an employee found to have broken electronic communications policies and procedures, all companies are required to disclose the incident to the SEC.

Each bank was required by the CFTC to perform a thorough examination of its supervisory, compliance, and other policies and practices to make sure that it complies with all of the CFTC's rules regarding the recording and storage of electronic conversations.



bottom of page