top of page

Morgan Stanley and the unauthorized electronic message issue come to a $200 million agreement

In order to resolve allegations that some of its employees used messaging services that were not authorized by the financial services company, Morgan Stanley and two US regulators have reached agreements in principle worth a combined $200 million.

Morgan Stanley said it reached a $125 million settlement with the Securities and Exchange Commission (SEC) and will pay an additional $75 million to the Commodity Futures Trading Commission (CFTC) "to resolve record-keeping related investigations by those agencies relating to business communications on messaging platforms that had not been approved by the firm," according to a regulatory filing on Friday.

The upcoming enforcement action comes after a related case involving JPMorgan Chase that was made public in December. In that case, the SEC and CFTC fined the bank a total of $200 million for failing to keep records of communications on securities, commodities, and swaps business matters made on bank employees' personal devices. The regulators came to the conclusion that the practice persisted for a number of years and was common among all ranks of employees, including senior employees.

During the pandemic, when many employees worked from home, U.S. regulators have increased their scrutiny of bankers' electronic communications, including emails, text messages, messaging apps, and more. All work-related electronic communications made by employees are to be monitored by banks and other financial institutions, collected, and stored, and made available for review by their compliance team and, if necessary, regulators.

Banks and other financial institutions have been penalized by regulators for failing to keep track of all employee electronic communications.

A $200 million reserve has been made by Bank of America in anticipation of an enforcement action involving unauthorized use of personal devices, the company disclosed in July. Similar disclosures have been made by a number of European banks, including Barclays, Credit Suisse, and Deutsche Bank.

Regarding maintaining electronic communications for broker-dealers and investment advisers, the SEC has released a number of risk alerts, including 2018 guidance from its Division of Examinations (then the Office of Compliance Inspections and Examinations). An effective risk and compliance program has historically included maintenance and recordkeeping as a crucial, if perhaps underappreciated, component.

The SEC has taken other enforcement actions in the past involving improper electronic communication collection and storage, including a $100,000 fine in September 2020 against broker-dealer JonesTrading Institutional Services for failing to keep track of work-related text messages sent on personnel devices.



bottom of page