The Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) are taking a stern approach to breaches of off-channel communications rules, issuing substantial fines against major banks and investment firms.
This enforcement trend is expected to continue, with regulators signaling a more lenient stance toward firms that self-report violations and implement remedial measures proactively.
Prominent financial institutions have been hit hard by these penalties due to systemic compliance failures related to monitoring, recording, and retaining employees' business communications. A series of significant fines have been imposed on a global roster of banking giants, including Bank of America/Merrill Lynch ($225 million), Goldman Sachs, Barclays, Citi, Credit Suisse, Deutsche Bank, Morgan Stanley, UBS, JPMorgan Chase ($200 million), Wells Fargo ($200 million), BNP Paribas ($110 million), Société Générale ($110 million), Nomura ($100 million), Jefferies ($80 million), and Bank of Montreal ($60 million).
The SEC and CFTC have made it clear that more enforcement actions are on the horizon. Robinhood Markets and Fifth Third Bancorp have disclosed ongoing investigations into similar violations, suggesting further penalties may be forthcoming.
Gurbir Grewal, SEC Enforcement Director, emphasized the importance of self-reporting, cooperation, and remediation in a press release. He advised firms that adopting this approach would yield better outcomes compared to waiting for regulatory intervention.
CFTC Commissioner Christy Goldsmith Romero echoed the sentiment, stating that Wall Street and foreign banks operating in U.S. markets must proactively halt illegal practices. She called for a change in culture from evasion to compliance within the C-suite of these institutions.
This enforcement campaign was initiated in 2021 when the SEC and CFTC launched a risk-based initiative to investigate off-channel communications on personal devices within regulated entities. The regulators uncovered widespread breaches spanning several years across various roles, from business unit leaders to senior managers and directors.
Although the fined firms had established policies and procedures, these measures were inadequately supervised and monitored for compliance. This lack of adherence to recordkeeping rules hindered regulatory functions and impeded investigations, as exemplified in the case of Wells Fargo, which received and responded to commission subpoenas for documents and records in multiple investigations.
The regulators underscored their willingness to reward self-reporting and proactive remediation, as demonstrated in cases involving Bank of Nova Scotia and HSBC. These institutions faced reduced penalties after self-reporting their lapses and initiating corrective actions.
The SEC and CFTC's enforcement efforts underscore the importance of robust compliance mechanisms to ensure proper monitoring and retention of business communications, and they emphasize that a culture of compliance needs to be instilled at the highest levels of financial organizations.
By fLEXI tEAM