.png)
.png)
The aftermath of the sweeping regulatory crackdown on banks and financial services firms for off-channel business communications continues to send shockwaves through the industry.
The Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) joined forces to impose substantial fines amounting to $2 billion on a dozen of the world's largest financial institutions between December 2021 and September 2022. Major players such as JPMorgan Chase, Goldman Sachs, Citi, Bank of America, Barclays, Credit Suisse, Deutsche Bank, Morgan Stanley, and UBS were among those penalized for "widespread and longstanding failures" in handling electronic communications by their employees.
Adding to the aftershock from this crackdown, stockholder lawsuits have now emerged. Recently, a stockholder filed a lawsuit against Bank of America and its board of directors in the U.S. District Court for the District of New Jersey, citing material damage resulting from the $225 million in penalties levied against the bank. The lawsuit accuses the bank and its board of failing in their fiduciary duties to implement and maintain an effective internal control system to detect and address violations of laws and regulations.
A similar action was taken against JPMorgan Chase by its shareholders in March 2022, as reported by Law360, suggesting that the issue extends beyond individual banks and may indicate a broader industry problem.
Doug Wilbert, managing director at consulting firm Protiviti, warns that this issue is not limited to banks, cautioning that any entity regulated by the SEC and CFTC should remain vigilant. "This issue is not ending with the banks—they are just the beginning. Any entity that is regulated by the SEC and CFTC should be on notice," he emphasized.
The challenges of the pandemic have further complicated matters, with remote work making it difficult for firms to effectively monitor and capture employee communications.
"Employees working from home has made it more challenging for firms to capture communications," explained John McDermott, director at Protiviti. "It's like trying to put the rabbit back into the hat."
Experts stress that addressing this compliance issue goes beyond merely establishing policies and procedures. The tone set by senior-level bank managers is crucial, particularly considering the regulators found them to be regular users of off-channel communications for business purposes.
"Financial institutions should recognize the use of unauthorized electronic communications is not an issue that can be solved but instead should be mitigated," advised McDermott.
To bolster compliance efforts, companies must implement employee communication surveillance, require regular certifications of compliance, and enforce penalties for violations.
In response to the regulatory penalties, some firms have taken a more stringent approach. For instance, Morgan Stanley reportedly fined senior-level workers up to $1 million for unauthorized use of personal electronic devices. Deutsche Bank and Barclays also imposed penalties by docking bonuses and pay for uncooperative employees.
John McDermott emphasized that traditional in-person off-channel communications rarely left a record, but the digital nature of communications today leaves a traceable trail.
Firms are now grappling with the ongoing regulatory investigations, with other financial institutions, including Wells Fargo, Société Générale, Robinhood, and Fifth Third Bancorp, revealing that they too are facing probes into record-keeping issues.
As the financial industry stands at a critical juncture, proactive measures to mitigate unauthorized electronic communications are paramount to avoiding further legal ramifications and protecting their reputation. The need for robust internal control systems and stringent compliance measures is now more apparent than ever.
By fLEXI tEAM