Messaging App Compliance in Regulated Industries: Lessons from Recent Enforcement Actions

Thomas Fox - Compliance Evangelist

Thomas Fox - Compliance Evangelist


In recent years, regulated industries, particularly broker dealer firms like Wells Fargo and Morgan Stanley, have faced increased scrutiny from regulatory bodies due to their lack of compliance in policing messaging apps. The Securities and Exchange Commission (SEC) recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts set forth in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the Commodity Futures Trading Commission (CFTC) ordered four financial institutions to pay a total of $260 million for recordkeeping and supervision failures for widespread use of unapproved communication methods.

What is even more troubling is the involvement of senior managers in these misconducts, leading the SEC to require an independent compliance consultant in multiple settlements. This highlights the significance of overall corporate culture and the need for stricter compliance measures. Matt Kelly and I recently explored these enforcement actions,  the reforms that companies must implement, the role of consultants in reviewing these reforms, and the potential risks and consequences of using messaging apps for business purposes in a Compliance into the Weeds podcast.

The focus of reforms in regulated industries lies in policies and procedures, messaging policies, and employee training. It is crucial for companies to establish clear messaging policies that outline the acceptable use of communication channels and the importance of record-keeping obligations. Training employees on these policies and ensuring their understanding is equally vital. Additionally, companies must track training records and allegations of policy violations, making them readily available for review. Next both ongoing monitoring and continuous improvement must be utilized. Finally do not forget the need for disciplinary frameworks, with repeat offenders and senior employees potentially facing more severe discipline.

The enforcement crackdown by the SEC and CFTC has already resulted in significant penalties, with fines totaling a staggering $550 million. J.P. Morgan was the first bank to face such a settlement decree, setting a precedent for other banks to follow. This raises speculation about whether the misconduct will continue and if there will be additional enforcement actions in the future. While some large securities firms have not yet been targeted, it is crucial for all regulated industries to take note and proactively address compliance issues.


As noted above, the use of improper messaging apps for business communication is a major concern for regulators. Moreover, these violations of securities laws that occurred due to employees using ephemeral messaging apps like WhatsApp and Snapchat, which disable record preservation. Once again, even more alarming is the involvement of supervisory employees and managers in using these apps, further angering the regulators. The SEC’s requirement for an independent compliance consultant in multiple settlements indicates a focus on corporate culture and the need to address senior managers’ involvement.

While these enforcement actions focused on regulated industries, it raises an important question about whether non-regulated industries could also face similar exposure to the SEC. The Justice Department has emphasized the importance of taking messaging and communication app risks seriously for all companies. Therefore, even if a company operates outside the purview of specific regulations, it is crucial to consider the potential risks and consequences associated with using improper messaging apps for business purposes. As Kelly noted in a Radical Compliance blog post, “That is a terrible look for a company. It paints the picture of a management team not interested in good ethical conduct, and we all know how that goes over with the Justice Department when evaluating the state of your compliance program.”

We desired to shed some light on the recent enforcement actions against regulated industries for their lack of compliance in policing messaging apps. The fines and penalties imposed by the SEC and CFTC highlight the seriousness of these violations. It is evident that companies must implement reforms, establish robust policies and procedures, and prioritize employee training to ensure compliance. The conversation also underscores the potential risks and consequences of using improper messaging apps for business communication. Regardless of industry, it is crucial for all companies to prioritize compliance and take proactive measures to address these concerns. By doing so, companies can foster a culture of integrity and avoid the hefty fines and reputational damage associated with non-compliance.


[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox - Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox - Compliance Evangelist

Thomas Fox - Compliance Evangelist on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide