SEC and CFTC Show No Signs of Slowing Down Enforcement Actions for Financial Firms’ Use of Off-Channel Communications

Jonathan Barr, Patrick Campbell, John Carney, David Choi, Jimmy Fokas, Teresa Goody Guillén, Edward Jacobs, Alexandra Karambelas, Lauren Lyster, Jonathan New, George Stamboulidis
BakerHostetler
Contact
LinkedIn
Facebook
X
Send
Embed

BakerHostetler

Key Takeaways

  • Ten broker-dealers agreed to pay penalties totaling $289 million to the Securities and Exchange Commission (SEC) for failure to maintain and preserve “off-channel” electronic communications in violation of books and records requirements of the federal securities laws.
  • Swap dealer and futures commission merchant (FCM) affiliates of four financial institutions agreed to pay penalties totaling $260 million to the Commodity Futures Trading Commission (CFTC) for failing to maintain, preserve or produce off-channel communications as required under CFTC recordkeeping requirements.
  • These enforcement actions are a result of a continuing sweep by the SEC and CFTC to crack down on the use of off-channel communications, including text messages and instant messaging apps by financial firms’ employees to conduct business, and, in turn, the firms’ failure to preserve those messages.

Background

The settlements announced by the SEC and CFTC on Monday are a continuation of the regulators’ focus on off-channel communications by employees of registered entities. These enforcement actions were brought pursuant to long-standing books and records requirements of the SEC and CFTC regulating the maintenance and preservation of documents. Specifically, Section 17(a)(1) of the Securities Exchange Act of 1934 (the Exchange Act) authorizes the SEC to issue rules requiring broker-dealers to maintain and preserve records as necessary or appropriate in the public interest. The SEC adopted Rule 17a-4 pursuant to this authority, which, among other things, requires that broker-dealers preserve all communications received and sent relating to a firm’s business.[1] Similarly, the Commodity Exchange Act (CEA) requires registrants to “keep books and records of all activities related to its business as a swap dealer.”[2] Registrants are also required to “keep full, complete, and systemic records” of all swap activities, including “[r]ecords of each transaction.”[3]

The industry has seen a marked increase in similar enforcement actions and high-dollar penalties stemming from such violations in recent years. In December 2021, the SEC and CFTC imposed a combined total of $200 million in fines on JPMorgan Chase for the loss of work-related messages that were sent via apps on employees’ personal devices. Less than a year later, in September 2022, the SEC and CFTC announced settlements with 11 major financial firms for a combined total of $1.81 billion in fines in connection with the firms’ failure to maintain and preserve off-channel communications. Early this year, there were news reports that the SEC conducted a targeted sweep focused on private equity and hedge fund firms’ use of personal devices and on whether those communications were authorized or preserved. These reports prompted 10 financial industry trade associations to issue an open letter to SEC Chairman Gary Gensler in January, criticizing the commission’s actions as exceeding the scope of the recordkeeping provisions of the Investment Advisers Act of 1940 (Advisers Act).[4] And in May, HSBC Securities (USA) Inc. and Scotia Capital (USA) Inc. paid a combined $37.5 million in fines to settle actions with the SEC and CFTC for failing to preserve off-channel communications and for failing to adequately ensure compliance with policies forbidding the use of personal apps for business purposes. Both firms’ penalties were reduced due to voluntary disclosure and remediation efforts. Similarly, J.P. Morgan Securities LLC was hit with a $4 million fine by the SEC in June for the inadvertent failure to maintain more than 47 million electronic communications.

Additional Enforcement Actions

The SEC settled with the following broker-dealers for failure to maintain off-channel communications used by employees to conduct business:

  • Wells Fargo Securities LLC together with Wells Fargo Clearing Services LLC and Wells Fargo Advisors Financial Network LLC ($125 million penalty).
  • BNP Paribas Securities Corp. ($35 million penalty).
  • SG Americas Securities LLC ($35 million penalty).
  • BMO Capital Markets Corp. ($25 million penalty).
  • Mizuho Securities USA LLC ($25 million penalty).
  • Houlihan Lokey Capital Inc. ($15 million penalty).
  • Moelis & Co. LLC ($10 million penalty).
  • Wedbush Securities Inc.[5] ($10 million penalty).
  • SMBC Nikko Securities America Inc. ($9 million penalty).

The SEC characterized the use of off-channel communications, including with iMessage and Signal, as “longstanding” and “pervasive” going back to at least 2019. The SEC also noted that supervisors responsible for junior personnel routinely communicated off channel and charged the firms with violations of Section 15(b)(4)(E) of the Exchange Act for failure to supervise. The settled orders also required the broker-dealers to engage with an independent compliance consultant. The SEC has brought 30 enforcement actions and ordered over $1.5 billion in penalties for violations of books and records requirements in relation to off-channel communications. In the press release, Gurbir S. Grewal, director of the SEC’s Division of Enforcement, encouraged firms to self-report, cooperate and remediate for a “better outcome than if you wait for us to come calling.”

The CFTC settled with BNP Paribas S.A. and BNP Paribas Securities Corp. (BNP Paribas), Société Générale SA and SG Americas Securities LLC (Société Générale), Wells Fargo Bank NA and Wells Fargo Securities LLC (Wells Fargo) and Bank of Montreal. BNP Paribas, Société Générale and Wells Fargo each paid a $75 million penalty, while Bank of Montreal paid a $35 million penalty. According to a CFTC press release, each order found that the swap dealer and/or FCM failed to stop its employees from using personal text messages and instant messaging apps to conduct business and in turn failed to preserve those communications. The firms also violated Section 4s(h)(1)(B) of the CEA and Regulation 23.602(a) for failure to supervise, and the CFTC noted that senior-level employees also engaged in off-channel communications. The CFTC has brought enforcement actions against 18 financial institutions and ordered over $1 billion in penalties for violations of its recordkeeping and supervision requirements involving off-channel communications.

Conclusion

As discussed in previous alerts covering enforcement actions by the SEC and CFTC, as well as recent revisions to the Department of Justice’s corporate enforcement policies, the focus by regulators on the unsanctioned use of off-channel communications shows no signs of slowing, and additional enforcement actions should be expected. In the press release announcing the most recent settlements, Sanjay Wadwha, the SEC’s deputy director of enforcement, issued a warning to the industry, stating, “[W]e know that other SEC-regulated entities have committed similar violations, and so our work to enforce industry-wide compliance continues.”

In light of the SEC and CFTC’s clear focus on this issue, employers should endeavor to adopt robust policies governing the use of personal devices and have outside counsel review and update existing policies and procedures to adapt to the current regulatory climate. Employers must also continue to monitor compliance with these policies and procedures, as the regulators have made clear that the existence of a personal device policy alone is not enough. Rather, employers must demonstrate affirmative efforts to promote and ensure compliance. Should an employer discover the use of personal devices by its employees in violation of policies and procedures, the employer should immediately consult with outside counsel regarding remediation and potential self-reporting.

[1] Exchange Act Rule 17a-4(b)(4), 17 C.F.R. § 240.17a-4(b)(4).

[2] CEA § 4s(f)(1)(C), 7 U.S.C. 6s(f)(1)(C).

[3] Regulation 23.201(a).

[4] See Advisers Act Rule 204-2(a)(7), 17 CFR § 275.204-2, and Rule 206(4)-7, 17 CFR § 275.206(4)-7. Rule 204-2(a)(7) requires registered investment advisers (RIAs) to maintain records of certain types of written communications, and Rule 206(4)-7 requires RIAs to adopt and implement written policies and procedures reasonably designed to prevent violation of the act.

[5] Wedbush Securities Inc. is a dually registered broker-dealer and investment adviser and so was additionally charged with violating the recordkeeping provisions of the Advisers Act.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:

BakerHostetler
BakerHostetler
Contact
more
less

BakerHostetler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide