On Tuesday, September 27, 2022, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) announced that they had charged and reached settlements with multiple finance industry giants for “widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications.” A multi-month investigation by both agencies revealed that, from at least 2018 to 2021, employees at the firms had been communicating through private, unofficial channels—such as personal texts and WhatsApp messages—to discuss business matters. Because these communications were conducted through off-channel platforms, the content of the majority of these messages was not preserved for official recordkeeping purposes.
Between penalties levied by the SEC and CFTC, the following financial firms (along with some of their affiliates) agreed to pay nearly $2 billion total:
- Bank of America ($225 M)
- Barclays ($200 M)
- Citigroup ($200 M)
- Credit Suisse ($200 M)
- Deutsche Bank ($200 M)
- Goldman Sachs ($200 M)
- Morgan Stanley ($200 M)
- UBS ($200 M)
- Nomura ($100 M)
- Jefferies ($80 M)
- Cantor Fitzgerald ($16 M)
When charging these companies, the SEC pointed to Rule 17a-4(b)(4) under the Securities and Exchange act of 1934, which requires companies operating as broker-dealers to preserve all business communications—sent and received—from the previous three years. The CFTC imposes similar recordkeeping requirements on companies under Section 4 of the Commodity and Exchange Act.
Along with acting as a protection for individual investors, the proper archiving of such communications is a critical resource in enforcement investigations. In a press release by the SEC, Director of the Division of Enforcement Gurbir S. Grewal commented: “Today’s actions…underscore the importance of recordkeeping requirements: they’re sacrosanct. If there are allegations of wrongdoing or misconduct, we must be able to examine a firm’s books and records to determine what happened.”
The governmental agencies also determined that the companies did not have proper internal controls in place to monitor employees’ communication methods and recordkeeping compliance, stating that even senior executives were remiss in adhering to the companies’ policies. In each of the SEC settlements, it was noted that “…dozens of managing directors across the firm and senior supervisors responsible for implementing [the company’s] policies and procedures and for overseeing employees’ compliance with those policies and procedures, themselves failed to comply with firm policies by communicating using non-firm approved methods on their personal devices about the firm’s broker-dealer business.”
The firms acknowledged the majority of the facts set forth in the settlement agreements and have indicated that they are taking remedial measures to achieve and maintain compliance with the applicable regulations. Additionally, these enforcement actions are a warning shot to other similarly situated financial firms that need to clean up their own business communication practices.
If you have any further questions regarding recordkeeping compliance, please contact Ken Rashbaum.
