US regulators have announced a combined $549m in penalties against Wall Street firms that failed to maintain electronic records of employee communications.
The SEC announced charges against 11 firms for “widespread and longstanding failures” to maintain records, including by allowing employees to use unsupervised side channels, such as the messaging apps WhatsApp, Signal, and iMessage, the regulator said.
The Commodity Futures Trading Commission (CFTC) issued orders simultaneously filing and settling charges against the swap dealer and futures commission merchant affiliates of four financial institutions, citing CFTC recordkeeping requirements.
The businesses had recently reported that they were either in the process of settling the charges with one or more regulators, were being investigated, or had received requests for information in SEC filings.
Tuesday’s roundup of businesses by the SEC involved 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser. The businesses were;
- Wells Fargo Securities;
- Wells Fargo Clearing Services;
- Wells Fargo Advisors Financial Network;
- BNP Paribas,
- SG Americas Securities;
- BMO Capital Markets;
- Mizuho Securities USA;
- Houlihan Lokey Capital;
- Moelis & Company;
- Wedbush Securities;
- SMBC Nikko Securities America.
The CFTC brought charges against Wells Fargo, BNP Paribas, Societe Generale, and the Bank of Montreal.
“So here are three takeaways for those firms who haven’t yet done so: self-report, cooperate and remediate. If you adopt that playbook, you’ll have a better outcome than if you wait for us to come calling.”Gurbir S Grewal, Director, SEC’s Division of Enforcement
The orders said the businesses failed to ensure that employees – including supervisors and senior-level employees – complied with communications policies and procedures, each registrant failed to maintain hundreds (if not thousands) of business-related communications and thereby violated SEC and CFTC recordkeeping and supervision provisions.
“To date, the Commission has brought 30 enforcement actions and ordered over $1.5 billion in penalties to drive this foundational message home. And while some broker-dealers and investment advisers have heeded this message, self-reported violations, or improved internal policies and procedures, today’s actions remind us that many still have not,” said Gurbir S Grewal, Director of the SEC’s Division of Enforcement, in the agency’s press release.
“So here are three takeaways for those firms who haven’t yet done so: self-report, cooperate and remediate. If you adopt that playbook, you’ll have a better outcome than if you wait for us to come calling,” he said.
Sanjay Wadhwa, Deputy Director of Enforcement said the 11 firms settling these actions have acknowledged their conduct violated the law regarding these crucial requirements, and are implementing measures to prevent future similar violations. “However, we know that other SEC-regulated entities have committed similar violations, and so our work to enforce industry-wide compliance continues,” he said.
The businesses were ordered to cease and desist from future, related violations, and they agreed to retain independent compliance consultants to help conduct comprehensive reviews of their policies and procedures relating to the retention of electronic communications found on personal devices and their frameworks for addressing non-compliance by employees with those policies and procedures.
CFTC’s Romero speaks out
CFTC Commissioner Christy Goldsmith Romero issued a public statement yesterday to note her support of the enforcement actions issued from her agency, pointing out that the CFTC actions involve admissions of wrongdoing, high penalties, and a promise to fix internal policies and practices so such issues can be prevented, better detected and promptly corrected.
A disturbing aspect of these cases was that the use of these off-channel apps without proper recordkeeping was being done by some senior officials – and even some of those responsible for compliance.
“The CFTC will not allow Wall Street or foreign banks to undermine our law enforcement by evading requirements to keep communications surrounding trading. The Commission’s offline communication cases are not merely ‘technical’ violations, but instead go to the core of public interests in financial regulator visibility into those it regulates to protect markets and investors,” Romero said.
She said efforts to hide the motivation for trades make it harder for the government to establish the intent required to prove fraud, market manipulation, and other illegal acts, hindering the government’s ability to protect markets and investors.
And she said a disturbing aspect of these cases was that the use of these off-channel apps (which violated internal policies) without proper recordkeeping (which violated agency rules) was being done by some senior officials – and even some of those responsible for compliance.
She said she worries that as private communication tools evolve, there will be a greater ability and temptation to evade regulatory requirements and keep the CFTC in the dark.
Wells Fargo fined most
Wells Fargo, the fourth biggest US bank by assets, racked up the most fines on Tuesday, with $200m in penalties.
Fines related to the issue over the last couple of years have totaled more than $2bn when both agencies’ penalties are combined, and enforcements have come in round-up actions against multiple businesses before.
The regulators on Tuesday exhorted businesses to stop waiting for an enforcement action to happen and to make lasting changes in their businesses to prevent these violations.
The officials’ quoted remarks, particularly the ones from Romero, were quite pointed and showcased exasperation over the persistence of these businesses in not learning from the costly mistakes of others or the clear, hard line the regulators are taking when it comes to this issue.