Several major Wall Street firms were forced to pay the price to the collective tune of $1.8 billion this past week over “longstanding record-keeping shortcomings” uncovered as part of a lengthy government investigation. The United States Securities and Exchange Commission (SEC), in a joint effort with the Commodities Futures Trading Commission (CFTC), announced on September 27th that a total of 16 American and international banking and investment staples – a list that includes notable names such as Bank of America, Citigroup, Goldman Sachs, Morgan Stanley and others – failed to maintain and preserve the electronic communications of their employees appropriately, culminating in increased exposure to potential risks for themselves and their clientele over a three year span.
U.S. federal investor-protection laws require that banks keep records of all relevant communications between clients and brokers, and firms are required to closely monitor such correspondence to limit unethical conduct and allow for a paper trail to be intact when reviewing compliance protocols. The widespread industry probe ultimately uncovered that between January 2018 and September 2021, bank employees of the aforementioned institutions casually and frequently discussed business matters over WhatsApp, Slack and other familiar messaging applications and channels, often on personal devices, without the firms in question keeping any proper log of said messages – a direct violation of current federal securities compliance policies and procedures for market participants.3 Analysts believe this trend was further compounded by the fact that employees of financial institutions were largely working remotely from home and other unsecure locations during the better part of the Covid-19 pandemic. This meant that discussing business over messaging apps became a relatively common practice in spite of the potential hazards involved for all parties. Unfortunately, keeping proper tabs on the pertinent information discussed in these messages was not nearly as common of a practice.
What the investigation also revealed was that low-level banking officials did not carry out these transgressions alone, as several top financial executives have also caught heat as additional findings of the probe have been released. CFTC representatives working the case noted that one common theme discovered in their investigation was that the very people charged with maintaining a bank’s integrity on multiple occasions directed employees to use unauthorized communications channels, with some executives even lying to the CFTC and SEC over their respective roles in these practices.4 For example, Bank of America’s head of trading told his subordinates to delete messages and switch to secretive messaging techniques while the CFTC’s investigation was already under way. In response to the fines, CFTC Commissioner Christy Goldsmith Romero stated, “It’s time for Wall Street to stop waiting for an enforcement action before it changes its practices”. She continued, “Tone at the top must change on Wall Street. Change can only happen if the banks’ C-suite establishes a culture of compliance over evasion.”1
Thus far, Bank of America, Barclays, Citigroup, Goldman Sachs and Morgan Stanley have proactively admitted wrongdoing and will pay $125 million each.4 JPMorgan, another notable firm tied to these developments, reached a $200 million resolution over similar illegal messaging and emailing escapades seen amongst employees earlier this summer, activity that the SEC deemed could have an impact on investigations and regulatory monitoring of banking activities. While the scope of these fines is definitely on the uptick (the previous record SEC fine for similar activity dating back to 2006 was a mere $15 million levied against Morgan Stanley) it has become evident that the world’s big banks view penalties of this variety as nothing more than the cost of doing business. Unfortunately, smaller banks named in the probe who do not have the luxury of having hundreds of millions of dollars at their disposal to simply throw away to settle these fines will not be able to deal with these mistakes the same way their larger counterparts can. As such, smaller institutions must be more vigilant and thorough with their record-keeping, so as not to be crippled by fines from other regulatory bodies
Since the investigation reached its conclusion, several of the big banks have done their usual PR song and dance, vowing to address the problem. The solution for a few appears to be committing to hiring dedicated employees whose job is simply to monitor communications and the related record-keeping requirements, acting as a sort of “WhatsApp cops.”2 Others will likely seek to address the implementation of proper technical controls to better prevent wrongdoing of this variety from occurring. All told, the investigation further highlights the fact that data loss prevention remains an integral piece of the regulatory compliance puzzle for all financial services firms – even across the most unconventional of platforms.
- Bhattacharya, Ananya. “Wall Street Bigwigs Face $1.8 Billion in Fines over Texts and WhatsApp Messages.” Quartz, Quartz, 28 Sept. 2022.
- Surane, Jennifer. “Wall Street Banks Settle Sec’s Whatsapp Probe for $1.1 Billion (GS, C, MS, BAC).” Bloomberg.com, Bloomberg, 27 Sept. 2022.
- “U.S. Fines 16 Wall Street Firms $1.1 Billion over Record-Keeping Failures.” CNBC, CNBC, 27 Sept. 2022.
- “Why Does the $1.8B Fine on US Big Banks Make Data Loss Prevention Essential for All Financial Services Firms?” Polymer, 30 Sept. 2022.