US market regulators have fined 15 banks and financial services firms $1.1 billion for “pervasive off-channel communications” along with “widespread and longstanding” failure to preserve records of communications.
The behaviour allowed executives to evade regulatory scrutiny and were in breach of federal securities laws.
Eight firms and five affiliates agreed to pay $125 million each for the compliance breaches. They include Barclays, Bank of America, Citi, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley and affiliates.
JPMorgan was fined the same sum in December 2021. All have agreed to bring in additional compliance consultants and review their “respective frameworks for addressing non-compliance” as regulators put it.
The failings occurred across all of the 16 firms and involved employees at multiple levels of authority, including supervisors and senior executives, said the Securities and Exchange Commission (SEC) on September 27.
WhatsApp and Telegram use are both understood by The Stack to have been widespread, although the SEC just referred to “text messaging applications on their personal devices” – firms had cooperated with the investigation by “gathering communications from the personal devices of a sample of the firms’ personnel. These personnel included senior and junior investment bankers and debt and equity traders.”
“Today’s actions – both in terms of the firms involved and the size of the penalties ordered – underscore the importance of recordkeeping requirements: they’re sacrosanct”, said the SEC’s Gurbir S. Grewal.
“These 16 firms not only have admitted the facts and acknowledged that their conduct violated these very important requirements, but have also started to implement measures to prevent future violations. Other broker dealers and asset managers who are subject to similar requirements under the federal securities laws would be well-served to self-report and self-remediate any deficiencies” the SEC enforcement director added.
With the shift to remote work organisations and even governments around the world are struggling to persuade staff to move away from the sheer convenience and ubiquity of WhatsApp and Telegram.
Banks, on this front, are clearly facing more scrutiny than governments.
In March 2022 transparency campaigners accused British ministers of conducting “government by WhatsApp” in the UK’s third-highest court, claiming that the widespread use by ministers and civil servants of self-destructing messages “on insecure platforms” including in the pandemic response was unlawful.
“Vast sums of public money pass hands following deals cooked up, in whole or in part, through these untraceable channels. They make it difficult or impossible for civil servants to act as proper stewards of public money. They pose a profound risk to national security… And their use guts the clear public interest… in good record-keeping” – that was according to non-profit the Good Law Project, which brought the case.
Yet despite finding that “Ministers, civil servants and unpaid Government advisors” had used WhatsApp widely, including its auto-delete function, the High Court on April 29, 2022 agreed with ministers including the Prime Minister that there was no legal duty on them to avoid the use of either WhatsApp or self-deleting messages.
Whilst there was legitimate public interest in retaining public messages, there was no legally binding requirement under the 1958 Public Records Act, the court found, saying the law left a “wide margin of discretion to the relevant body” and adding that Cabinet Office guidance explicitly urged the use of instant messaging.
The Good Law Project described this as “a decision with profoundly troubling consequences for those with interests in transparency, national security, and public record-keeping”.