The WhatsApp record-keeping violations that brought banks $1.8B in fines

The Securities and Exchange Commission named WhatsApp and Signal as communication channels that investment bankers, including some executives, used for broker-dealer business even though their institutions did not authorize their use or monitor the messages.
Brent Lewin/Bloomberg

Eleven investment banks and their affiliates will collectively pay historically high penalties after admitting to failures to monitor messages their employees sent on unauthorized messaging platforms.

The Securities and Exchange Commission and the Commodity Futures Trading Commission both announced fines against the firms on Tuesday, after a yearlong investigation into investment bankers' use of unauthorized, unmonitored messaging platforms. The penalties add up to $1.8 billion.

The fines came after the SEC found similar wrongdoing by JPMorgan, which resulted in $200 million total in fines last year. 

The billions of dollars in fines send a strong message to all investment banks that they must keep their employees off of unmonitored messaging channels.

"Today's actions — both in terms of the firms involved and the size of the penalties ordered — underscore the importance of record-keeping requirements: they're sacrosanct," said Gurbir Grewal, director of the SEC's Division of Enforcement. "If there are allegations of wrongdoing or misconduct, we must be able to examine a firm's books and records to determine what happened."

Pervasive misconduct

The conduct by each of the penalized banks is substantially the same, with all admitting to failing to comply with record-keeping requirements on broker-dealers and investment advisors. The methods the SEC used in its investigation were also largely the same.

Bank of America faces the largest total penalty of the group with a $125 million fine from the SEC and $100 million fine from the CFTC.

In its investigation into Bank of America's record-keeping practices, the commission uncovered "pervasive off-channel communications" at senior levels of the firm's investment banking operation. The commission requested off-channel communications data from a sampling of approximately 30 broker-dealer personnel and found that nearly all had engaged in off-channel communications.

SEC And CFTC Chairs Testify Before House Appropriations Subcommittee
SEC Chair Gary Gensler, pictured here at a May hearing of the House Appropriation Subcommittee, said in the announcement of the agency's fines that the 11 penalized banks had failed to honor their record-keeping obligations, which he said were "vital to preserve market integrity."
Al Drago/Bloomberg 

In one example the commission cited, a Bank of America managing director leading the investment bank's U.S. operations "sent and received thousands of off-channel, business-related messages" with fellow supervisors, his own supervised employees, investment banking clients, and personnel at other financial services firms.

The SEC said the failure to monitor these communications meant the bank also failed to reasonably supervise employees to ensure they were not participating in insider trading.

Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley and UBS each face $125 million fines from the SEC and $75 million fines from the CFTC, for similar violations. 

Smaller investment banks Jeffries, Nomura, and Cantor Fitzgerald will each pay $100 million or less to the government agencies.

A spokeswoman for Citi said the bank was "pleased to have these matters resolved." Spokespeople for Barclays and Credit Suisse declined to comment.

A spokesman for Deutsche Bank said the bank "cooperated with our regulators on this industry-wide matter," and that it had "proactively deployed fully compliant and convenient text and chat platforms and will continue to scale these technologies to meet the expectations of our regulators and our clients."

Unapproved channels

WhatsApp is the only named example of an unapproved messaging platform in each of the 11 orders by the SEC, except for Signal, which the SEC cited as an example of a messaging platform Jeffries employees used. The SEC referred to business-related messages sent on these unapproved, unmonitored platforms as "off-channel messages."

In the case of Deutsche Bank, WhatsApp was an approved and monitored messaging platform, but bank employees also used unapproved WhatsApp accounts, which the bank did not monitor.

Most of the SEC's 11 orders indicate that bank employees, including "senior-level executives," sent and received off-channel messages. In most cases, the SEC said, bankers exchanged "tens of thousands" of off-channel messages over a nearly four-year period starting well before the pandemic, from January 2018 to September 2021.

Key Speakers At DC Blockchain Summit
In a statement accompanying the CFTC's penalties announcement, Christy Romero said "Wall Street serves as the first line of defense against insider trading, market manipulation and other illegal behavior," but that investment banks cannot fulfill that role when their senior executives violate company policies on unauthorized messaging platforms.
Valerie Plesch/Bloomberg

In several instances, senior executives allegedly directed employees to use unauthorized communications channels and delete messages and lied to investigators, according to CFTC Commissioner Christy Romero.

Specifically, the CFTC found evidence of offline communications at Nomura, and Nomura traders then "took efforts to obstruct the investigation," Romero said. She added that one trader deleted "incriminating" messages after the CFTC sent a request to preserve documents.

Remedial actions

The SEC credited all penalized banks with "promptly" undertaking remedial actions and cooperating with the investigations, and the SEC outlined additional steps Deutsche Bank and Morgan Stanley had taken.

According to the SEC, Deutsche Bank's remedial steps included widely provided, specifically focused trainings; clear messaging to employees from senior management regarding the use of unauthorized apps; swift employment actions up to and including termination; "significant investments" in new technologies to facilitate compliant communications; and hiring a consultant to assist in vetting control updates.

Smarter tech solutions can help banks worried about fines from regulators keep their employees on authorized apps and devices.

September 7

According to the SEC, Morgan Stanley "imposed disciplinary sanctions" on employees who the bank found (in the course of internal investigations) violated the firm's policies against off-channel communications, up to and including termination. The bank also implemented technological improvements to address the risk of employees engaging in off-channel communications.

Each of the 11 investment banks must hire a compliance consultant to review the bank's policies and procedures related to off-channel communications and provide recommendations to the banks. Each bank will then have 90 days to adopt the recommendations or protest that they are too burdensome. After one year, the consultants will reevaluate each bank on its progress.

For reprint and licensing requests for this article, click here.
Industry News Compliance reviews Compliance Regulation and compliance
MORE FROM AMERICAN BANKER