Eleven investment banks and their affiliates will collectively pay historically high penalties after admitting to failures to monitor messages their employees sent on unauthorized messaging platforms.
The
The fines came after the SEC
The billions of dollars in fines send a strong message to all investment banks that they must keep their employees off of unmonitored messaging channels.
"Today's actions — both in terms of the firms involved and the size of the penalties ordered — underscore the importance of record-keeping requirements: they're sacrosanct," said Gurbir Grewal, director of the SEC's Division of Enforcement. "If there are allegations of wrongdoing or misconduct, we must be able to examine a firm's books and records to determine what happened."
Pervasive misconduct
The conduct by each of the penalized banks is substantially the same, with all admitting to failing to comply with record-keeping requirements on broker-dealers and investment advisors. The methods the SEC used in its investigation were also largely the same.
Bank of America faces the largest total penalty of the group with a $125 million fine from the SEC and $100 million fine from the CFTC.
In its investigation into Bank of America's record-keeping practices, the commission uncovered "pervasive off-channel communications" at senior levels of the firm's investment banking operation. The commission requested off-channel communications data from a sampling of approximately 30 broker-dealer personnel and found that nearly all had engaged in off-channel communications.
In one example the commission cited, a Bank of America managing director leading the investment bank's U.S. operations "sent and received thousands of off-channel, business-related messages" with fellow supervisors, his own supervised employees, investment banking clients, and personnel at other financial services firms.
The SEC said the failure to monitor these communications meant the bank also failed to reasonably supervise employees to ensure they were not participating in insider trading.
Barclays, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley and UBS each face $125 million fines from the SEC and $75 million fines from the CFTC, for similar violations.
Smaller investment banks Jeffries, Nomura, and Cantor Fitzgerald will each pay $100 million or less to the government agencies.
A spokeswoman for Citi said the bank was "pleased to have these matters resolved." Spokespeople for Barclays and Credit Suisse declined to comment.
A spokesman for Deutsche Bank said the bank "cooperated with our regulators on this industry-wide matter," and that it had "proactively deployed fully compliant and convenient text and chat platforms and will continue to scale these technologies to meet the expectations of our regulators and our clients."
Unapproved channels
WhatsApp is the only named example of an unapproved messaging platform in each of the 11 orders by the SEC, except for Signal, which the SEC cited as an example of a messaging platform Jeffries employees used. The SEC referred to business-related messages sent on these unapproved, unmonitored platforms as "off-channel messages."
In the case of Deutsche Bank, WhatsApp was an approved and monitored messaging platform, but bank employees also used unapproved WhatsApp accounts, which the bank did not monitor.
Most of the SEC's 11 orders indicate that bank employees, including "senior-level executives," sent and received off-channel messages. In most cases, the SEC said, bankers exchanged "tens of thousands" of off-channel messages over a nearly four-year period starting well before the pandemic, from January 2018 to September 2021.
In several instances, senior executives allegedly directed employees to use unauthorized communications channels and delete messages and lied to investigators,
Specifically, the CFTC found evidence of offline communications at Nomura, and Nomura traders then "took efforts to obstruct the investigation," Romero said. She added that one trader deleted "incriminating" messages after the CFTC sent a request to preserve documents.
Remedial actions
The SEC credited all penalized banks with "promptly" undertaking remedial actions and cooperating with the investigations, and the SEC outlined additional steps Deutsche Bank and Morgan Stanley had taken.
According to the SEC, Deutsche Bank's remedial steps included widely provided, specifically focused trainings; clear messaging to employees from senior management regarding the use of unauthorized apps; swift employment actions up to and including termination; "significant investments" in new technologies to facilitate compliant communications; and hiring a consultant to assist in vetting control updates.
Smarter tech solutions can help banks worried about fines from regulators keep their employees on authorized apps and devices.
According to the SEC, Morgan Stanley "imposed disciplinary sanctions" on employees who the bank found (in the course of internal investigations) violated the firm's policies against off-channel communications, up to and including termination. The bank also implemented technological improvements to address the risk of employees engaging in off-channel communications.
Each of the 11 investment banks must hire a compliance consultant to review the bank's policies and procedures related to off-channel communications and provide recommendations to the banks. Each bank will then have 90 days to adopt the recommendations or protest that they are too burdensome. After one year, the consultants will reevaluate each bank on its progress.