SEC and CFTC Sweep Uncovers "Egregious Misconduct" Related to Off-Channel Business Communications
Commentary by Steven Lofchie and Conor Almquist
Sixteen dually registered entities settled SEC and CFTC charges for recordkeeping and supervision violations related to "off-channel" communications involving employees' personal devices.
After an enforcement sweep, the SEC and the CFTC found that the firms failed to preserve the "substantial majority" of communications related to the business activities each firm conducted on messaging platforms like WhatsApp. The regulators said that the misconduct was "egregious and widespread," and involved employees at multiple levels of authority, including senior employees who are typically responsible for monitoring potential misconduct. As a result, the firms also failed to adequately supervise their employees and were unable to produce the communications when requested by the respective regulators. The regulators said that the misconduct also violates each firm's internal policies.
To settle the charges, each of the firms agreed to (i) cease and desist, (ii) a censure, (iii) a civil monetary penalty and (iv) undertakings to improve its supervision of "off-channel" communications, including retaining an independent compliance consultant. The monetary penalties paid to both the SEC and the CFTC total $1.8 billion.
CFTC Commissioner Kristin N. Johnson said that these cases present an opportunity to consider additional policies to deter this type of misconduct in the future. She emphasized that even new communication technologies must comply with the CFTC's recordkeeping requirements. CFTC Commissioner Christy Goldsmith Romero said that requiring the firms to admit guilt and pay high penalties echoes the CFTC's broader zero-tolerance message. "We will not allow Wall Street to undermine our law enforcement by obfuscating or deleting communications surrounding trading," she said.
Commentary
These cases demonstrate no systemic effort to conceal information from the SEC. The communications technology just moved ahead of the recordkeeping technology. While penalties were doubtless warranted, there should be some greater proportionality between the underlying violation and the penalty. That seems to be lacking here.
Commentary
In these Orders, the SEC and the CFTC make mention of electronic communication surveillance systems. Given the number of personal electronic devices capable of sending communications an average employee likely possesses, monitoring them in a meaningful way would, at minimum, present a huge logistical challenge. While firms are clearly able to monitor communications made through firm systems on personal devices, it is not clear how they could reasonably monitor the host of other potentially used messaging systems.
Perhaps a good start for firms might be (i) to emphasize to employees that essentially all communications internally with coworkers and externally with clients will be treated as communications relating to the business, (ii) to establish a clear procedure for making records of any inadvertent communications sent or received off firm-approved systems and moving such conversations appropriately, and (iii) to establish a system of internal flagging and escalation when using an unapproved communication platform. These steps could be particularly useful in preventing the sort of widespread violation that can arise when a manager suggests that an entire team move to an unapproved platform for convenience.
Related Articles
-
CFTC Commissioner Christy Goldsmith Romero called for regulators to stop routinely accepting "neither-admit-nor-deny" settlements and proposed a Heightened Enforcement Accountability and Transparency test that would require firms to admit wrongdoing as a condition of settlements.
