Major banks such as JPMorgan Chase, Citigroup, and Bank of America are collectively facing more than $1 billion in regulatory fines, after employees used unapproved communication tools, such as private email and messaging apps like WhatsApp.
The U.S. Securities and Exchange Commission (SEC) discovered the violations after probing several banks’ record-keeping practices relating to the use of personal devices in 2021, as first reported in a previous Reuters exclusive.
The Commodity Futures Trading Commission (CFTC) is also investigating the situation as well, according to recent bank disclosures.
The investigators at the two federal agencies said they were concerned that unauthorized communications on bankers’ personal phones regarding, deals, trades, and clients would be completely lost, making it harder to look for any violations.
Officials said they were repeatedly hindered by some firms for not archiving communications as required, according to Bloomberg.
The SEC and the Financial Industry Regulatory Authority (FINRA), Wall Street’s self-regulatory body, requires that broker-dealers keep records of all business-related communications.
Banks need to walk a fine line to comply with those requirements without infringing upon employees’ privacy, but there is no clear-cut legal basis on which financial institutions can require the inspection of their employees’ personal communications in the United States, while other countries forbid such a practice as a violation of privacy.
However, most American financial firms ban the use of personal email, texts, and other social media channels for work purposes, but the wave of proliferation in communication apps has made this a challenge to enforce, especially after many employees started working at home during the pandemic.
The scrutiny over unauthorized devices intensified after the Biden administration appointed Gary Gensler as the new chairman of the SEC in April 2021.
After investigating JPMorgan Chase over lapses in self-enforcement, which the bank admitted to in August 2021, the agency conducted an industrywide sweep across the financial services industry to discover how many business-related communications were missing.
Gurbir Grewal, SEC’s head of enforcement, warned in October 2021 that financial institutions must stay on top of the many “issues raised by the increased use of personal devices, new communications channels, and other technological developments.”
The Fines Pile Up
The investigation is now expected to result in about 10 banks paying fines totaling around $2 billion.
According to recent disclosures, JP Morgan Chase’s broker-dealer subsidiary was fined $200 million last year by the SEC and CFTC for its widespread failures to preserve private staff communications.
Morgan Stanley tentatively agreed in July to pay $125 million to the SEC and $75 million to the CFTC, and has already earmarked $200 million in its second-quarter earnings to prepare for the penalty.
Bank of America has set aside about $200 million in the second quarter for litigation tied to unauthorized electronic messaging, and said in late July that it was in settlement talks with the SEC and the CFTC.
Citigroup admitted, in a disclosed regulatory filing in February, that it is under investigation by the SEC regarding unapproved communications. The fine is allegedly the same as its peer competitors, but Citi has yet to disclose the specific amount it set aside to deal with the matter.
Goldman Sachs said it was in “advanced discussions” with the SEC and CFTC to resolve the probes in its second-quarter filing.
Meanwhile, foreign-owned firms are being forced to pay similar penalties as their American counterparts.
Barclays, for example, said it had reached an agreement in principle to pay a similar $200 million fine, according to the company in its July half-year earnings report, while Credit Suisse would also set aside a $200 million litigation provision.
Deutsche Bank announced in late July that it too has set aside €165 million in provisions for potential regulatory enforcement. UBS Group said that American regulators were currently conducting investigations relating to illicit business communications.
Firms are also being forced to dismiss traders and senior managers for violating communications policy.
HSBC, which has been facing a probe over the issue since February, recently fired a trader in London after scrutinizing the personal mobile phones of staff in relation to the SEC investigation.
Fines above $100 million have been outliers in both Democrat and Republican administrations, and were normally only imposed on big firms based on serious claims of investor harm.
Many attorneys and executives at the banks are shocked at the level of the fines, as there was no alleged claims of financial harm toward their clients by the agency regulators.
“The fines are high to try to serve as a deterrent,” said Mark Berman, a regulatory consultant at CompliGlobe to the Wall Street Journal.
“On the other hand, Democrats like to increase the amount of fines. In this case, it is probably more of the former, because they have to send a really strong message.”
The SEC and the CFTC will announce the deals with the banks by Sept. 30, at the end of the government’s current fiscal year, in order to put the penalties in the government’s annual enforcement statistics.
Reuters has contributed to this report.