Latest round of fines for financial institutions for personal communications record keeping failures

15 August 2023

The US Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have issued a further round of fines to financial institutions that have fallen foul of the regulators’ record keeping requirements because of the way their employees have been communicating.

The American regulators had fined various financial institutions for substantially the same failings in autumn 2022 and spring 2023. In the latest round of fines, a further group of financial institutions have been disciplined because their employees have been engaging in business communications using unrecorded personal channels such as WhatsApp and Signal. As we explained in a previous article, regulators around the world customarily require financial institutions to monitor workplace communications and keep records. But this key plank of regulatory compliance is undermined where personal channels are used for work communications.

The SEC’s enforcement director Gubrir Grewal once again stressed the importance of self-reporting these failings when they occur, noting that the banks in this case had received reduced penalties to reflect their efforts to cooperate and remediate. Such advice translates well to the UK market, where the Financial Conduct Authority (FCA) expects firms to self-report if they believe they have uncovered a regulatory failing, and to offer a high degree of cooperation with their regulator.

It is likely only a matter of time before the FCA takes enforcement action in this area in the UK, but in the interim financial institutions that think they may have had similar problems should consider what remedial steps they can take. Any institution that thinks it may have an issue would be well-advised to seek legal advice on whether they ought to speak to their regulator now rather than wait for them to make contact.