The news: The Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) have levied fines totaling more than $1.8 billion against eight banks and three other financial institutions for failing to retain employee messages, per MarketWatch.
The FIs involved include Barclays, Bank of America, Merrill Lynch Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, Morgan Stanley, UBS, Jefferies, Nomura, and Cantor Fitzgerald.
Missing text messages: The banks will pay $125 million each, and the three other FIs will pay between $10 million and $50 million each as part of a settlement with the SEC for text and chat messages sent between January 2018 and September 2021.
Fundamental miscommunication: Rumors that the fines were coming swirled back in August, and now that the case has been settled, the amounts are official. The fines correspond with the penalty JPMorgan paid last year for similar offenses related to employee messaging record-keeping.
New ways of working: Communication via non-company-approved devices or platforms is highly risky. If allegations of misconduct arise, a company must be able to produce records for regulatory agencies to investigate. Failing to retain messages could land the company in serious trouble. But the bigger question that FIs must solve is “Why are employees opting to communicate using non-approved methods”?
Banks and FIs face tight regulation around record retention and other security and compliance requirements. Though some tools on the market may be more efficient, IT departments understandably need time to fully vet new tools before scaling them to the broader organization.
The big takeaway: The JPMorgan case led to a wider investigation into other FIs, which in turn led to the discovery of these missing messages. But no allegations of misconduct have been brought against the banks, signaling that no malicious intent has been imputed to employees’ use of personal devices and apps. The case does, however, highlight the need for IT departments within FIs to prioritize providing more efficient communication tools for their employees, and for compliance departments to develop rules and expectations around the use of company-approved solutions. These groups must not be afraid to enforce the rules, even at the executive level.
This article originally appeared in Insider Intelligence’s Banking Innovation Briefing—a daily recap of top stories reshaping the banking industry. Subscribe to have more hard-hitting takeaways delivered to your inbox daily.
11 Times SquareNew York, NY 100361-800-405-0844