As part of their widespread investigations, the regulators found that the firms’ employees used personal devices to communicate over unauthorized messaging platforms regarding the firms’ businesses, and that the firms failed to maintain or preserve the majority of those communications in violation of Rule 17a-4(b)(4) of the Securities Exchange Act of 1934, Rule 204-2(a)(7) of the Investment Advisers Act of 1940, Sections 4(g), 4s(f)(1)(C) and 4s(g)(1) and (3) of the Commodity Exchange Act, and several CFTC Regulations. The regulators also found that the firms failed to adequately enforce policies and procedures that prohibit such communications and that they failed to reasonably supervise employees within the meaning of Section 15(b)(4)(E) of the Exchange Act, Section 203(e)(6) of the Advisers Act, and CFTC Regulation 166.3.
The regulators noted that on several occasions, senior executives and supervisory personnel responsible for ensuring compliance with the firms’ policies and procedures were themselves engaging in the use of unauthorized methods of communication in violation of federal laws. In some instances, senior executives even directed employees to use the unauthorized messaging platforms and to delete their messages.
The use of unauthorized methods of communication became especially concerning as employees throughout the industry began to work from home during the pandemic. Several of the SEC Orders assert that employees of all different seniority levels exchanged “tens of thousands” of unsupervised business-related messages concerning, among other things, broker-dealer business, investment strategy, client meetings, and communications about market analysis, activity trends or events in equity markets.
The SEC and CFTC also noted that during the relevant period, many of the firms received and responded to subpoenas for documents and records in connection with SEC and CFTC investigations. The SEC and CFTC noted that the firms’ failures to maintain and preserve communications likely deprived the SEC and CFTC of these communications in various investigations. Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, previously cautioned that communications traveling through unsupervised channels might also contain evidence of violations of the law or other wrongdoing by various actors.
In connection with the charges announced on September 27, 2022, CFTC Commissioner Kristin N. Johnson noted that firms have an obligation to keep up with changing technology and must instill a culture of compliance at all levels of their organization. Likewise, Commissioner Christy Goldsmith stated that firms must “stop waiting for an enforcement action before they change their practices”, describing the wrongful conduct as “widespread, evasive, directed or sanctioned by senior bank executives, and a clear violation of the law and internal bank policies.” Commissioner Goldsmith also noted that “[i]t was well known within these banks that their internal policies were being flagrantly violated . . . [b]ut no one stopped it.”
SEC Director Grewal described recordkeeping requirements as “sacrosanct” and stated that “[o]ther broker dealers and asset managers who are subject to similar requirements under the federal securities laws would be well-served to self-report and self-remediate any deficiencies.”
Client Alert 2022-340