The Securities and Exchange Commission and the Commodity Futures Trading Commission (CFTC) announced combined penalties of $555 million in the latest enforcement sweep to hit the financial services industry for widespread recordkeeping failures.
On Aug. 8, the SEC announced combined penalties of $289 million against 10 broker-dealers, including one dually registered broker-dealer and investment adviser (Wedbush Securities), for violating recordkeeping provisions. The CFTC announced an addition $260 million in combined penalties for similar violations.
The combined SEC and CFTC penalties, from highest to lowest, are as follows:
- Wells Fargo Securities, together with Wells Fargo Clearing Services and Wells Fargo Advisors Financial Network, will pay $200 million (a $125 million SEC penalty, and a $75 million CFTC penalty);
- BNP Paribas and BNP Paribas Securities will pay $110 million (a $35 million SEC penalty, and a $75 million CFTC penalty);
- Société Générale and SG Americas Securities will pay $110 million (a $35 million SEC penalty, and a $75 million CFTC penalty);
- Bank of Montreal and BMO Capital Markets will pay $60 million (a $25 million SEC penalty, and a $35 million CFTC penalty);
- Mizuho Securities USA will pay a $25 million SEC penalty;
- Wedbush Securities will pay $16 million (a $10 million SEC penalty, and a $6 million CFTC penalty);
- Houlihan Lokey Capital will pay a $15 million SEC penalty;
- Moelis & Company will pay a $10 million SEC penalty;
- Wedbush Securities will pay a $10 million SEC penalty; and
- SMBC Nikko Securities America will pay a $9 million SEC penalty.
In addition to the financial penalties, the SEC censured each firm and ordered them to cease and desist from future violations of the relevant recordkeeping provisions. Each firm further agreed to retain an independent compliance consultant to, among other things, “conduct comprehensive reviews of their policies and procedures relating to the retention of electronic communications found on personal devices and their respective frameworks for addressing non-compliance by their employees with those policies and procedures,” the SEC said.
SEC and CFTC Findings
According to both agencies, the firms admitted to the facts detailed in the orders. Both the SEC and CFTC found that all the firms for years had failed to stop their employees, including supervisors and senior executives, from engaging in business communications on their personal devices through various messaging platforms, including iMessage, WhatsApp, and Signal.
Additionally, the SEC and CFTC found that the firms failed to maintain or preserve most of these “off-channel” communications, as required to do so. “Recordkeeping failures, such as those here, undermine our ability to exercise effective regulatory oversight, often at the expense of investors,” said SEC Deputy Director of Enforcement Sanjay Wadhwa.
In its orders, the CFTC further found violations of the firms’ own internal policies and procedures, “which generally prohibited business-related communication taking place via unapproved methods,” the CFTC said. “Further, some of the same supervisory personnel responsible for ensuring compliance with the firms’ policies and procedures themselves used non-approved methods of communication to engage in business-related communications, in violation of firm policy.”
Under the SEC orders, the broker-dealers were charged with violating certain recordkeeping provisions of the Securities Exchange Act of 1934 and with “failing to reasonably supervise with a view to preventing and detecting those violations.” Wedbush Securities was additionally charged with violating certain recordkeeping provisions of the Investment Advisers Act of 1940.
Enforcement Sweep
The SEC and CFTC actions represent the latest enforcement sweep concerning employees’ use of off-channel communications in the financial services industry, and Wadhwa signaled more enforcement actions are on the way. “[W]e know that other SEC-regulated entities have committed similar violations, and so our work to enforce industry-wide compliance continues,” he said.
To date, the CFTC itself has brought enforcement actions against 18 financial institutions, totaling and over $1 billion in penalties, “for violations of the CFTC’s recordkeeping and supervision requirements involving the use of unapproved communication methods,” said Director of Enforcement Ian McGinley. “The Commission’s message could not be clearer—recordkeeping and supervision requirements are fundamental, and registrants that fail to comply with these core regulatory obligations do so at their own peril.”
SEC Enforcement Division Director Gurbir Grewal offered three takeaways for other firms: “Self-report, cooperate, and remediate. If you adopt that playbook, you’ll have a better outcome than if you wait for us to come calling.” 
Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.