SEC and CFTC Send Powerful Message with $2 Billion in Fines Related to Social Media and Textual Record-Keeping Failures – Financial Services

To print this article, all you need to do is be registered or log in to

The SEC and CFTC recently indicted 11 major financial institutions and their affiliates for failing to collect, monitor and retain communications via WhatsApp and other messaging services. These settlements follow a late 2021 SEC settlement with another large company over similar issues in which that company was fined $125 million.

Most companies were also required to admit wrongdoing, which is quite rare compared to the typical “no admit/no deny” rules used by the SEC and CFTC. These regulations follow renewed criticism from some SEC and CFTC officials regarding lax enforcement penalties and the use of no-admit/no-deny regulations.

Since the dawn of email and chat, and then personal mobile devices, the financial services industry has struggled to determine how best to monitor and maintain employee communications in accordance with applicable rules. Companies must balance regulatory expectations with the practical reality that compliance in this area is largely dependent on staff following company policies. Regulators have sent a powerful message with these regulations: the method, means and media of written communication do not matter – you must comply with the rules for keeping records of communications.

The regulations recognize that the companies had in place various policies and procedures designed to prevent employees and supervisors from using unmonitored/unapproved messaging applications, requiring the use of only monitored communication methods, requiring regular training employees and requiring an annual certificate of compliance from employees. Nonetheless, the SEC and CFTC found that institutions did not have an effective tracking and review system in place to determine that staff were not using personal devices and prohibited communication methods.

In addition to the fines companies must pay, each SEC settlement requires the defendant to retain an independent compliance consultant and conduct an internal audit, the costs of which are likely to be significant.

The SEC said in its press release that its investigations are continuing and the director of the SEC’s Enforcement Division said that other financial institutions would be “well served to report and remedy any issues themselves.” [similar]deficiencies. One of the companies that settled is an SEC-registered investment adviser. This is important because most of the SEC’s standalone enforcement actions targeting personal messages have focused on SEC-registered broker-dealers without similar unlawful conduct among affiliated investment advisers. has not been observed. This trend could change with more actions against advisors on the horizon.

We will continue to monitor enforcement trends from the SEC, CFTC and other US regulators.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR ARTICLES ON: Finance and Banking of the United States

Term Sheet Guide for Startups and Investors

Amini & Conant

Owners of startups, VCs, and other businesses often use term sheets, which are non-binding agreements that outline the terms and conditions of a

CFPB Report on Buy Now, Pay Later

Debevoise & Plimpton

On Thursday, September 16, 2022, the Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) released a report (the “Report”) detailing the regulatory risks of Buy Now, Pay Later…


Add Comment