Earlier this week, the US Securities and Exchange Commission (SEC) revealed that 26 broker-dealers and investment advisers have agreed to pay combined civil penalties totalling over $392million, for unauthorised use of messaging services such as Whatsapp.
Firms and their employees are not allowed to use WhatsApp to communicate with colleagues, partners or customers, as it compromises each firm’s ability to monitor and record communications, as set out by stringent regulations enforced by the SEC.
Fines handed out varied significantly, with four firms paying $50million each and another four firms paying $2million or less.
Three of the guilty firms, self-reported their violations resulting in “significantly lower civil penalties than they would have otherwise,” the SEC said in a release. Gurbir S. Grewal, director of the SEC’s Division of Enforcement, added: “Among this group of firms, there are several that differentiated themselves by self-reporting prior to the staff’s investigation, demonstrating once again the real benefits of proactive cooperation.”
These 26 firms are not among the first to have been reprimanded for the same offences. In fact, the likes of Wells Fargo, Société Générale and BNP Paribas, were among those charged with the same offences in 2023.
Why are so many persisting in using WhatsApp and other disallowed messaging services in the investment space, especially when the SEC has made efforts to make this a high-profile issue?
“Financial and investment professionals want to meet clients where they live and that is on their phones using features such as text messaging,” says Shane Long, president and COO of SayHey Messenger, a compliant instant messaging platform designed for the financial services and other regulated industries.
“They may have good intentions, but by doing this, they immediately become non-compliant and that often leads to fines,” he explains.
‘The message from the regulator is becoming much louder’
The SEC looks set to continue to focus on these types of offences for the foreseeable future. Evgeny Likhoded, president of regulatory risk intelligence firm Corlytics, says: “Just recently, Corlytics revealed $47.05billion in regulatory fines since 2020. The share of enforcement actions related to digital communications has been growing significantly.
“We see that the SEC’s actions are part of an ongoing broader tightening scrutiny on how firms manage and preserve digital communications. It is shared by multiple regulators worldwide including FINRA, CFTC, ESMA, FCA, and the Hong Kong SFC.
“It isn’t by far the first instance of regulatory enforcement by the SEC in this area as well. But compared to some of the previous significant crackdowns by the SEC, such as the $125million fine imposed on JPMorgan Chase in 2021 and the $289million fines levied on firms like Wells Fargo and BNP Paribas in 2023 for similar compliance failures involving unauthorised messaging platforms, this time, the message from the regulator is becoming much louder – firms must prioritise compliance by integrating secure communication channels ensuring all employees business interactions are captured and retained.
“The record $393million settlement between 26 Wall Street firms and the SEC once again shows significant gaps in compliance. To ensure compliance in this increasingly stringent regulatory environment, companies need to focus on three key areas: clear, well-documented, comprehensive policies that are followed by all the employees, creating a strong culture of compliance across an organisation, and the integration of the most advanced digital tools to assist in reaching these goals.”
Where can firms turn to without risking compliance issues?
“This latest SEC fine shows that its hard stance against consumer messaging systems within financial institutes of all sizes remains. The most recent batch brings the total fines to over $2billion in the past 18 months,” explains Joe Boyle, CEO at Salt Communications, a secure and compliant communications network. “The SEC is hammering home that insecure and non-compliant ‘open’ systems are a huge operational threat.”
“Visibility and security remain the issue. Solutions like those provided by Salt Communications help major financial institutions avoid such fines by providing a secure and compliant ‘safe-haven’ communications network. This solution enables financial organisations to share critical information securely and efficiently, wherever they are, without relying on insecure consumer messaging apps.
“This not only safeguards sensitive data but also ensures that institutions meet all relevant SEC regulations, providing peace of mind and bolstering trust in an increasingly complex regulatory environment.”