Skip to main content

SEC Probes Recordkeeping Lapses Arising from Use of Personal Emails and Messaging

Kelly Ruane Melchiondo
Blog ImageIn the last few weeks, several major U.S. financial institutions have disclosed to investors that the United States Securities and Exchange Commission (“SEC”) and/or the Commodities Future Trading Commission (“CFTC”) are investigating the institutions’ employees’ alleged use of unapproved messaging methods, including personal texts and emails, to conduct official business.  

In late February, Goldman Sachs advised investors that it was cooperating with an SEC probe over “business communications sent over electronic messaging channels.” In its annual report several days later, Citigroup, Inc. disclosed that Citigroup Global Markets, Inc., the bank’s securities arm, is “cooperating” while the SEC investigates its employees’ “compliance with record-keeping obligations for broker-dealers” in connection with “business-related communications sent over unapproved messaging channels.”  And finally, HSBC Holdings, PLC warned in its annual report that the CFTC is investigating its employees’ use of “non-HSBC approved messaging platforms for business communications.” 

These three disclosures come nearly three months after the SEC and CFTC fined JP Morgan Chase & Co. nearly $200 million for recordkeeping violations that stemmed from “widespread” employee use of personal text messages and email that were not preserved- violating federal regulatory recordkeeping requirements for securities broker-dealers.  In the case of JP Morgan & Chase, “widespread” meant that over 100 employees, at all levels of the company, sent tens of thousands of text and WhatsApp messages, and personal email, from January 2018 through November 2020.  The SEC alleged that the lack of adequate recordkeeping hampered several SEC investigations.  

Federal financial institutions regulators such as the SEC have long required securities broker-dealers to not only closely monitor their employees’ business communications, but to retain them.  Financial institutions have found monitoring and preservation to be increasingly more difficult with the proliferation of personal email and text messaging services.  The COVID-19 pandemic and Work from Home policies further complicated institutions’ oversight of their employees’ activities.  Regulated entitles have responded to what is perceived to be an SEC crackdown on personal communications by monitoring employees’ messaging apps, or asking employees for access to their personal devices for the sake of recordkeeping.

Email and text messaging are here to stay.  While the SEC’s and CFTC’s probes pertain to financial institutions with mandatory recordkeeping requirements, the investigations should serve as a reminder to all employers to be aware of how employees are using, transmitting or receiving data.  From a data privacy, security, and even e-discovery perspective, employers should discourage their employees—in any industry—from using their personal devices, email, and messaging accounts to conduct work. When there may be uncertainty as to the optimal policies and procedures required to help avert legal exposure, companies should consult competent counsel.
Financial Services Watch Blog May 3, 2022
Last month, the U.S. Securities and Exchange Commission (“SEC”) proposed rules in response to a surge in recent years of non-traditional IPOs by SPACs. Notwithstanding their increased prevalence, SPACs’ operations and their risk profiles are often not clear to interested investors,...
International Tax & Wealth Planning Conference April 27, 2022
Paul J. D'Alessandro, Jr. and David M. Seifer participated in a panel discussion titled Cryptocurrency: The Basics, Tax Implications, and Initial Planning Observations at Bilzin Sumberg’s International Tax and Wealth Planning Conference.
Privacy Portal Blog April 13, 2022
The Robert Wood Johnson Foundation, a non-profit focused on fostering healthy communities, defines digital redlining as “major network providers systematically excluding low-income neighborhoods from broadband service – deploying only sub-standard, low-speed home internet.”Last mon...