Banks hit with $549 million in fines for use of Signal, WhatsApp to evade regulators’ reach

Wells Fargo, a relatively small player on Wall Street, racked up the most fines Tuesday, with a total of $200 million in penalties.

Banks hit with $549 million in fines for use of Signal, WhatsApp to evade regulators’ reach

U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler, testifies before the Senate Banking, Housing and Urban Affairs Committee during an oversight hearing on Capitol Hill in Washington, September 15, 2022.

Evelyn Hockstein | Reuters

U.S. regulators on Tuesday announced a combined $549 million in penalties against Wells Fargo and a raft of smaller or non-U.S. firms that failed to maintain electronic records of employee communications.

The Securities and Exchange Commission disclosed charges and $289 million in fines against 11 firms for "widespread and longstanding failures" in record-keeping, while the Commodity Futures Trading Commission also said it fined four banks a total of $260 million for failing to maintain records required by the agency.

It was regulators' latest effort to stamp out the pervasive use of secure messaging apps like Signal, WhatsApp or Apple's iMessage by Wall Street employees and managers. Starting in late 2021, the watchdogs secured settlements with bigger players including JPMorgan Chase, Goldman Sachs, Morgan Stanley and Citigroup. Fines related to the issue total more than $2 billion, according to the SEC and CFTC.

"Today's actions stem from our continuing sweep to ensure that regulated entities, including broker-dealers and investment advisers, comply with their recordkeeping requirements, which are essential for us to monitor and enforce compliance with the federal securities laws," Sanjay Wadhwa, Deputy Director of Enforcement at the SEC, said in the release.

The firms admitted that from at least 2019, employees used side channels like WhatsApp to discuss company business, failing to preserve records "in violation of federal securities laws," the SEC said Tuesday.

Fines, consultants

Wells Fargo, the fourth biggest U.S. bank by assets and a relatively small player on Wall Street, racked up the most fines on Tuesday, with a total of $200 million in penalties.

French banks BNP Paribas and Societe Generale were fined $110 million each, while the Bank of Montreal was fined $60 million. The SEC also fined Japanese firms Mizuho Securities and SMBC Nikko Securities and boutique U.S. investment banks including Houlihan Lokey, Moelis and Wedbush Securities.

The banks penalized on Tuesday declined to comment.

Apart from the fines, banks were ordered to "cease and desist" from future violations and hire consultants to review bank policies, the SEC said.

On Wall Street, company records of emails and other communications via official channels are often automatically generated to adhere to requirements that clients are treated fairly. But after some of the industry's biggest scandals of the past decade hinged on incriminating messages preserved in chatrooms, workers often leaned on side channels to conduct business.

Widespread practice

Encrypted messages sent on third-party platforms like Signal make it impossible for banks to record and retain logs of interactions. At Wells Fargo and other banks, the practice was pervasive, happening at all levels; even the managers responsible for enforcing the rules were guilty of the practice, regulators said Tuesday.

An analysis of 13 Wells Fargo employees, for instance, found that all had violated the bank's communications policies by using text messages to communicate with coworkers and market participants. They used the side channels to communicate with over 100 other employees, including senior supervisors, over thousands of messages, according to the CFTC complaint.

"Employees' use of unapproved communication methods was not hidden within the firm," the CFTC said. "To the contrary, certain supervisors—the very people responsible for supervising employees to prevent this misconduct—routinely communicated using unapproved methods on their personal devices."