Last week, the United States Securities and Exchange Commission (SEC) fined 16 Wall Street firms a total of $1.1 billion for recordkeeping violations based on the failure to maintain employees’ electronic communications, such as texts and WhatsApp messages, reflecting official business. The SEC’s concerns arose during investigations into other matters at those firms, when the firms produced relevant communications from the personal devices of a sample of employees. The process revealed that a substantial majority of those “off-channel” communications were not maintained by the firms.
The controlling recordkeeping requirements are found in the Securities and Exchange Act of 1934. The SEC has long required securities broker-dealers to closely monitor and preserve employees’ business communications. In 1997, the SEC extended these rules to electronic communications and set forth various requirements for the preservation of those records and the format in which they would be stored. The SEC proposed updates to these requirements in late 2021, underscoring the need for preservation while also updating the rules to better reflect the evolving technology in the field. Reiterating the government’s view that comprehensive recordkeeping is vital to market integrity, SEC Chair Gary Gensler warned that, “As technology changes, it’s even more important that registrants appropriately conduct their communications about business matters within only official channels, and they must maintain and preserve those communications. As part of our examinations and enforcement work, [the SEC] will continue to ensure compliance with these laws.”
As the SEC is well aware, financial institutions and other businesses have found it increasingly difficult to monitor and preserve employee communications. This problem is rooted in the proliferation of personal email, text, and messaging platforms. This task was made even more complicated by the COVID-19 pandemic and liberalized work-from-home policies, which together have introduced a new level of challenges to preserving communications arising from the convenience to employees of using personal devices for business purposes.
The SEC is not alone among regulators and enforcement agencies in its focus on electronic communication preservation. As part of the resolution against the 16 financial firms, the Commodity Futures Trading Commission assessed more than $700 million in penalties against many firms fined by the SEC. Furthermore, last month, the United States Department of Justice (DOJ) released a memorandum memorializing the remarks of Deputy U.S. Attorney General Lisa Monaco announcing updates to the DOJ’s corporate criminal enforcement policy. Known as the “Monaco Memorandum,” among other things, it directs prosecutors evaluating whether to give corporate cooperation credit to consider whether the business entity “has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms to ensure that business-related electronic data and communications are preserved.”
Like the DOJ, the SEC has expressed a determination to insist on compliance. Gurbir S. Grewal, the SEC’s Director of the Division of Enforcement, explained that the firms that settled “not only have admitted the facts and acknowledged that their conduct violated these very important requirements, but have also started to implement measures to prevent future violations. Other broker dealers and asset managers who are subject to similar requirements under the federal securities laws would be well-served to self-report and self-remediate any deficiencies.”
These various enforcement actions and directives serve as a reminder to all businesses, whether in the financial services industry or otherwise, of the importance of updating corporate document preservation policies and programs to address employee use of electronic devices. With the help of competent counsel, financial institutions and other companies might consider policies that discourage employees from using personal devices, personal email, social media, or messaging accounts to transact and document business. Counsel can assist companies in implementing these practices to track and preserve such communications to not only improve business functions, but also prepare for audits, government investigations, and litigation.