The CFTC and SEC issued fines totalling USD $555 million for the pervasive unauthorised use of offline communications to conduct regulated business as well as failing to maintain, preserve, and/or produce records that were required to be kept under recordkeeping requirements.
While these enforcement cases involve banks falling within the CFTC and SEC’s jurisdictions, they are indicative of a wider trend of regulators cracking down on trading organizations’ use of unauthorised communications devices and related recordkeeping violations.
While many energy and commodity firms are not regulated, the use of communication applications such as iMessage in the USA, WhatsApp, Signal, Telegram in Europe, and WeChat and Line in Asia is prevalent in the sector. Is it just a matter of time before the regulators' focus shift to this sector?
These practices involved the use of private texts and platforms like iMessage, WhatsApp, and Signal as well as personal emails. The orders repeatedly describe how the investigations into these violations revealed that the majority of the employees whose communications were sampled were found to have used unapproved channels for conducting regulated business.
Interestingly, the SEC enforcement shared colour into the types of messages being sent on personal devices that should have been recorded including “investment strategy, discussions of investment banking client meetings, and communications about market colour, analysis, activity trends or events.” In addition, it notes that many off-channel communications were internal communications between managing directors and junior personnel under their supervision.
While some of these communications are specific to retail banking, others such as market colour and activity trends are normal course of business for energy and commodity firms.
Combined with previous penalties by both regulators on the same theme, the total fines to date exceed more than a staggering USD $2.5 billion (CFTC $1.0 billion and SEC $1.5 billion) and sends a resounding message of zero tolerance for evasive behaviour in this area.
CFTC Fines ($266 million) [click here and here]
The CFTC fined a group of Banks and one Broker-Dealer a total of USD $266 million for pervasive unauthorised use of offline communications to conduct regulated business including both US and Foreign National Banks as follows:
SEC Fines ($289 million) [click here]
In addition, the SEC fined and charged ten firms a total of USD $289 million (click here), three of which (Wells Fargo, BNP, and Wedbush Securities) were also fined by the CFTC as noted above. The USD $ fines are as follows:
SEC Commissioner Response
Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, delivered a simple yet powerful message to market participants: “So here are three takeaways for those firms who haven’t yet [self reported or improved internal policies and procedures]: self-report, cooperate and remediate. If you adopt that playbook, you’ll have a better outcome than if you wait for us to come calling.”
CFTC Commissioner Response
In her public statement in response to the enforcement decision (click here), CFTC Commissioner Christy Goldsmith Romero noted that “together with our previous offline communications enforcement actions, the Commission has levied over $1 billion in penalties against 18 Wall Street institutions and large foreign banks, sending a zero tolerance message to those who seek to evade regulatory oversight.”
The commissioner delivered a very strong message to firms that there is no room for error and firms must step up to ensure communications and record keeping adhere to regulatory requirements starting with culture from the top.
Several key messages from her speech are summarised below:
The CFTC's enforcement actions cast a spotlight on the need for a shift in the "tone at the top" within Wall Street and foreign banks. The illegal conduct, involving senior officials and compliance personnel, raises concerns about bank culture.
The enforcement actions not only identified violations of internal policies but also highlight a failure to enforce these policies effectively. The onus is on the C-suite to foster a culture of compliance, prioritizing transparency, and mitigating the risk of future transgressions.
The C-suite's role in shaping bank culture cannot be understated – a culture of compliance must supplant evasion to ensure a future free from regulatory breaches.
Commissioner Romero concludes noting “tone at the top dictates a bank’s culture and that tone must change on Wall Street and large foreign banks. The tone at the top the CFTC found was one of evasion, keeping regulators in the dark. Change can only happen if the bank’s C-suite establishes a culture of compliance over evasion. It is far past time for the C-suite to step up.”
The CFTC's enforcement actions placed equal emphasis on admission of wrongdoing as it did on financial penalties. Recognizing that accountability extends beyond monetary consequences, the CFTC required defendants to acknowledge their wrongdoings.
This dual approach aims to foster a culture of compliance over evasion, especially pertinent for entities with substantial resources, where admissions of guilt carry significant weight.
The CFTC's enforcement actions hold broader implications, extending beyond immediate penalties.
By unveiling the pervasive nature of unauthorized communication practices, the CFTC underscores its commitment to regulatory oversight and sends a clear message to the market: financial institutions must not evade the oversight they willingly embraced upon registering with the Commission.
This move signals an end to the era of evasive communication practices and demonstrates the CFTC's resolve to uphold market integrity.
As part of their settlements, the CFTC and SEC required the respondents to review, evaluate, and remediate their supervisory and compliance controls and procedures regarding electronic communications.
CFTC Commissioner Kristin Johnson in her statement (click here) observed that communications technology is evolving quickly and the penalties emphasize “the need for our market participants to address imminent operational challenges. Employees’ increased reliance on simple, easy-to-access but unauthorized chat and text platforms will pose a significant challenge for many types of entities operating in our markets.
Internal compliance programmes must adopt controls consistent with this new landscape. Firms must inculcate a culture of compliance at all levels of their organization to mitigate the risks posed by unauthorized use of chat and text platforms.”
RegTrail reviewed several of the underlying CFTC and SEC enforcement decisions and provide key takeaways below. While many energy and commodity firms are not regulated, the use of communication applications in the energy and commodity sector such as iMessage in the USA, WhatsApp, Signal, Telegram in Europe, and WeChat and Line in Asia is prevalent.
Many firms are now exploring and implementing technology to record these applications even if they are not regulated as investment firms. As RegTrail has noted previously, it only takes one investigation where a regulated investment firm such as a broker-dealer is communicating to a non-regulated investment firm e.g. energy and commodity firm to loop both firms into the investigation and the inevitable regulatory spotlight.
Below are the CFTC and SEC remediation requirements stipulated for each of the defendants to conclude within five months. Where appropriate, we recommend reviewing and benchmarking these with your current compliance programmes.
a. Review policies and procedures on the use of electronic communications
A comprehensive review of a firm’s supervisory, compliance, and other policies and procedures designed to ensure that the firm’s electronic communications, including those found on personal electronic devices, including without limitation, cellular phones (“Personal Devices”), are preserved in accordance with the requirements of the Act, the Regulations, and the firm’s policies and procedures.
b. Conduct Training and Quarterly Certification in writing
A comprehensive review of training conducted by the firm to ensure swap dealer and FCM personnel are complying with the requirements regarding the preservation of electronic communications, including those found on Personal Devices, in accordance with the requirements of the Act and the Regulations, and the firm’s policies and procedures, including by ensuring that the firm’s swap dealer and FCM personnel certify in writing on a quarterly basis that they are complying with preservation requirements.
c. Assess Surveillance Programme Capabilities
An assessment of the surveillance programme measures implemented by the firm to ensure compliance, on an ongoing basis, with the requirements found in the Act, the Regulations, and the firm’s swap dealer and FCM policies and procedures to preserve electronic communications, including those found on Personal Devices.
d. Monitor Employee Usage Activity of Technology solutions to record electronic communications
An assessment of the technological solutions that the firm has begun implementing to meet the record retention requirements of the Act, the Regulations, and the firm’s policies and procedures, including an assessment of the likelihood that the firm’s swap dealer and FCM personnel will use the technological solutions going forward and a review of the measures employed by the firm to track employee usage of new technological solutions.
RegTrail InsightsThere are many ways to track employee activity. Industry good practice includes providing reports to Compliance on the following metrics:
By tracking the above three metrics and using visualisation tools such as PowerBI, Compliance can generate alerts when there is a significant drop in a trader’s usual activity e.g. alert when number of messages sent per day decreases 20% from the last rolling 7 day average.
e. Assess measures to prevent use of unauthorised communication methods
An assessment of the measures used by the firm to prevent the use of unauthorised communications methods for business communications by swap dealer and FCM personnel. This assessment should include, but not be limited to, a review of the firm’s policies and procedures to ascertain if they provide for any significant technology and/or behavioural restrictions that help prevent the risk of the use of unapproved communications methods on Personal Devices (e.g., trading floor restrictions).
f. Review of E-comm’s Surveillance lexicons used to monitor communications on personal devices
A review of the firm’s electronic communications surveillance routines to ensure that electronic communications through approved communications methods found on Personal Devices are incorporated into the firm’s overall swap dealer and FCM communications surveillance programme.
g. Review framework for enforcing non-compliance of a firm’s policies and procedures
A comprehensive review of the framework adopted by the firm to address instances of non-compliance by the firm’s swap dealer and FCM employees with the firm’s policies and procedures concerning the use of Personal Devices to communicate about the firm’s business in the past. This review shall include a survey of how the firm determined which employees failed to comply with the firm’s policies and procedures, the corrective action carried out, an evaluation of who violated policies and why, what penalties were imposed, and whether penalties were handed out consistently across business lines and seniority levels.
Take a short tour of the RegTrail Insights Platform with a free trial for a limited time.
-Aug-01-2025-10-54-18-1536-AM.png)
