Skip to main content

SEC Probes Recordkeeping Lapses Arising from Use of Personal Emails and Messaging

Kelly Ruane Melchiondo
Blog ImageIn the last few weeks, several major U.S. financial institutions have disclosed to investors that the United States Securities and Exchange Commission (“SEC”) and/or the Commodities Future Trading Commission (“CFTC”) are investigating the institutions’ employees’ alleged use of unapproved messaging methods, including personal texts and emails, to conduct official business.  

In late February, Goldman Sachs advised investors that it was cooperating with an SEC probe over “business communications sent over electronic messaging channels.” In its annual report several days later, Citigroup, Inc. disclosed that Citigroup Global Markets, Inc., the bank’s securities arm, is “cooperating” while the SEC investigates its employees’ “compliance with record-keeping obligations for broker-dealers” in connection with “business-related communications sent over unapproved messaging channels.”  And finally, HSBC Holdings, PLC warned in its annual report that the CFTC is investigating its employees’ use of “non-HSBC approved messaging platforms for business communications.” 

These three disclosures come nearly three months after the SEC and CFTC fined JP Morgan Chase & Co. nearly $200 million for recordkeeping violations that stemmed from “widespread” employee use of personal text messages and email that were not preserved- violating federal regulatory recordkeeping requirements for securities broker-dealers.  In the case of JP Morgan & Chase, “widespread” meant that over 100 employees, at all levels of the company, sent tens of thousands of text and WhatsApp messages, and personal email, from January 2018 through November 2020.  The SEC alleged that the lack of adequate recordkeeping hampered several SEC investigations.  

Federal financial institutions regulators such as the SEC have long required securities broker-dealers to not only closely monitor their employees’ business communications, but to retain them.  Financial institutions have found monitoring and preservation to be increasingly more difficult with the proliferation of personal email and text messaging services.  The COVID-19 pandemic and Work from Home policies further complicated institutions’ oversight of their employees’ activities.  Regulated entitles have responded to what is perceived to be an SEC crackdown on personal communications by monitoring employees’ messaging apps, or asking employees for access to their personal devices for the sake of recordkeeping.

Email and text messaging are here to stay.  While the SEC’s and CFTC’s probes pertain to financial institutions with mandatory recordkeeping requirements, the investigations should serve as a reminder to all employers to be aware of how employees are using, transmitting or receiving data.  From a data privacy, security, and even e-discovery perspective, employers should discourage their employees—in any industry—from using their personal devices, email, and messaging accounts to conduct work. When there may be uncertainty as to the optimal policies and procedures required to help avert legal exposure, companies should consult competent counsel.
YOU MIGHT ALSO LIKE
Blog September 24, 2024
In a recent federal case from New York, the court dealt a blow to plaintiffs suing over data breaches. The plaintiffs had filed a putative class action suit, alleging that they (and others like them) had been harmed by the alleged exposure of their personal and financial information due to a March 2...
Speaking Engagement September 12, 2024
Philip R. Stein speaks on the panel Don’t Be a Dinosaur! Staying Current on Corporate Governance Developmentsat the ACC South Florida 14th Annual CLE Conference. The session focuses on the significant developments in Florida and Delaware corporate governance law, focusing on the most salient n...
Privacy Portal Blog March 21, 2024
On March 18, 2024, the Securities and Exchange Commission (SEC) entered into settlements with two companies, which agreed to pay significant civil penalties for “AI Washing.” AI Washing entails making false statements regarding the use of artificial intelligence technology. The enforceme...
VIEW MORE