.svg)
US regulators have slapped Wells Fargo, BNP Paribas, Société Générale and other large banks with a combined $550m fine for using WhatsApp to discuss business matters, and called for cultural change among C-suite bankers.
The Securities and Exchange Commission (SEC) said its investigation uncovered “pervasive” and “longstanding” off-channel communications at 11 firms and issued combined penalties of $289m.
In a separate probe, the Commodity Futures Trading Commission (CFTC) issued a further $260m in fines on seven of the same firms.
The fines were imposed on three Wells Fargo-owned firms, BNP Paribas, Société Générale, Bank of Montreal, Mizuho Securities, Houlihan Lokey Capital, Moelis & Company, Wedbush Securities and SMBC Nikko.
According to the SEC, the firms admitted that from at least 2019 their employees communicated business matters through various messaging platforms on their personal devices, including iMessage, WhatsApp and Signal.
The failures involved employees at multiple levels of authority, including supervisors and senior executives.
The SEC said it involved “widespread” and “longstanding” malpractice which “likely deprived” the regulator of communications in various investigations and undermined the SEC’s ability to exercise effective regulatory oversight.
The SEC and the CFTC together have imposed $2.6bn in fines on more than 30 companies in the past for the misuse of personal messaging apps, underscoring the extent of how widespread this issue has been at financial institutions.
In December 2021, the agencies handed out a $200m fine on J.P. Morgan, the first bank to receive a fine for this misconduct.
That announcement was followed by a $1.8bn penalty imposed on 11 large banks in September 2022 and a further $68m fine on HSBC and Scotia Capital in May.
Gurbir Grewal, director of the SEC’s Division of Enforcement, warned that compliance with recordkeeping requirements is “essential” to investor protection and these penalties will help “drive this foundational message home”.
“While some broker-dealers and investment advisers have heeded this message, self-reported violations, or improved internal policies and procedures, today’s actions remind us that many still have not,” Grewal added.
“So here are three takeaways for those firms who haven’t yet done so: self-report, cooperate and remediate."
“If you adopt that playbook, you’ll have a better outcome than if you wait for us to come calling.”
A spokesperson for Wells Fargo said the company is pleased to resolve this matter.
VIXIO reached out to the other companies but they either declined to comment or did not reply by the time of publication.
Tip of the iceberg and the need for cultural change
In an accompanying statement, CFTC commissioner Kristin Johnson pointed out that in addition to obstructing regulatory oversight, the use of social media and chat-based apps may have cybersecurity implications.
According to Johnson, “toggling between authorised and unauthorised communications tools” and engaging with confidential and protected information outside of the bank’s compliance infrastructure can create cybersecurity and privacy threats.
These threats not only impact customers, but also banks and bank-affiliated entities and their employees.
She noted that the investigations show “an alarming trend” and the fact that most of these failures were discovered by the regulators through a sampling process suggests that the uncovered violations are the “proverbial tip of the iceberg”.
CFTC commissioner Christy Goldsmith Romero pointed out that it is the responsibility of the top level of bank management to ensure compliance.
“It was well known within these banks that their internal policies were being flagrantly violated in practice. But no one stopped it,” Goldsmith Romero wrote.
“Tone at the top dictates a bank’s culture and that tone must change on Wall Street and large foreign banks.”
“The tone at the top the CFTC found was one of evasion, keeping regulators in the dark. Change can only happen if the bank’s C-suite establishes a culture of compliance over evasion,” Goldsmith Romero said.
