The Office of Gas and Electricity Markets (Ofgem) has issued a £5.4million ($6.8 million) fine against Morgan Stanley & Co. International for “failure to record and retain electronic trading communications”, which included Morgan Stanley traders’ use of personal WhatsApp accounts to discuss trading business.
The fine is the first of its kind in the UK under REMIT regulations that aim to safeguard the integrity and transparency of energy markets, and comes amid a regulatory environment that is turning up the heat on non-compliance and off-channel communications.
WhatsAppened?
The summary of the case from Ofgem details that, between January 2018 and March 2020, Morgan Stanley was found not to be “recording and retaining electronic communications” relating to wholesale energy product trading. The breach emerged following Ofgem submitting a request for information to Morgan Stanley – a request it was unable to fulfil.
It emerged that Morgan Stanley traders had been using private WhatsApp accounts to discuss transactions during this period. Because these took place on non-monitored personal channels, Morgan Stanley was unable to supply these conversations to Ofgem. Thus, they were non-compliant with “legal requirements to record and retain electronic communications relating to trading wholesale energy products.”
Well within Ofgem’s REMIT
The requirements in question are part of the EU’s Regulation on Wholesale Energy Market Integrity and Transparency (REMIT) framework, which has been adopted in the UK post-Brexit. These rules are designed to ensure market and transparency, and to protect consumers by enabling Ofgem to investigate and sanction insider trading and market manipulation.
This case marks the first ever fine issued in the UK under the REMIT framework, and is also the first instance of UK regulators pursuing off-channel communications enforcements, something we have seen US regulators increase the tempo of recently. Last year, the UK’s Financial Conduct Authority (FCA) told City AM that it was investigating a number of City firms for their use of personal devices. It will come as a surprise, then, that the first action we see is from Ofgem and not the financial regulators.
Cathryn Scott, Regulatory Director of Enforcement and Emerging Issues at Ofgem, said:
“This fine sends a strong message to market participants that they must comply with all REMIT rules or face enforcement action. It is unacceptable that MSIP failed to prevent electronic communications which could not be recorded or retained. It risks a significant compromise of the integrity and transparency of wholesale energy markets.”
Scott’s stance and use of firm language mirrors recent regulatory proclamations, showing that regulators may be getting increasingly fed up with organizations not taking appropriate, proactive steps on non-compliance. Whatever the reason that regulation exists, be it to protect consumers or the markets themselves, Ofgem and other bodies will not hesitate to use those regulations under the maxim that ‘the best defence is a good offence’.
Learning the hard way
One of the more curious aspects of this case is that Morgan Stanley knows from experience what the outcomes for off-channel communications and inadequate recordkeeping can be. In 2022, Morgan Stanley reached a settlement of $200 million with US regulators around employees using non-approved messaging applications and a failure to maintain and preserve communications records.
In the wake of that settlement, Morgan Stanley made headlines by implementing a system of internal fines to proactively police off-channel communications. The fines, which rose up to $1 million for some staff, were structured around factors including seniority, the number of infractions, and whether employees had received prior warnings for off-channel communications.
And yet we find ourselves once again in a situation where Morgan Stanley (MSIP) has been fined for staff using personal WhatsApp accounts to discuss business. Ofgem’s summary acknowledges that “MSIP had policies in place which prohibited the use of WhatsApp for trading communications”, but:
“MSIP did not take sufficient reasonable steps to ensure compliance with its own policies and the requirements of the regulations.”
Having policies and procedures in place to ensure communications compliance is one thing, but ensuring that employees adhere to those policies is another challenge entirely, and requires a consistent, concerted effort to instil compliance-positive culture throughout an organization. Cathryn Scott’s comments on the case state:
“We welcome the steps MSIP has taken to ensure the breaches do not happen again.”
While we have seen that Morgan Stanley are willing to implement policies to curb non-compliant communications, like personal fines for employees, it will be interesting to see what steps it will be putting in place in the wake of the Ofgem action.
A proactive step that Morgan Stanley did take in this instance was to work with Ofgem to settle the case. Reports indicate that the fine could have been up to £7.7 million, but by agreeing to settle, the bank received a 30% reduction in the penalty. We have seen regulators urging organizations to come forward and work with them when there is an issue in order to secure a better outcome, rather than wait for the regulatory boot to drop, and this case seems to be partial proof of that principle.
While we might seem to have entered an era of ‘personal liability’ for off-channel communications, with incidences of individuals receiving personal fines for personal mobile phone use for business communications, it’s clear that regulators still have (increasingly) high expectations of firms themselves when it comes to communications compliance. While this might be an ignominious first case of its kind in the UK, it almost certainly won’t be the last – as is often the case, financial regulators may be next to act. Organizations need to make sure they get the message on communications compliance – before the regulator comes calling.
