In an effort to build a zero-tolerance culture around non-compliance, the Securities and Exchange Commission (SEC) has recently set out the factors used to determine fine sizes against firms, a move that is symbolic of the wider shift in regulatory messaging towards cracking down on firms neglecting the need to preserve their communications.
On the case-by-case
Sanjay Wadhwa, the Deputy Director of the Enforcement Division at the SEC, outlined these key considerations at the SEC Speaks 2024 event. Wadhwa first emphasized that all investigations are based on an individualized assessment of the firm in question to ensure the penalty is suited to the company’s size, analyzing revenue and employee headcount.
Within the scope of recordkeeping and off-channel communications violations, the regulator looks to understand how many employees communicated using off-channel communications, and how many communications of this nature were exchanged. Though there is no direct correlation between this and the charges imposed, it is definitely important for the regulator to consider to understand the extent of the damage done.
The SEC also assesses mitigating factors like the firm’s efforts to be compliant in general, and whether they have adopted meaningful technology or solid third-party vendor compliance solutions in a timely manner. A recurring and prominent theme when the SEC looks to impose fines is self-reporting and cooperation following the charge, and evidence that firms have leant into the need for accountability.
It comes with the territory
Accountability and transparency have become a running theme within the regulatory space, as they switch gears to encourage more firms to implement “by the book” recordkeeping and look to build public trust.
Whilst the SEC has taken on this route, the Financial Conduct Authority (FCA) has also recently outlined that it will adopt a new “name-and-shame” approach that will keep firms on their toes. This “bad-cop” style rhetoric has created waves in the finance space, with the announcement being met with hesitation and concern from some.
However, the regulator has clearly set its intentions, clarifying that their real motive is to inspire a wave of changed behavior throughout the industry and highlight red flags. In an effort to counter concerns of potential media sensationalism and reputational harm from “calling out” firms under investigation, the FCA suggests the new approach provides firms with the opportunity to “own the narrative” by being seen to cooperate with investigations and by publicizing if they are concluded without charge. This new approach aims to prove to the public and the industry that regulators are taking a firmer stance on non-compliance. Firms must now be wary that when they violate regulations, they will be held publicly accountable.
Keeping records > breaking records
This growing regulatory trend towards maximum accountability has been evident throughout fiscal year 2023, where the SEC once again broke enforcement records. The Commission filed a total of 784 enforcement actions and barred 133 individuals from serving as officers and directors of public companies – the highest obtained in a decade. Though record breaking often denotes positive achievements, this is a bittersweet win for the regulator, as it shows that many firms and individuals are still committing regulatory violations – and how even the most transparent messaging might not be sinking in.
Following on in the theme of deterrence, particular notice is also given to repeat offenders such as Goldman Sachs, with the firm being fined twice in a space of six years for losing communication records. The firm was fined by the CFTC in 2014 and later in 2020, spurring the need for increased penalties for those who take no action to make change. It is fast becoming clear that investing in robust technology to prevent the recurrence of issues and ensure the preservation of all records is necessary in this era of regulatory crackdowns.
Are firms getting the message on off-channel comms?
Regulatory investigations and enforcements for off-channel communications dominate the news, with a string of high-profile firms failing to conform to regulatory rules and adequate recordkeeping, facing six-figure fines. Examples of this include:
- In 2023 the SEC charged 11 firms a collective of $289 million in penalties for digital communication failures using channels such as iMessage and Whatsapp for business communications. A major turning point, as regulators began making a clear statement against using Whatsapp to discuss business
- Senvest, registered investment adviser, fined $6.5 million by the SEC on April 3, 2024, for failure to preserve electronic communications and failing to enforce a code of ethics in obtaining a pre-clearance for all securities transactions
- Citigroup, investment bank, fined $2.9 million by the SEC for violating recordkeeping requirements, using an unverified method to calculate indirect expenses
- JP Morgan, multinational financial institution, fined $4 million by SEC for accidentally deleting 47 million emails from early 2018. The firm has now implemented a 36-month retention code to avoid this happening again
The SEC and FCA have gone beyond sharing cautionary tales to deter firms from breaking regulatory rules. Organizations now know exactly when and why regulators will pursue them for off-channel communications and recordkeeping lapses. As regulators look to increase their own transparency and accountability, firms that fail to prioritize abiding by this credo must understand there is more at stake than just a monetary loss.
